Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Roque
slapos.core
Commits
8f9a4ffd
Commit
8f9a4ffd
authored
Jun 29, 2023
by
Rafael Monnerat
Browse files
Options
Browse Files
Download
Plain Diff
slapos_slap_tool: No need revoke, only invalidate login is enough
See merge request
nexedi/slapos.core!548
parents
b67509f5
fcfda1e9
Changes
12
Show whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
241 additions
and
28 deletions
+241
-28
master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Certificate%20Login.xml
..._erp5/PortalTypeRolesTemplateItem/Certificate%20Login.xml
+7
-0
master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromParentContentParent.py
...re/ERP5Type_getSecurityCategoryFromParentContentParent.py
+36
-0
master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromParentContentParent.xml
...e/ERP5Type_getSecurityCategoryFromParentContentParent.xml
+70
-0
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSCodingStyle.py
...Item/portal_components/test.erp5.testSlapOSCodingStyle.py
+1
-0
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
...l_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+19
-0
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.py
...testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.py
+9
-0
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.xml
...estSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.xml
+3
-24
master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_SoftwareInstance_edit.xml
...nteraction_workflow/interaction_SoftwareInstance_edit.xml
+1
-0
master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/script_Base_updateAllChildrenLocalRoles.py
...ction_workflow/script_Base_updateAllChildrenLocalRoles.py
+6
-0
master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/script_Base_updateAllChildrenLocalRoles.xml
...tion_workflow/script_Base_updateAllChildrenLocalRoles.xml
+76
-0
master/bt5/slapos_slap_tool/TestTemplateItem/portal_components/test.erp5.testSlapOSSlapTool.py
...ateItem/portal_components/test.erp5.testSlapOSSlapTool.py
+10
-2
master/bt5/slapos_slap_tool/ToolComponentTemplateItem/portal_components/tool.erp5.SlapTool.py
...onentTemplateItem/portal_components/tool.erp5.SlapTool.py
+3
-2
No files found.
master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Certificate%20Login.xml
View file @
8f9a4ffd
<type_roles>
<role
id=
'Assignor'
>
<property
id=
'title'
>
Compute Node
</property>
<property
id=
'condition'
>
python: here.getParentValue().getPortalType() in ( "Software Instance",)
</property>
<property
id=
'base_category_script'
>
ERP5Type_getSecurityCategoryFromParentContentParent
</property>
<multi_property
id=
'categories'
>
local_role_group/computer
</multi_property>
<multi_property
id=
'base_category'
>
aggregate
</multi_property>
</role>
<role
id=
'Assignee'
>
<property
id=
'title'
>
The User Himself
</property>
<property
id=
'condition'
>
python: here.getParentValue().getPortalType() in ("Person", "Software Instance", "Compute Node")
</property>
...
...
master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromParentContentParent.py
0 → 100644
View file @
8f9a4ffd
"""
This script returns a list of dictionaries which represent
the security groups which a person is member of. It extracts
the categories from the current content. It is useful in the
following cases:
- calculate a security group based on a given
category of the current object (ex. group). This
is used for example in ERP5 DMS to calculate
document security.
- assign local roles to a document based on
the person which the object related to through
a given base category (ex. destination). This
is used for example in ERP5 Project to calculate
Task / Task Report security.
The parameters are
base_category_list -- list of category values we need to retrieve
user_name -- string obtained from getSecurityManager().getUser().getId()
object -- object which we want to assign roles to
portal_type -- portal type of object
NOTE: for now, this script requires proxy manager
"""
category_list
=
[]
if
obj
is
None
:
return
[]
for
base_category
in
base_category_list
:
category_list
.
append
({
base_category
:
[
x
.
getParentValue
().
getRelativeUrl
()
for
x
in
obj
.
getParentValue
().
getValueList
(
base_category
)]})
return
category_list
master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/ERP5Type_getSecurityCategoryFromParentContentParent.xml
0 → 100644
View file @
8f9a4ffd
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"PythonScript"
module=
"Products.PythonScripts.PythonScript"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
_bind_names
</string>
</key>
<value>
<object>
<klass>
<global
name=
"_reconstructor"
module=
"copy_reg"
/>
</klass>
<tuple>
<global
name=
"NameAssignments"
module=
"Shared.DC.Scripts.Bindings"
/>
<global
name=
"object"
module=
"__builtin__"
/>
<none/>
</tuple>
<state>
<dictionary>
<item>
<key>
<string>
_asgns
</string>
</key>
<value>
<dictionary>
<item>
<key>
<string>
name_container
</string>
</key>
<value>
<string>
container
</string>
</value>
</item>
<item>
<key>
<string>
name_context
</string>
</key>
<value>
<string>
context
</string>
</value>
</item>
<item>
<key>
<string>
name_m_self
</string>
</key>
<value>
<string>
script
</string>
</value>
</item>
<item>
<key>
<string>
name_subpath
</string>
</key>
<value>
<string>
traverse_subpath
</string>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
base_category_list, user_name, obj, portal_type
</string>
</value>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
<value>
<tuple>
<string>
Manager
</string>
</tuple>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
ERP5Type_getSecurityCategoryFromParentContentParent
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSCodingStyle.py
View file @
8f9a4ffd
...
...
@@ -296,6 +296,7 @@ def makeTestSlapOSCodingStyleTestCase(tested_business_template):
'slapos_core/ERP5Type_getSecurityCategoryFromAggregateRelatedSoftwareInstanceInstanceTree'
,
'slapos_core/ERP5Type_getSecurityCategoryFromChildAssignmentList'
,
'slapos_core/ERP5Type_getSecurityCategoryFromContentParent'
,
'slapos_core/ERP5Type_getSecurityCategoryFromParentContentParent'
,
'slapos_core/ERP5Type_getSecurityCategoryFromParent'
,
'slapos_core/ERP5Type_getSecurityCategoryMapping'
,
'slapos_core/Event_getSecurityCategoryFromMovementFollowUpAggregateComputeNodeDestinationSection'
,
...
...
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
View file @
8f9a4ffd
...
...
@@ -724,6 +724,25 @@ class TestERP5Login(TestSlapOSGroupRoleSecurityMixin):
class
TestCertificateLogin
(
TestERP5Login
):
login_portal_type
=
"Certificate Login"
def
test_ComputeNodeCanAccessSoftwareInstanceLoginDocument
(
self
):
software_instance
=
self
.
portal
.
software_instance_module
.
newContent
(
portal_type
=
'Software Instance'
)
login
=
software_instance
.
newContent
(
portal_type
=
self
.
login_portal_type
)
compute_node_reference
=
'TESTCOMP-%s'
%
self
.
generateNewId
()
compute_node
=
self
.
portal
.
compute_node_module
.
template_compute_node
\
.
Base_createCloneDocument
(
batch_mode
=
1
)
compute_node
.
edit
(
reference
=
compute_node_reference
)
partition
=
compute_node
.
newContent
(
portal_type
=
'Compute Partition'
)
software_instance
.
edit
(
aggregate
=
partition
.
getRelativeUrl
())
compute_node
.
updateLocalRolesOnSecurityGroups
()
software_instance
.
updateLocalRolesOnSecurityGroups
()
login
.
updateLocalRolesOnSecurityGroups
()
self
.
assertSecurityGroup
(
login
,
[
self
.
user_id
,
software_instance
.
getUserId
(),
compute_node
.
getUserId
()],
False
)
self
.
assertRoles
(
login
,
software_instance
.
getUserId
(),
[
'Assignee'
])
self
.
assertRoles
(
login
,
self
.
user_id
,
[
'Owner'
])
self
.
assertRoles
(
login
,
compute_node
.
getUserId
(),
[
'Assignor'
])
class
TestGoogleLogin
(
TestERP5Login
):
login_portal_type
=
"Google Login"
...
...
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.py
View file @
8f9a4ffd
...
...
@@ -232,9 +232,15 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
software_instance
=
self
.
portal
.
software_instance_module
.
newContent
(
portal_type
=
'Software Instance'
,
specialise
=
instance_tree
.
getRelativeUrl
())
certificate_login
=
software_instance
.
newContent
(
portal_type
=
'Certificate Login'
)
self
.
assertSecurityGroup
(
software_instance
,
[
self
.
user_id
,
'G-COMPANY'
,
instance_tree
.
getReference
()],
False
)
self
.
assertSecurityGroup
(
certificate_login
,
[
self
.
user_id
,
software_instance
.
getUserId
()],
False
)
compute_node
=
self
.
portal
.
compute_node_module
.
template_compute_node
\
.
Base_createCloneDocument
(
batch_mode
=
1
)
...
...
@@ -250,6 +256,9 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
compute_node
.
getUserId
(),
instance_tree
.
getReference
()],
False
)
self
.
assertSecurityGroup
(
partition
,
[
self
.
user_id
,
instance_tree
.
getReference
()],
True
)
self
.
assertSecurityGroup
(
certificate_login
,
[
self
.
user_id
,
compute_node
.
getUserId
(),
software_instance
.
getUserId
()],
False
)
def
test_SlaveInstance_setSpecialise
(
self
):
slave_instance
=
self
.
portal
.
software_instance_module
.
newContent
(
...
...
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.xml
View file @
8f9a4ffd
...
...
@@ -6,12 +6,6 @@
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
_recorded_property_dict
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAI=
</string>
</persistent>
</value>
</item>
<item>
<key>
<string>
default_reference
</string>
</key>
<value>
<string>
testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow
</string>
</value>
...
...
@@ -55,28 +49,13 @@
<item>
<key>
<string>
workflow_history
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
M
=
</string>
</persistent>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
I
=
</string>
</persistent>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"2"
aka=
"AAAAAAAAAAI="
>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
data
</string>
</key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"3"
aka=
"AAAAAAAAAAM="
>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
...
...
@@ -89,7 +68,7 @@
<item>
<key>
<string>
component_validation_workflow
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
Q
=
</string>
</persistent>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
M
=
</string>
</persistent>
</value>
</item>
</dictionary>
...
...
@@ -98,7 +77,7 @@
</dictionary>
</pickle>
</record>
<record
id=
"
4"
aka=
"AAAAAAAAAAQ
="
>
<record
id=
"
3"
aka=
"AAAAAAAAAAM
="
>
<pickle>
<global
name=
"WorkflowHistoryList"
module=
"Products.ERP5Type.Workflow"
/>
</pickle>
...
...
master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_SoftwareInstance_edit.xml
View file @
8f9a4ffd
...
...
@@ -11,6 +11,7 @@
<value>
<tuple>
<string>
after_script/portal_workflow/local_permission_slapos_interaction_workflow/script_Base_updateAllLocalRoles
</string>
<string>
after_script/portal_workflow/local_permission_slapos_interaction_workflow/script_Base_updateAllChildrenLocalRoles
</string>
</tuple>
</value>
</item>
...
...
master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/script_Base_updateAllChildrenLocalRoles.py
0 → 100644
View file @
8f9a4ffd
"""
This script updates all local roles on sub-objects. It requires Assignor
proxy role since it may be called by owner in draft state.
"""
for
child
in
state_change
[
'object'
].
contentValues
():
child
.
updateLocalRolesOnSecurityGroups
()
master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/script_Base_updateAllChildrenLocalRoles.xml
0 → 100644
View file @
8f9a4ffd
<?xml version="1.0"?>
<ZopeData>
<record
id=
"1"
aka=
"AAAAAAAAAAE="
>
<pickle>
<global
name=
"Workflow Script"
module=
"erp5.portal_type"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
_bind_names
</string>
</key>
<value>
<object>
<klass>
<global
name=
"_reconstructor"
module=
"copy_reg"
/>
</klass>
<tuple>
<global
name=
"NameAssignments"
module=
"Shared.DC.Scripts.Bindings"
/>
<global
name=
"object"
module=
"__builtin__"
/>
<none/>
</tuple>
<state>
<dictionary>
<item>
<key>
<string>
_asgns
</string>
</key>
<value>
<dictionary>
<item>
<key>
<string>
name_container
</string>
</key>
<value>
<string>
container
</string>
</value>
</item>
<item>
<key>
<string>
name_context
</string>
</key>
<value>
<string>
context
</string>
</value>
</item>
<item>
<key>
<string>
name_m_self
</string>
</key>
<value>
<string>
script
</string>
</value>
</item>
<item>
<key>
<string>
name_subpath
</string>
</key>
<value>
<string>
traverse_subpath
</string>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
state_change
</string>
</value>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
<value>
<tuple>
<string>
Assignor
</string>
</tuple>
</value>
</item>
<item>
<key>
<string>
description
</string>
</key>
<value>
<none/>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
script_Base_updateAllChildrenLocalRoles
</string>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
master/bt5/slapos_slap_tool/TestTemplateItem/portal_components/test.erp5.testSlapOSSlapTool.py
View file @
8f9a4ffd
...
...
@@ -1954,14 +1954,22 @@ class TestSlapOSSlapToolInstanceAccess(TestSlapOSSlapToolMixin):
self
.
_makeComplexComputeNode
()
partition_id
=
self
.
destroy_requested_software_instance
.
getAggregateValue
(
portal_type
=
'Compute Partition'
).
getReference
()
ssl_key
=
self
.
destroy_requested_software_instance
.
getSslKey
()
ssl_cert
=
self
.
destroy_requested_software_instance
.
getSslCertificate
()
self
.
login
(
self
.
destroy_requested_software_instance
.
getUserId
())
response
=
self
.
portal_slap
.
destroyedComputerPartition
(
self
.
compute_node_id
,
partition_id
)
self
.
assertEqual
(
'None'
,
response
)
self
.
assertEqual
(
'invalidated'
,
self
.
destroy_requested_software_instance
.
getValidationState
())
self
.
assertEqual
(
None
,
self
.
destroy_requested_software_instance
.
getSslKey
())
self
.
assertEqual
(
None
,
self
.
destroy_requested_software_instance
.
getSslCertificate
())
certificate_login_list
=
self
.
destroy_requested_software_instance
.
objectValues
(
portal_type
=
"Certificate Login"
)
self
.
assertEqual
(
1
,
len
(
certificate_login_list
))
self
.
assertEqual
(
"invalidated"
,
certificate_login_list
[
0
].
getValidationState
())
self
.
assertEqual
(
ssl_key
,
self
.
destroy_requested_software_instance
.
getSslKey
())
self
.
assertEqual
(
ssl_cert
,
self
.
destroy_requested_software_instance
.
getSslCertificate
())
def
assertInstanceRequestSimulator
(
self
,
args
,
kwargs
):
stored
=
eval
(
open
(
self
.
instance_request_simulator
).
read
())
#pylint: disable=eval-used
...
...
master/bt5/slapos_slap_tool/ToolComponentTemplateItem/portal_components/tool.erp5.SlapTool.py
View file @
8f9a4ffd
...
...
@@ -890,10 +890,11 @@ class SlapTool(BaseTool):
compute_partition_id
)
if
instance
.
getSlapState
()
==
'destroy_requested'
:
# remove certificate from SI
instance
.
revokeCertificate
()
if
instance
.
getValidationState
()
==
'validated'
:
instance
.
invalidate
()
for
login
in
instance
.
objectValues
(
portal_type
=
"Certificate Login"
):
if
login
.
getValidationState
()
==
'validated'
:
login
.
invalidate
()
@
convertToREST
def
_setComputePartitionConnectionXml
(
self
,
compute_node_id
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment