Skip to content

S
slapos.core
Commit 15436030 authored by Romain Courteaud's avatar Romain Courteaud
Browse files
Options

Give shadow access on persons.

parent 2d44c829
Hide whitespace changes
Inline Side-by-side
Showing with 116 additions and 3 deletions
master/bt5/slapos_erp5/LocalRolesTemplateItem/person_module.xml
View file @ 15436030
......@@ -7,6 +7,9 @@
<role id='R-MEMBER'>
<item>Auditor</item>
</role>
<role id='R-SHADOW-PERSON'>
<item>Auditor</item>
</role>
<role id='zope'>
<item>Owner</item>
</role>
......
master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person%20Module.xml
View file @ 15436030
......@@ -9,4 +9,9 @@
<multi_property id='category'>role/member</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Person Shadow</property>
<multi_property id='category'>role/shadow/person</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
</type_roles>
\ No newline at end of file
master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person.xml
View file @ 15436030
......@@ -4,9 +4,17 @@
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor'>
<property id='title'>The Shadow User Himself</property>
<property id='description'>Monovalued role</property>
<property id='condition'>python: here.getReference('') != ''</property>
<property id='base_category_script'>PersonType_getSecurityCategoryFromSelfShadow</property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Associate'>
<property id='title'>The User Himself</property>
<property id='description'>Monovalued role</property>
<property id='condition'>python: here.getReference('') != ''</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property>
<multi_property id='base_category'>group</multi_property>
</role>
......
master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_core/PersonType_getSecurityCategoryFromSelfShadow.xml 0 → 100644
View file @ 15436030
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
This script returns a list of dictionaries which represent\n
the security groups which a person is member of. It extracts\n
the categories from the current content and associates\n
it to a given base_category. It is useful in the\n
following cases:\n
\n
- calculate a security group based current object \n
in the context of a base category (ex. source_project).\n
This is used for example in ERP5 DMS to calculate\n
project security.\n
\n
The parameters are\n
\n
base_category_list -- list of category values we need to retrieve\n
user_name -- string obtained from getSecurityManager().getUser().getId()\n
object -- object which we want to assign roles to\n
portal_type -- portal type of object\n
\n
NOTE: for now, this script requires proxy manager\n
"""\n
\n
category_list = []\n
\n
if obj is None:\n
return []\n
\n
return {\'Auditor\': [\'SHADOW-%s\' % obj.getReference()]}\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, obj, portal_type</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>PersonType_getSecurityCategoryFromSelfShadow</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
master/bt5/slapos_erp5/TestTemplateItem/testSlapOSERP5GroupRoleSecurity.py
View file @ 15436030
......@@ -440,19 +440,22 @@ class TestPerson(TestSlapOSGroupRoleSecurityMixin):
reference=reference)
person.updateLocalRolesOnSecurityGroups()
shadow_reference = 'SHADOW-%s' % reference
self.assertSecurityGroup(person,
['G-COMPANY', self.user_id, reference], False)
['G-COMPANY', self.user_id, reference, shadow_reference], False)
self.assertRoles(person, 'G-COMPANY', ['Assignor'])
self.assertRoles(person, reference, ['Associate'])
self.assertRoles(person, shadow_reference, ['Auditor'])
self.assertRoles(person, self.user_id, ['Owner'])
class TestPersonModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.person_module
self.assertSecurityGroup(module,
['G-COMPANY', 'R-MEMBER', 'zope'], False)
['G-COMPANY', 'R-MEMBER', 'zope', 'R-SHADOW-PERSON'], False)
self.assertRoles(module, 'R-MEMBER', ['Auditor'])
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
self.assertRoles(module, 'zope', ['Owner'])
class TestPresentation(TestSlapOSGroupRoleSecurityMixin):
......
master/bt5/slapos_erp5/bt/revision
View file @ 15436030
138
\ No newline at end of file
139
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7