Commit fd87d5ca authored by Rafael Monnerat's avatar Rafael Monnerat

slapos_erp5: Allow members of the same project "see" each other

    This is required mostly to be able to edit parameters on the Hosting Subscription shared by others users.

    This feature, also allow us list "Project Members" in futures, to know it the invitations were used by proper users.
parent 24e1810d
......@@ -5,6 +5,12 @@
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Project Member can see each other</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromChildAssignmentList</property>
<multi_property id='categories'>local_role_group/project</multi_property>
<multi_property id='base_category'>destination_project</multi_property>
</role>
<role id='Auditor'>
<property id='title'>The Shadow User Himself</property>
<property id='description'>Monovalued role</property>
......
"""
This script returns a list of dictionaries which represent
the security groups which a person is member of. It extracts
the categories from the current content. It is useful in the
following cases:
- calculate a security group based on a given
category of all Assifbment subobjects (ex. destination_project). This
is used for example in ERP5 to calculate
security of person objects so that members
of the same project can view each other.
The parameters are
base_category_list -- list of category values we need to retrieve
user_name -- string obtained from getSecurityManager().getUser().getId()
object -- object which we want to assign roles to
portal_type -- portal type of object
NOTE: for now, this script requires proxy manager
"""
category_list = []
if object is None:
return []
person_object = object
# We look for every valid assignments of this user
for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):
if assignment.getValidationState() == 'open':
category_dict = {}
for base_category in base_category_list:
category_value_list = assignment.getAcquiredValueList(base_category)
if category_value_list:
for category_value in category_value_list:
category_dict.setdefault(base_category, []).append('%s' % category_value.getRelativeUrl())
category_list.append(category_dict)
return category_list
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>base_category_list, user_name, object, portal_type</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Type_getSecurityCategoryFromChildAssignmentList</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -719,6 +719,29 @@ class TestPerson(TestSlapOSGroupRoleSecurityMixin):
def test_TheUserHimself_Certificate(self):
self.test_TheUserHimself(login_portal_type="Certificate Login")
def test_ProjectMember(self, login_portal_type="ERP5 Login"):
person = self.portal.person_module.newContent(portal_type='Person')
person.newContent(portal_type=login_portal_type)
project = self.portal.project_module.newContent(
portal_type="Project"
)
project.validate()
person.newContent(portal_type='Assignment',
destination_project_value=project).open()
self.tic()
person.updateLocalRolesOnSecurityGroups()
shadow_reference = 'SHADOW-%s' % person.getUserId()
self.assertSecurityGroup(person,
['G-COMPANY', self.user_id, person.getUserId(), shadow_reference,
project.getReference()], False)
self.assertRoles(person, 'G-COMPANY', ['Assignor'])
self.assertRoles(person, person.getUserId(), ['Assignee'])
self.assertRoles(person, shadow_reference, ['Auditor'])
self.assertRoles(person, project.getReference(), ['Auditor'])
self.assertRoles(person, self.user_id, ['Owner'])
class TestERP5Login(TestSlapOSGroupRoleSecurityMixin):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment