Commit fcf1d15c authored by Arnaud Fontaine's avatar Arnaud Fontaine

Add Developer Role to modify ZODB Components.

This new Role is defined only on portal_components and users can be only added
to this Role through editing zope.conf. Also, add a Permission for reset as
this role is not available outside of portal_components and is still useful
for Workflows for example.
parent 279e67a9
......@@ -27,7 +27,7 @@
</item>
<item>
<key> <string>acquire_local_roles</string> </key>
<value> <int>1</int> </value>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>content_icon</string> </key>
......
......@@ -27,7 +27,7 @@
</item>
<item>
<key> <string>acquire_local_roles</string> </key>
<value> <int>0</int> </value>
<value> <int>1</int> </value>
</item>
<item>
<key> <string>content_icon</string> </key>
......
......@@ -6,6 +6,1258 @@
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_Add_Accelerated_HTTP_Cache_Managers_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_BTreeFolder2s_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Browser_Id_Manager_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_CMFActivity_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_CMFCategory_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_CMF_Action_Icons_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_CMF_Active_Processs_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_CMF_Caching_Policy_Managers_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_CMF_Calendar_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_CMF_Core_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_CMF_Default_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_CMF_Sites_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_CMF_Unique_Id_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Content_Type_Registrys_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Cookie_Crumblers_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Database_Methods_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Documents__Images__and_Files_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5Catalog_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5Configurator_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5Form_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5SecurePayment_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5ShortMessage_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5SyncML_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5TioSafe_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5Type_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5Wizard_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5_Filesystem_Formulator_Forms_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5_Form_Printouts_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5_Forms_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5_OOo_Templates_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5_PDF_Forms_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5_PDF_Templates_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5_Python_Scripts_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5_Reports_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5_Sites_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ERP5_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ExtFiles_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ExtImages_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_External_Methods_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Filesystem_Directory_Views_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Folders_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Formulator_Forms_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Generic_Setup_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_HBTreeFolder2s_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_LDAP_Connections_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_LDAP_Methods_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_LDIF_Methods_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_LocalContents_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_LocalFolders_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Localizers_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_MailHost_objects_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_MessageCatalogs_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_MimetypesRegistry_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Page_Templates_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Pluggable_Index_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Plugin_Registrys_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_PortalTransforms_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Python_Scripts_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_RAM_Cache_Managers_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ReStructuredText_Documents_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_SCHEM_Tools_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Session_Data_Manager_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Site_Roots_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Temporary_Folder_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Transient_Object_Container_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_User_Folders_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Virtual_Host_Monsters_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Vocabularies_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ZCatalogs_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_ZODB_Mount_Points_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Z_MySQL_Database_Connections_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_Z_MySQL_Deferred_Database_Connections_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_portal_content_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_portal_events_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_portal_folders_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_portal_member_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Add_portal_topics_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Browse_Connection_Entries_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_Browser_Id_Manager_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_DTML_Documents_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_DTML_Methods_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_Database_Connections_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_Database_Methods_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_ExtFile_ExtImage_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_External_Methods_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_Formulator_Fields_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_Formulator_Forms_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_LDAP_Methods_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_Page_Templates_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_Python_Scripts_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_Session_Data_Manager_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_bindings_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_cache_managers_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_cache_settings_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_configuration_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_local_roles_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_permissions_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_portal_events_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_portal_topics_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Change_proxy_roles_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Copy_or_Move_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Create_New_Entry_Objects_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Create_Transient_Objects_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Define_permissions_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Delete_Entry_Objects_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Delete_objects_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Download_ExtFile_ExtImage_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Edit_ReStructuredText_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Edit_connection_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Edit_target_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_FTP_access_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Import_Export_objects_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_List_folder_contents_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_List_portal_members_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_List_undoable_changes_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Log_Site_Errors_Permission</string> </key>
<value>
<list>
<string>Developer</string>
</list>
</value>
</item>
<item>
<key> <string>_Log_to_the_Event_Log_Permission</string> </key>
<value>
<list>
<string>Developer</string>
</list>
</value>
</item>
<item>
<key> <string>_Mail_forgotten_password_Permission</string> </key>
<value>
<list>
<string>Developer</string>
</list>
</value>
</item>
<item>
<key> <string>_Manage_Access_Rules_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_Entry_information_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_Five_local_sites_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_Groups_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_Selenium_test_cases_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_Site_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_Transient_Object_Container_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_Vocabulary_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_WebDAV_Locks_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_ZCatalogIndex_Entries_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_ZCatalog_Entries_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_languages_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_messages_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_portal_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_properties_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Manage_users_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Modify_Cookie_Crumblers_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Modify_portal_content_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Open_Close_Connection_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Open_Close_Database_Connection_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Open_Close_Database_Connections_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Query_Vocabulary_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Reply_to_item_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Request_review_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Reset_dynamic_classes_Permission</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Review_portal_content_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Search_ZCatalog_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Search_for_principals_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Set_own_password_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Set_own_properties_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Take_ownership_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Test_Database_Connections_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Translate_Content_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Undo_changes_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Use_Database_Methods_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Use_LDAP_Methods_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_Use_external_editor_Permission</string> </key>
<value>
<tuple>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>__ac_roles__</string> </key>
<value>
<tuple>
<string>Manager</string>
<string>Owner</string>
<string>Anonymous</string>
<string>Authenticated</string>
<string>Developer</string>
</tuple>
</value>
</item>
<item>
<key> <string>_count</string> </key>
<value>
......
......@@ -43,12 +43,7 @@
<item>
<key> <string>permissions</string> </key>
<value>
<tuple>
<string>Access contents information</string>
<string>Modify portal content</string>
<string>View</string>
<string>Add portal content</string>
</tuple>
<tuple/>
</value>
</item>
<item>
......
2012-02-28 arnaud.fontaine
* Add Developer Role on portal_components which is the only Role with write permissions on portal_components and subobjects.
* Modify component_validation_workflow to not set Permissions and let it get it from portal_components instead.
2012-02-25 arnaud.fontaine
* Add a Python script which performs the redirect rather than doing it in BusinessTemplate class.
* Rename *MigrateAllComponentFromFilesystem to *MigrateSourceCodeFromFilesystem.
......
41011
\ No newline at end of file
41012
\ No newline at end of file
......@@ -19,7 +19,7 @@ from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_inner, aq_parent
from AccessControl import ClassSecurityInfo
from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from App.config import getConfiguration
from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.interfaces.plugins import IUserFactoryPlugin
......@@ -92,6 +92,8 @@ class ERP5User(PropertiedUser):
continue
break
# Patched: Developer role should not never be available as local role
local.pop('Developer', None)
return list( self.getRoles() ) + local.keys()
def allowed( self, object, object_roles=None ):
......@@ -106,6 +108,17 @@ class ERP5User(PropertiedUser):
if object_roles is None or 'Anonymous' in object_roles:
return 1
# Check for Developer Role, see patches.User for rationale
# XXX-arnau: copy/paste
object_roles = set(object_roles)
if 'Developer' in object_roles:
object_roles.remove('Developer')
product_config = getattr(getConfiguration(), 'product_config', None)
if product_config:
config = product_config.get('erp5', None)
if config and self.getId() in config.developer_list:
return 1
# Provide short-cut access if object is protected by 'Authenticated'
# role and user is not nobody
if 'Authenticated' in object_roles and (
......
......@@ -146,3 +146,4 @@ AddERP5Content = AddPortalContent # Since we put come CPS content in ERP5 docume
# Source Code Management - this is the highest possible permission
ManageExtensions = "Manage extensions"
ResetDynamicClasses = "Reset dynamic classes"
......@@ -71,7 +71,7 @@ class ComponentTool(BaseTool):
del sys.modules[full_module_name]
delattr(module, name)
security.declareProtected(Permissions.ModifyPortalContent, 'reset')
security.declareProtected(Permissions.ResetDynamicClasses, 'reset')
def reset(self, force=True):
"""
XXX-arnau: global reset
......@@ -117,7 +117,7 @@ class ComponentTool(BaseTool):
type_tool.resetDynamicDocumentsOnceAtTransactionBoundary()
security.declareProtected(Permissions.ModifyPortalContent,
security.declareProtected(Permissions.ResetDynamicClasses,
'resetOnceAtTransactionBoundary')
def resetOnceAtTransactionBoundary(self):
"""
......
......@@ -70,6 +70,7 @@ from Products.ERP5Type.patches import ZopePageTemplateUtils
from Products.ERP5Type.patches import OFSHistory
from Products.ERP5Type.patches import OFSItem
from Products.ERP5Type.patches import ExternalMethod
from Products.ERP5Type.patches import User
# These symbols are required for backward compatibility
from Products.ERP5Type.patches.PropertyManager import ERP5PropertyManager
......
<component>
<sectiontype name="ERP5Type"
implements="zope.product.base">
<description>
Description
</description>
<key name="developers"
attribute="developer_list"
datatype="string-list">
<description>
Description
</description>
</key>
</sectiontype>
</component>
......@@ -84,9 +84,13 @@ def getRolesInContext( self, object ):
break
# Patched: Developer role should not never be available as local role
local.pop('Developer', None)
return list( self.getRoles() ) + local.keys()
def allowed( self, object, object_roles=None ):
from App.config import getConfiguration
def allowed(self, object, object_roles=None ):
""" Check whether the user has access to object.
......@@ -105,6 +109,17 @@ def allowed( self, object, object_roles=None ):
if object_roles is None or 'Anonymous' in object_roles:
return 1
# Check for Developer Role, see patches.User for rationale
# XXX-arnau: copy/paste
object_roles = set(object_roles)
if 'Developer' in object_roles:
object_roles.remove('Developer')
product_config = getattr(getConfiguration(), 'product_config', None)
if product_config:
config = product_config.get('erp5', None)
if config and self.getId() in config.developer_list:
return 1
# Provide short-cut access if object is protected by 'Authenticated'
# role and user is not nobody
if 'Authenticated' in object_roles and (
......
##############################################################################
#
# Copyright (c) 2002 Zope Corporation and Contributors. All Rights Reserved.
# Copyright (c) 2012 Nexedi SARL and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this
# distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
from AccessControl.User import BasicUser
BasicUser_allowed = BasicUser.allowed
def allowed(self, object, object_roles=None):
"""
Check if the user has Developer role which allows to modify ZODB source code
and remove it, as it should never be acquired anyhow, before calling the
original method
"""
# XXX-arnau: copy/paste (PropertiedUser)
if object_roles is not None:
object_roles = set(object_roles)
if 'Developer' in object_roles:
object_roles.remove('Developer')
product_config = getattr(getConfiguration(), 'product_config', None)
if product_config:
config = product_config.get('erp5', None)
if config and self.getId() in config.developer_list:
return 1
return BasicUser_allowed(self, object, object_roles)
BasicUser.allowed = allowed
from App.config import getConfiguration
from AccessControl.User import SimpleUser
SimpleUser_getRoles = SimpleUser.getRoles
def getRoles(self):
"""
Add Developer Role if the user has been explicitely set as Developer in Zope
configuration file
"""
role_tuple = SimpleUser_getRoles(self)
if role_tuple:
product_config = getattr(getConfiguration(), 'product_config', None)
if product_config:
config = product_config.get('erp5', None)
if config:
role_set = set(role_tuple)
user_id = self.getId()
if config and user_id in config.developer_list:
role_set.add('Developer')
elif user_id in role_set:
role_set.remove('Developer')
return role_set
return role_tuple
SimpleUser.getRoles = getRoles
SimpleUser_getRolesInContext = SimpleUser.getRolesInContext
def getRolesInContext(self, object):
"""
Return the list of roles assigned to the user, including local roles
assigned in context of the passed in object.
"""
userid=self.getId()
roles=self.getRoles()
local={}
object=getattr(object, 'aq_inner', object)
while 1:
local_roles = getattr(object, '__ac_local_roles__', None)
if local_roles:
if callable(local_roles):
local_roles=local_roles()
dict=local_roles or {}
for r in dict.get(userid, []):
local[r]=1
inner = getattr(object, 'aq_inner', object)
parent = getattr(inner, '__parent__', None)
if parent is not None:
object = parent
continue
if hasattr(object, 'im_self'):
object=object.im_self
object=getattr(object, 'aq_inner', object)
continue
break
# Patched: Developer role should not never be available as local role
local.pop('Developer', None)
roles=list(roles) + local.keys()
return roles
SimpleUser.getRolesInContext = getRolesInContext
......@@ -1219,8 +1219,10 @@ def assertResetCalled(self, *args, **kwargs):
import abc
from Products.ERP5Type.mixin.component import ComponentMixin
from Products.ERP5Type.tests.SecurityTestCase import SecurityTestCase
from App.config import getConfiguration
class _TestZodbComponent(ERP5TypeTestCase):
class _TestZodbComponent(SecurityTestCase):
__metaclass__ = abc.ABCMeta
def getBusinessTemplateList(self):
......@@ -1228,6 +1230,19 @@ class _TestZodbComponent(ERP5TypeTestCase):
'erp5_core_component')
def afterSetUp(self):
product_config = getattr(getConfiguration(), 'product_config', None)
if product_config is None:
class DummyDeveloperConfig(object):
pass
dummy_developer_config = DummyDeveloperConfig()
dummy_developer_config.developer_list = ['ERP5TypeTestCase']
getConfiguration().product_config = {'erp5': dummy_developer_config}
elif 'ERP5TypeTestCase' not in product_config['erp5'].developer_list:
product_config['erp5'].developer_list.append('ERP5TypeTestCase')
self._portal = self.getPortal()
self._component_tool = self._portal.portal_components
self._module = __import__(self._getComponentModuleName(),
......@@ -1592,6 +1607,49 @@ def bar(*args, **kwargs):
transaction.commit()
self.tic()
def testDeveloperRoleSecurity(self):
"""
XXX-arnau: test with different users and workflows
"""
component = self._newComponent('TestDeveloperRoleSecurity',
'def foo():\n print "ok"')
transaction.commit()
self.tic()
user_id = 'ERP5TypeTestCase'
self.assertUserCanChangeLocalRoles(user_id, self._component_tool)
self.assertUserCanModifyDocument(user_id, self._component_tool)
self.assertUserCanDeleteDocument(user_id, self._component_tool)
self.assertUserCanChangeLocalRoles(user_id, component)
self.assertUserCanDeleteDocument(user_id, component)
getConfiguration().product_config['erp5'].developer_list = []
# Component Tool and the Component should be viewable by Manager
self.assertUserCanViewDocument(user_id, self._component_tool)
self.assertUserCanAccessDocument(user_id, self._component_tool)
self.assertUserCanViewDocument(user_id, component)
self.assertUserCanAccessDocument(user_id, component)
# But nothing else should be permitted on Component Tool nor Component
self.failIfUserCanAddDocument(user_id, self._component_tool)
self.failIfUserCanModifyDocument(user_id, self._component_tool)
self.failIfUserCanDeleteDocument(user_id, self._component_tool)
self.failIfUserCanModifyDocument(user_id, component)
self.failIfUserCanDeleteDocument(user_id, component)
self.failIfUserCanChangeLocalRoles(user_id, component)
getConfiguration().product_config['erp5'].developer_list = [user_id]
self.assertUserCanChangeLocalRoles(user_id, self._component_tool)
self.assertUserCanModifyDocument(user_id, self._component_tool)
self.assertUserCanDeleteDocument(user_id, self._component_tool)
self.assertUserCanChangeLocalRoles(user_id, component)
self.assertUserCanModifyDocument(user_id, component)
self.assertUserCanDeleteDocument(user_id, component)
from Products.ERP5Type.Core.ExtensionComponent import ExtensionComponent
class TestZodbExtensionComponent(_TestZodbComponent):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment