From 21ba2a84294d0e12999f8f753267c359bb952258 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Fri, 29 Feb 2008 16:26:41 +0000
Subject: [PATCH] Update module's permissions (remove View permission to
 Author).

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@19613 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 .../internal_packing_list_module.xml          |  38 +++++-
 .../ModuleTemplateItem/inventory_module.xml   |  38 +++++-
 .../purchase_order_module.xml                 |  33 ++++-
 .../purchase_packing_list_module.xml          | 116 +++++++++++++-----
 .../purchase_supply_module.xml                |  38 +++++-
 .../purchase_trade_condition_module.xml       |  33 ++++-
 .../returned_sale_packing_list_module.xml     |  38 +++++-
 .../ModuleTemplateItem/sale_order_module.xml  | 116 +++++++++++++-----
 .../sale_packing_list_module.xml              | 116 +++++++++++++-----
 .../ModuleTemplateItem/sale_supply_module.xml |  38 +++++-
 .../sale_trade_condition_module.xml           | 116 +++++++++++++-----
 bt5/erp5_trade/bt/revision                    |   2 +-
 .../bt/template_catalog_local_role_key_list   |   0
 .../bt/template_catalog_role_key_list         |   0
 14 files changed, 588 insertions(+), 134 deletions(-)
 create mode 100644 bt5/erp5_trade/bt/template_catalog_local_role_key_list
 create mode 100644 bt5/erp5_trade/bt/template_catalog_role_key_list

diff --git a/bt5/erp5_trade/ModuleTemplateItem/internal_packing_list_module.xml b/bt5/erp5_trade/ModuleTemplateItem/internal_packing_list_module.xml
index 1e9d92d523..0a18d0aff2 100644
--- a/bt5/erp5_trade/ModuleTemplateItem/internal_packing_list_module.xml
+++ b/bt5/erp5_trade/ModuleTemplateItem/internal_packing_list_module.xml
@@ -208,6 +208,10 @@
    <name>Add Formulator Forms</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Add Local File Systems</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Add LocalContents</name>
    <role>Manager</role>
@@ -384,6 +388,10 @@
    <name>Change Images and Files</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Change Local File System properties</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Change Lock Information</name>
    <role>Manager</role>
@@ -451,6 +459,11 @@
   </permission>
   <permission type='tuple'>
    <name>Copy or Move</name>
+   <role>Assignee</role>
+   <role>Assignor</role>
+   <role>Associate</role>
+   <role>Auditor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -465,6 +478,10 @@
    <name>Define permissions</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Delete local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Delete objects</name>
    <role>Assignor</role>
@@ -564,11 +581,11 @@
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage extensions</name>
+   <name>Manage languages</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage languages</name>
+   <name>Manage local files</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -604,6 +621,10 @@
    <name>Open/Close Database Connections</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Overwrite local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Post mail to ZMailIn</name>
    <role>Manager</role>
@@ -660,6 +681,10 @@
    <name>Undo changes</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Upload local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use Database Methods</name>
    <role>Manager</role>
@@ -668,6 +693,10 @@
    <name>Use Factories</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Use external editor</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use mailhost services</name>
    <role>Manager</role>
@@ -678,7 +707,10 @@
    <role>Assignor</role>
    <role>Associate</role>
    <role>Auditor</role>
-   <role>Author</role>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
+   <name>View Directory Index</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
diff --git a/bt5/erp5_trade/ModuleTemplateItem/inventory_module.xml b/bt5/erp5_trade/ModuleTemplateItem/inventory_module.xml
index a5768404a9..8f011d4ec5 100644
--- a/bt5/erp5_trade/ModuleTemplateItem/inventory_module.xml
+++ b/bt5/erp5_trade/ModuleTemplateItem/inventory_module.xml
@@ -208,6 +208,10 @@
    <name>Add Formulator Forms</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Add Local File Systems</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Add LocalContents</name>
    <role>Manager</role>
@@ -384,6 +388,10 @@
    <name>Change Images and Files</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Change Local File System properties</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Change Lock Information</name>
    <role>Manager</role>
@@ -451,6 +459,11 @@
   </permission>
   <permission type='tuple'>
    <name>Copy or Move</name>
+   <role>Assignee</role>
+   <role>Assignor</role>
+   <role>Associate</role>
+   <role>Auditor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -465,6 +478,10 @@
    <name>Define permissions</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Delete local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Delete objects</name>
    <role>Assignor</role>
@@ -564,11 +581,11 @@
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage extensions</name>
+   <name>Manage languages</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage languages</name>
+   <name>Manage local files</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -604,6 +621,10 @@
    <name>Open/Close Database Connections</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Overwrite local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Post mail to ZMailIn</name>
    <role>Manager</role>
@@ -660,6 +681,10 @@
    <name>Undo changes</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Upload local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use Database Methods</name>
    <role>Manager</role>
@@ -668,6 +693,10 @@
    <name>Use Factories</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Use external editor</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use mailhost services</name>
    <role>Manager</role>
@@ -678,7 +707,10 @@
    <role>Assignor</role>
    <role>Associate</role>
    <role>Auditor</role>
-   <role>Author</role>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
+   <name>View Directory Index</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
diff --git a/bt5/erp5_trade/ModuleTemplateItem/purchase_order_module.xml b/bt5/erp5_trade/ModuleTemplateItem/purchase_order_module.xml
index 1734fdfa41..e4870ee776 100644
--- a/bt5/erp5_trade/ModuleTemplateItem/purchase_order_module.xml
+++ b/bt5/erp5_trade/ModuleTemplateItem/purchase_order_module.xml
@@ -208,6 +208,10 @@
    <name>Add Formulator Forms</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Add Local File Systems</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Add LocalContents</name>
    <role>Manager</role>
@@ -384,6 +388,10 @@
    <name>Change Images and Files</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Change Local File System properties</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Change Lock Information</name>
    <role>Manager</role>
@@ -470,6 +478,10 @@
    <name>Define permissions</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Delete local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Delete objects</name>
    <role>Assignor</role>
@@ -569,11 +581,11 @@
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage extensions</name>
+   <name>Manage languages</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage languages</name>
+   <name>Manage local files</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -609,6 +621,10 @@
    <name>Open/Close Database Connections</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Overwrite local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Post mail to ZMailIn</name>
    <role>Manager</role>
@@ -665,6 +681,10 @@
    <name>Undo changes</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Upload local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use Database Methods</name>
    <role>Manager</role>
@@ -673,6 +693,10 @@
    <name>Use Factories</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Use external editor</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use mailhost services</name>
    <role>Manager</role>
@@ -683,7 +707,10 @@
    <role>Assignor</role>
    <role>Associate</role>
    <role>Auditor</role>
-   <role>Author</role>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
+   <name>View Directory Index</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
diff --git a/bt5/erp5_trade/ModuleTemplateItem/purchase_packing_list_module.xml b/bt5/erp5_trade/ModuleTemplateItem/purchase_packing_list_module.xml
index 01f8b46a52..27041d5fce 100644
--- a/bt5/erp5_trade/ModuleTemplateItem/purchase_packing_list_module.xml
+++ b/bt5/erp5_trade/ModuleTemplateItem/purchase_packing_list_module.xml
@@ -52,8 +52,9 @@
    <name>Add Browser Id Manager</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Action Icons Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Active Processs</name>
@@ -63,29 +64,33 @@
    <name>Add CMF Caching Policy Managers</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Calendar Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Core Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Default Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Report Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Setup Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Sites</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Unique Id Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMFActivity Tools</name>
@@ -99,8 +104,9 @@
    <name>Add CMFMailIn Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Configured CMF Sites</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Content Type Registrys</name>
@@ -126,10 +132,11 @@
    <name>Add ERP5 Forms</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5 OOo Templates</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5 PDF Forms</name>
    <role>Manager</role>
   </permission>
@@ -165,8 +172,9 @@
    <name>Add ERP5Form Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5Subversion Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ERP5SyncML Tools</name>
@@ -200,6 +208,10 @@
    <name>Add Formulator Forms</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Add Local File Systems</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Add LocalContents</name>
    <role>Manager</role>
@@ -220,8 +232,9 @@
    <name>Add MessageCatalogs</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add MimetypesRegistry Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Page Templates</name>
@@ -231,11 +244,13 @@
    <name>Add Pluggable Index</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Plugin Registrys</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add PortalTransforms Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Python Scripts</name>
@@ -285,18 +300,21 @@
    <name>Add Z MySQL Database Connections</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Z MySQL Deferred Database Connections</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ZCatalogs</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ZMailIn Clients</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ZMailMessages</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ZODB Mount Points</name>
@@ -318,6 +336,8 @@
   </permission>
   <permission type='tuple'>
    <name>Add portal folders</name>
+   <role>Assignor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -368,6 +388,10 @@
    <name>Change Images and Files</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Change Local File System properties</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Change Lock Information</name>
    <role>Manager</role>
@@ -388,11 +412,13 @@
    <name>Change Versions</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change ZMailIn</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change ZMailMessages</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Change bindings</name>
@@ -410,8 +436,10 @@
    <name>Change configuration</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change local roles</name>
+   <role>Assignor</role>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Change permissions</name>
@@ -431,6 +459,11 @@
   </permission>
   <permission type='tuple'>
    <name>Copy or Move</name>
+   <role>Assignee</role>
+   <role>Assignor</role>
+   <role>Associate</role>
+   <role>Auditor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -445,8 +478,13 @@
    <name>Define permissions</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Delete local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Delete objects</name>
+   <role>Assignor</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -461,8 +499,9 @@
    <name>Edit ReStructuredText</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Edit target</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>FTP access</name>
@@ -509,11 +548,13 @@
    <name>Manage Access Rules</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Manage Groups</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Manage Selenium test cases</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Manage Transient Object Container</name>
@@ -539,13 +580,14 @@
    <name>Manage ZCatalogIndex Entries</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
-   <name>Manage extensions</name>
-  </permission>
   <permission type='tuple'>
    <name>Manage languages</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Manage local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Manage messages</name>
    <role>Manager</role>
@@ -579,8 +621,13 @@
    <name>Open/Close Database Connections</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
+   <name>Overwrite local files</name>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
    <name>Post mail to ZMailIn</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Query Vocabulary</name>
@@ -606,8 +653,9 @@
    <name>Search ZCatalog</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Search for principals</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Set own password</name>
@@ -633,6 +681,10 @@
    <name>Undo changes</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Upload local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use Database Methods</name>
    <role>Manager</role>
@@ -641,6 +693,10 @@
    <name>Use Factories</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Use external editor</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use mailhost services</name>
    <role>Manager</role>
@@ -651,7 +707,10 @@
    <role>Assignor</role>
    <role>Associate</role>
    <role>Auditor</role>
-   <role>Author</role>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
+   <name>View Directory Index</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -663,8 +722,9 @@
    <role>Author</role>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>View ZMailMessage</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>View management screens</name>
diff --git a/bt5/erp5_trade/ModuleTemplateItem/purchase_supply_module.xml b/bt5/erp5_trade/ModuleTemplateItem/purchase_supply_module.xml
index 61c9a30b30..0097eee09b 100644
--- a/bt5/erp5_trade/ModuleTemplateItem/purchase_supply_module.xml
+++ b/bt5/erp5_trade/ModuleTemplateItem/purchase_supply_module.xml
@@ -208,6 +208,10 @@
    <name>Add Formulator Forms</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Add Local File Systems</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Add LocalContents</name>
    <role>Manager</role>
@@ -384,6 +388,10 @@
    <name>Change Images and Files</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Change Local File System properties</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Change Lock Information</name>
    <role>Manager</role>
@@ -451,6 +459,11 @@
   </permission>
   <permission type='tuple'>
    <name>Copy or Move</name>
+   <role>Assignee</role>
+   <role>Assignor</role>
+   <role>Associate</role>
+   <role>Auditor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -465,6 +478,10 @@
    <name>Define permissions</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Delete local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Delete objects</name>
    <role>Assignor</role>
@@ -564,11 +581,11 @@
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage extensions</name>
+   <name>Manage languages</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage languages</name>
+   <name>Manage local files</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -604,6 +621,10 @@
    <name>Open/Close Database Connections</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Overwrite local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Post mail to ZMailIn</name>
    <role>Manager</role>
@@ -660,6 +681,10 @@
    <name>Undo changes</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Upload local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use Database Methods</name>
    <role>Manager</role>
@@ -668,6 +693,10 @@
    <name>Use Factories</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Use external editor</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use mailhost services</name>
    <role>Manager</role>
@@ -678,7 +707,10 @@
    <role>Assignor</role>
    <role>Associate</role>
    <role>Auditor</role>
-   <role>Author</role>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
+   <name>View Directory Index</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
diff --git a/bt5/erp5_trade/ModuleTemplateItem/purchase_trade_condition_module.xml b/bt5/erp5_trade/ModuleTemplateItem/purchase_trade_condition_module.xml
index 290f4958d8..0159e1a15c 100644
--- a/bt5/erp5_trade/ModuleTemplateItem/purchase_trade_condition_module.xml
+++ b/bt5/erp5_trade/ModuleTemplateItem/purchase_trade_condition_module.xml
@@ -208,6 +208,10 @@
    <name>Add Formulator Forms</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Add Local File Systems</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Add LocalContents</name>
    <role>Manager</role>
@@ -384,6 +388,10 @@
    <name>Change Images and Files</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Change Local File System properties</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Change Lock Information</name>
    <role>Manager</role>
@@ -470,6 +478,10 @@
    <name>Define permissions</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Delete local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Delete objects</name>
    <role>Assignor</role>
@@ -569,11 +581,11 @@
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage extensions</name>
+   <name>Manage languages</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage languages</name>
+   <name>Manage local files</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -609,6 +621,10 @@
    <name>Open/Close Database Connections</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Overwrite local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Post mail to ZMailIn</name>
    <role>Manager</role>
@@ -665,6 +681,10 @@
    <name>Undo changes</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Upload local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use Database Methods</name>
    <role>Manager</role>
@@ -673,6 +693,10 @@
    <name>Use Factories</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Use external editor</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use mailhost services</name>
    <role>Manager</role>
@@ -683,7 +707,10 @@
    <role>Assignor</role>
    <role>Associate</role>
    <role>Auditor</role>
-   <role>Author</role>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
+   <name>View Directory Index</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
diff --git a/bt5/erp5_trade/ModuleTemplateItem/returned_sale_packing_list_module.xml b/bt5/erp5_trade/ModuleTemplateItem/returned_sale_packing_list_module.xml
index af02108077..fc044ada07 100644
--- a/bt5/erp5_trade/ModuleTemplateItem/returned_sale_packing_list_module.xml
+++ b/bt5/erp5_trade/ModuleTemplateItem/returned_sale_packing_list_module.xml
@@ -208,6 +208,10 @@
    <name>Add Formulator Forms</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Add Local File Systems</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Add LocalContents</name>
    <role>Manager</role>
@@ -384,6 +388,10 @@
    <name>Change Images and Files</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Change Local File System properties</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Change Lock Information</name>
    <role>Manager</role>
@@ -451,6 +459,11 @@
   </permission>
   <permission type='tuple'>
    <name>Copy or Move</name>
+   <role>Assignee</role>
+   <role>Assignor</role>
+   <role>Associate</role>
+   <role>Auditor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -465,6 +478,10 @@
    <name>Define permissions</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Delete local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Delete objects</name>
    <role>Assignor</role>
@@ -564,11 +581,11 @@
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage extensions</name>
+   <name>Manage languages</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage languages</name>
+   <name>Manage local files</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -604,6 +621,10 @@
    <name>Open/Close Database Connections</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Overwrite local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Post mail to ZMailIn</name>
    <role>Manager</role>
@@ -660,6 +681,10 @@
    <name>Undo changes</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Upload local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use Database Methods</name>
    <role>Manager</role>
@@ -668,6 +693,10 @@
    <name>Use Factories</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Use external editor</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use mailhost services</name>
    <role>Manager</role>
@@ -678,7 +707,10 @@
    <role>Assignor</role>
    <role>Associate</role>
    <role>Auditor</role>
-   <role>Author</role>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
+   <name>View Directory Index</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
diff --git a/bt5/erp5_trade/ModuleTemplateItem/sale_order_module.xml b/bt5/erp5_trade/ModuleTemplateItem/sale_order_module.xml
index 7b1bcc5d74..be168a0f64 100644
--- a/bt5/erp5_trade/ModuleTemplateItem/sale_order_module.xml
+++ b/bt5/erp5_trade/ModuleTemplateItem/sale_order_module.xml
@@ -52,8 +52,9 @@
    <name>Add Browser Id Manager</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Action Icons Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Active Processs</name>
@@ -63,29 +64,33 @@
    <name>Add CMF Caching Policy Managers</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Calendar Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Core Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Default Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Report Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Setup Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Sites</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Unique Id Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMFActivity Tools</name>
@@ -99,8 +104,9 @@
    <name>Add CMFMailIn Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Configured CMF Sites</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Content Type Registrys</name>
@@ -126,10 +132,11 @@
    <name>Add ERP5 Forms</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5 OOo Templates</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5 PDF Forms</name>
    <role>Manager</role>
   </permission>
@@ -165,8 +172,9 @@
    <name>Add ERP5Form Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5Subversion Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ERP5SyncML Tools</name>
@@ -200,6 +208,10 @@
    <name>Add Formulator Forms</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Add Local File Systems</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Add LocalContents</name>
    <role>Manager</role>
@@ -220,8 +232,9 @@
    <name>Add MessageCatalogs</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add MimetypesRegistry Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Page Templates</name>
@@ -231,11 +244,13 @@
    <name>Add Pluggable Index</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Plugin Registrys</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add PortalTransforms Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Python Scripts</name>
@@ -285,18 +300,21 @@
    <name>Add Z MySQL Database Connections</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Z MySQL Deferred Database Connections</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ZCatalogs</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ZMailIn Clients</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ZMailMessages</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ZODB Mount Points</name>
@@ -318,6 +336,8 @@
   </permission>
   <permission type='tuple'>
    <name>Add portal folders</name>
+   <role>Assignor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -368,6 +388,10 @@
    <name>Change Images and Files</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Change Local File System properties</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Change Lock Information</name>
    <role>Manager</role>
@@ -388,11 +412,13 @@
    <name>Change Versions</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change ZMailIn</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change ZMailMessages</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Change bindings</name>
@@ -410,8 +436,10 @@
    <name>Change configuration</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change local roles</name>
+   <role>Assignor</role>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Change permissions</name>
@@ -431,6 +459,11 @@
   </permission>
   <permission type='tuple'>
    <name>Copy or Move</name>
+   <role>Assignee</role>
+   <role>Assignor</role>
+   <role>Associate</role>
+   <role>Auditor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -445,8 +478,13 @@
    <name>Define permissions</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Delete local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Delete objects</name>
+   <role>Assignor</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -461,8 +499,9 @@
    <name>Edit ReStructuredText</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Edit target</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>FTP access</name>
@@ -509,11 +548,13 @@
    <name>Manage Access Rules</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Manage Groups</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Manage Selenium test cases</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Manage Transient Object Container</name>
@@ -539,13 +580,14 @@
    <name>Manage ZCatalogIndex Entries</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
-   <name>Manage extensions</name>
-  </permission>
   <permission type='tuple'>
    <name>Manage languages</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Manage local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Manage messages</name>
    <role>Manager</role>
@@ -579,8 +621,13 @@
    <name>Open/Close Database Connections</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
+   <name>Overwrite local files</name>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
    <name>Post mail to ZMailIn</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Query Vocabulary</name>
@@ -606,8 +653,9 @@
    <name>Search ZCatalog</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Search for principals</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Set own password</name>
@@ -633,6 +681,10 @@
    <name>Undo changes</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Upload local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use Database Methods</name>
    <role>Manager</role>
@@ -641,6 +693,10 @@
    <name>Use Factories</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Use external editor</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use mailhost services</name>
    <role>Manager</role>
@@ -651,7 +707,10 @@
    <role>Assignor</role>
    <role>Associate</role>
    <role>Auditor</role>
-   <role>Author</role>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
+   <name>View Directory Index</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -663,8 +722,9 @@
    <role>Author</role>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>View ZMailMessage</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>View management screens</name>
diff --git a/bt5/erp5_trade/ModuleTemplateItem/sale_packing_list_module.xml b/bt5/erp5_trade/ModuleTemplateItem/sale_packing_list_module.xml
index d160b72b30..3377d6b937 100644
--- a/bt5/erp5_trade/ModuleTemplateItem/sale_packing_list_module.xml
+++ b/bt5/erp5_trade/ModuleTemplateItem/sale_packing_list_module.xml
@@ -52,8 +52,9 @@
    <name>Add Browser Id Manager</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Action Icons Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Active Processs</name>
@@ -63,29 +64,33 @@
    <name>Add CMF Caching Policy Managers</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Calendar Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Core Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Default Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Report Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Setup Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Sites</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Unique Id Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMFActivity Tools</name>
@@ -99,8 +104,9 @@
    <name>Add CMFMailIn Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Configured CMF Sites</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Content Type Registrys</name>
@@ -126,10 +132,11 @@
    <name>Add ERP5 Forms</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5 OOo Templates</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5 PDF Forms</name>
    <role>Manager</role>
   </permission>
@@ -165,8 +172,9 @@
    <name>Add ERP5Form Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5Subversion Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ERP5SyncML Tools</name>
@@ -200,6 +208,10 @@
    <name>Add Formulator Forms</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Add Local File Systems</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Add LocalContents</name>
    <role>Manager</role>
@@ -220,8 +232,9 @@
    <name>Add MessageCatalogs</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add MimetypesRegistry Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Page Templates</name>
@@ -231,11 +244,13 @@
    <name>Add Pluggable Index</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Plugin Registrys</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add PortalTransforms Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Python Scripts</name>
@@ -285,18 +300,21 @@
    <name>Add Z MySQL Database Connections</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Z MySQL Deferred Database Connections</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ZCatalogs</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ZMailIn Clients</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ZMailMessages</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ZODB Mount Points</name>
@@ -318,6 +336,8 @@
   </permission>
   <permission type='tuple'>
    <name>Add portal folders</name>
+   <role>Assignor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -368,6 +388,10 @@
    <name>Change Images and Files</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Change Local File System properties</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Change Lock Information</name>
    <role>Manager</role>
@@ -388,11 +412,13 @@
    <name>Change Versions</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change ZMailIn</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change ZMailMessages</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Change bindings</name>
@@ -410,8 +436,10 @@
    <name>Change configuration</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change local roles</name>
+   <role>Assignor</role>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Change permissions</name>
@@ -431,6 +459,11 @@
   </permission>
   <permission type='tuple'>
    <name>Copy or Move</name>
+   <role>Assignee</role>
+   <role>Assignor</role>
+   <role>Associate</role>
+   <role>Auditor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -445,8 +478,13 @@
    <name>Define permissions</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Delete local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Delete objects</name>
+   <role>Assignor</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -461,8 +499,9 @@
    <name>Edit ReStructuredText</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Edit target</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>FTP access</name>
@@ -509,11 +548,13 @@
    <name>Manage Access Rules</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Manage Groups</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Manage Selenium test cases</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Manage Transient Object Container</name>
@@ -539,13 +580,14 @@
    <name>Manage ZCatalogIndex Entries</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
-   <name>Manage extensions</name>
-  </permission>
   <permission type='tuple'>
    <name>Manage languages</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Manage local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Manage messages</name>
    <role>Manager</role>
@@ -579,8 +621,13 @@
    <name>Open/Close Database Connections</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
+   <name>Overwrite local files</name>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
    <name>Post mail to ZMailIn</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Query Vocabulary</name>
@@ -606,8 +653,9 @@
    <name>Search ZCatalog</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Search for principals</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Set own password</name>
@@ -633,6 +681,10 @@
    <name>Undo changes</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Upload local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use Database Methods</name>
    <role>Manager</role>
@@ -641,6 +693,10 @@
    <name>Use Factories</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Use external editor</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use mailhost services</name>
    <role>Manager</role>
@@ -651,7 +707,10 @@
    <role>Assignor</role>
    <role>Associate</role>
    <role>Auditor</role>
-   <role>Author</role>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
+   <name>View Directory Index</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -663,8 +722,9 @@
    <role>Author</role>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>View ZMailMessage</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>View management screens</name>
diff --git a/bt5/erp5_trade/ModuleTemplateItem/sale_supply_module.xml b/bt5/erp5_trade/ModuleTemplateItem/sale_supply_module.xml
index f36111b2d3..1c0c9bbb0d 100644
--- a/bt5/erp5_trade/ModuleTemplateItem/sale_supply_module.xml
+++ b/bt5/erp5_trade/ModuleTemplateItem/sale_supply_module.xml
@@ -208,6 +208,10 @@
    <name>Add Formulator Forms</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Add Local File Systems</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Add LocalContents</name>
    <role>Manager</role>
@@ -384,6 +388,10 @@
    <name>Change Images and Files</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Change Local File System properties</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Change Lock Information</name>
    <role>Manager</role>
@@ -451,6 +459,11 @@
   </permission>
   <permission type='tuple'>
    <name>Copy or Move</name>
+   <role>Assignee</role>
+   <role>Assignor</role>
+   <role>Associate</role>
+   <role>Auditor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -465,6 +478,10 @@
    <name>Define permissions</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Delete local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Delete objects</name>
    <role>Assignor</role>
@@ -564,11 +581,11 @@
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage extensions</name>
+   <name>Manage languages</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
-   <name>Manage languages</name>
+   <name>Manage local files</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -604,6 +621,10 @@
    <name>Open/Close Database Connections</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Overwrite local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Post mail to ZMailIn</name>
    <role>Manager</role>
@@ -660,6 +681,10 @@
    <name>Undo changes</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Upload local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use Database Methods</name>
    <role>Manager</role>
@@ -668,6 +693,10 @@
    <name>Use Factories</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Use external editor</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use mailhost services</name>
    <role>Manager</role>
@@ -678,7 +707,10 @@
    <role>Assignor</role>
    <role>Associate</role>
    <role>Auditor</role>
-   <role>Author</role>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
+   <name>View Directory Index</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
diff --git a/bt5/erp5_trade/ModuleTemplateItem/sale_trade_condition_module.xml b/bt5/erp5_trade/ModuleTemplateItem/sale_trade_condition_module.xml
index a4992b89d1..03efe72c15 100644
--- a/bt5/erp5_trade/ModuleTemplateItem/sale_trade_condition_module.xml
+++ b/bt5/erp5_trade/ModuleTemplateItem/sale_trade_condition_module.xml
@@ -52,8 +52,9 @@
    <name>Add Browser Id Manager</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Action Icons Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Active Processs</name>
@@ -63,29 +64,33 @@
    <name>Add CMF Caching Policy Managers</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Calendar Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Core Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Default Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Report Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Setup Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMF Sites</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add CMF Unique Id Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add CMFActivity Tools</name>
@@ -99,8 +104,9 @@
    <name>Add CMFMailIn Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Configured CMF Sites</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Content Type Registrys</name>
@@ -126,10 +132,11 @@
    <name>Add ERP5 Forms</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5 OOo Templates</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5 PDF Forms</name>
    <role>Manager</role>
   </permission>
@@ -165,8 +172,9 @@
    <name>Add ERP5Form Tools</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ERP5Subversion Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ERP5SyncML Tools</name>
@@ -200,6 +208,10 @@
    <name>Add Formulator Forms</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Add Local File Systems</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Add LocalContents</name>
    <role>Manager</role>
@@ -220,8 +232,9 @@
    <name>Add MessageCatalogs</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add MimetypesRegistry Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Page Templates</name>
@@ -231,11 +244,13 @@
    <name>Add Pluggable Index</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Plugin Registrys</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add PortalTransforms Tools</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add Python Scripts</name>
@@ -285,18 +300,21 @@
    <name>Add Z MySQL Database Connections</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add Z MySQL Deferred Database Connections</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ZCatalogs</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ZMailIn Clients</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Add ZMailMessages</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Add ZODB Mount Points</name>
@@ -318,6 +336,8 @@
   </permission>
   <permission type='tuple'>
    <name>Add portal folders</name>
+   <role>Assignor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -368,6 +388,10 @@
    <name>Change Images and Files</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Change Local File System properties</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Change Lock Information</name>
    <role>Manager</role>
@@ -388,11 +412,13 @@
    <name>Change Versions</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change ZMailIn</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change ZMailMessages</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Change bindings</name>
@@ -410,8 +436,10 @@
    <name>Change configuration</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Change local roles</name>
+   <role>Assignor</role>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Change permissions</name>
@@ -431,6 +459,11 @@
   </permission>
   <permission type='tuple'>
    <name>Copy or Move</name>
+   <role>Assignee</role>
+   <role>Assignor</role>
+   <role>Associate</role>
+   <role>Auditor</role>
+   <role>Author</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -445,8 +478,13 @@
    <name>Define permissions</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Delete local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Delete objects</name>
+   <role>Assignor</role>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -461,8 +499,9 @@
    <name>Edit ReStructuredText</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Edit target</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>FTP access</name>
@@ -509,11 +548,13 @@
    <name>Manage Access Rules</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Manage Groups</name>
+   <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Manage Selenium test cases</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Manage Transient Object Container</name>
@@ -539,13 +580,14 @@
    <name>Manage ZCatalogIndex Entries</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
-   <name>Manage extensions</name>
-  </permission>
   <permission type='tuple'>
    <name>Manage languages</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Manage local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Manage messages</name>
    <role>Manager</role>
@@ -579,8 +621,13 @@
    <name>Open/Close Database Connections</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
+   <name>Overwrite local files</name>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
    <name>Post mail to ZMailIn</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Query Vocabulary</name>
@@ -606,8 +653,9 @@
    <name>Search ZCatalog</name>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>Search for principals</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>Set own password</name>
@@ -633,6 +681,10 @@
    <name>Undo changes</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Upload local files</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use Database Methods</name>
    <role>Manager</role>
@@ -641,6 +693,10 @@
    <name>Use Factories</name>
    <role>Manager</role>
   </permission>
+  <permission type='tuple'>
+   <name>Use external editor</name>
+   <role>Manager</role>
+  </permission>
   <permission type='tuple'>
    <name>Use mailhost services</name>
    <role>Manager</role>
@@ -651,7 +707,10 @@
    <role>Assignor</role>
    <role>Associate</role>
    <role>Auditor</role>
-   <role>Author</role>
+   <role>Manager</role>
+  </permission>
+  <permission type='tuple'>
+   <name>View Directory Index</name>
    <role>Manager</role>
   </permission>
   <permission type='tuple'>
@@ -663,8 +722,9 @@
    <role>Author</role>
    <role>Manager</role>
   </permission>
-  <permission type='list'>
+  <permission type='tuple'>
    <name>View ZMailMessage</name>
+   <role>Manager</role>
   </permission>
   <permission type='tuple'>
    <name>View management screens</name>
diff --git a/bt5/erp5_trade/bt/revision b/bt5/erp5_trade/bt/revision
index cb37cb5c1f..e3e1916cf5 100644
--- a/bt5/erp5_trade/bt/revision
+++ b/bt5/erp5_trade/bt/revision
@@ -1 +1 @@
-186
\ No newline at end of file
+187
\ No newline at end of file
diff --git a/bt5/erp5_trade/bt/template_catalog_local_role_key_list b/bt5/erp5_trade/bt/template_catalog_local_role_key_list
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/bt5/erp5_trade/bt/template_catalog_role_key_list b/bt5/erp5_trade/bt/template_catalog_role_key_list
new file mode 100644
index 0000000000..e69de29bb2
-- 
2.30.9