From 6fa904fffc2545eaf8a0a1b978e5d4557dc7b465 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bartek=20G=C3=B3rny?= <bartek@gorny.edu.pl>
Date: Wed, 1 Nov 2006 15:58:26 +0000
Subject: [PATCH] Implemented basic security settings (6 policies)

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@11041 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 .../PortalTypeRolesTemplateItem/Text.xml      |  91 +++++++--
 .../erp5_dms/Document_policyApplies.xml       | 184 ++++++++++++++++++
 .../states/archived.xml                       |   2 -
 .../states/draft.xml                          |   2 -
 .../states/shared.xml                         |   4 -
 .../states/submitted.xml                      |   2 +
 .../transitions/retract.xml                   |  76 --------
 .../transitions/retract_action.xml            | 100 ----------
 .../transitions/share_action.xml              |   5 +-
 .../transitions/submit_action.xml             |  25 +++
 bt5/erp5_dms/bt/change_log                    |   3 +
 bt5/erp5_dms/bt/dependency_list               |   1 -
 bt5/erp5_dms/bt/revision                      |   2 +-
 bt5/erp5_dms/bt/version                       |   2 +-
 14 files changed, 294 insertions(+), 205 deletions(-)
 create mode 100644 bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_policyApplies.xml
 delete mode 100644 bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract.xml
 delete mode 100644 bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract_action.xml

diff --git a/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml b/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml
index 4d685556a1..fcf82b6872 100644
--- a/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml
+++ b/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml
@@ -1,43 +1,104 @@
 <type_roles>
   <role id='Associate'>
-   <property id='title'>Project Assignees</property>
-   <property id='description'>Policy: personal/project
+   <property id='title'>Project Associates</property>
+   <property id='description'>Policy: */project
 Rule: all project members have a right to access document once it has been shared or released</property>
-   <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+   <property id='condition'>python:object.Document_policyApplies('*/project')</property>
    <property id='priority'>10</property>
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
    <multi_property id='category'></multi_property>
    <multi_property id='base_category'>source_project</multi_property>
   </role>
   <role id='Assignor'>
-   <property id='title'>P/P - Project Director</property>
-   <property id='description'>Policy: personal/project
+   <property id='title'>Project Director</property>
+   <property id='description'>Policy: */project
 Rule: project director is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
-   <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+   <property id='condition'>python:object.Document_policyApplies('*/project')</property>
    <property id='priority'>10</property>
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
-   <multi_property id='category'>function/project/director</multi_property>
+   <multi_property id='category'>function/knowledge/manager</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
    <multi_property id='base_category'>function</multi_property>
   </role>
   <role id='Assignee'>
-   <property id='title'>P/P - Project Owner</property>
-   <property id='description'>Policy: personal/project
-Rule: the creator is Assignee - can edit the doc and share it with the team</property>
-   <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+   <property id='title'>Owner</property>
+   <property id='description'>Policy: */*
+Rule: the creator is Assignee - can edit the doc and submit it</property>
    <property id='priority'>10</property>
    <property id='base_category_script'>ERP5Type_getSecurityCategoryFromUser</property>
    <multi_property id='category'></multi_property>
    <multi_property id='base_category'>reference</multi_property>
   </role>
   <role id='Auditor'>
-   <property id='title'>P/P - Organisation members</property>
-   <property id='description'>Policy: personal/project
-Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)</property>
-   <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+   <property id='title'>Organisation members</property>
+   <property id='description'>Policy: */*
+Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)
+This does not apply if it is a project document and does not have a project</property>
+   <property id='condition'>python: not object.Document_policyApplies('*/restricted') and (object.Document_policyApplies('*/project') or not object.Document_policyApplies('*/project',True) )</property>
    <property id='priority'>10</property>
    <property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
    <multi_property id='category'></multi_property>
    <multi_property id='base_category'>group</multi_property>
   </role>
+  <role id='Assignee'>
+   <property id='title'>Project Collaborators</property>
+   <property id='description'>Policy: collaborative/project
+Rule: all members of project team can edit the document before it is submitted, and can submit it</property>
+   <property id='condition'>python:object.Document_policyApplies('collaborative/project')</property>
+   <property id='priority'>10</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
+   <multi_property id='category'></multi_property>
+   <multi_property id='base_category'>source_project</multi_property>
+  </role>
+  <role id='Assignor'>
+   <property id='title'>Team Director</property>
+   <property id='description'>Policy: */team
+Rule: team manager is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
+   <property id='condition'>python:object.Document_policyApplies('*/team')</property>
+   <property id='priority'>10</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+   <multi_property id='category'>function/knowledge/manager</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
+  <role id='Associate'>
+   <property id='title'>Team Associates</property>
+   <property id='description'>Policy: */team
+Rule: all team members have a right to access document once it has been shared or released</property>
+   <property id='condition'>python:object.Document_policyApplies('*/team')</property>
+   <property id='priority'>10</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+   <multi_property id='category'></multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+  <role id='Assignee'>
+   <property id='title'>Team Collaborators</property>
+   <property id='description'>Policy: collaborative/team
+Rule: all members of the team can edit the document before it is submitted, and can submit it</property>
+   <property id='condition'>python:object.Document_policyApplies('collaborative/team')</property>
+   <property id='priority'>10</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+   <multi_property id='category'></multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+  <role id='Assignee'>
+   <property id='title'>Public Collaborators</property>
+   <property id='description'>Policy: collaborative/public
+Rule: everyone in the organisation (root group) can edit the doc before it is submitted, and can suggest its publication</property>
+   <property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
+   <property id='priority'>10</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
+   <multi_property id='category'></multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+  <role id='Assignor'>
+   <property id='title'>Public Reviewer</property>
+   <property id='description'>Policy: collaborative/public
+Rule: any person with knowledge/manager role can publish the document and manage access rights to it</property>
+   <property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
+   <property id='priority'>10</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+   <multi_property id='category'>function/knowledge/manager</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
 </type_roles>
\ No newline at end of file
diff --git a/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_policyApplies.xml b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_policyApplies.xml
new file mode 100644
index 0000000000..5777f0dc39
--- /dev/null
+++ b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_policyApplies.xml
@@ -0,0 +1,184 @@
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.PythonScripts.PythonScript</string>
+          <string>PythonScript</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Python_magic</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>__ac_local_roles__</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_body</string> </key>
+            <value> <string>klass=context.getClassification()\n
+if klass is None:return False\n
+kl=klass.split(\'/\')\n
+\n
+if len(kl)==1:\n
+  # personal = personal/restricted\n
+  if kl[0]==\'personal\':kl.append(\'restricted\')\n
+  # collaborative = collaborative/team\n
+  if kl[0]==\'collaborative\':kl.append(\'team\')\n
+\n
+# personal/restricted is unconditional\n
+if kl==[\'personal,restricted\']:\n
+  return policy==\'personal/restricted\'\n
+\n
+pol=policy.split(\'/\')\n
+\n
+\n
+if not membershiponly:\n
+  # project policies do not apply if we don\'t have source_project\n
+  if pol[1]==\'project\':\n
+    if context.getSourceProject()==None:\n
+      return False\n
+\n
+# if all conditions are met, check if the policy is ok (wildcards are ok)\n
+return (pol[0] in (\'*\',kl[0])) and (pol[1] in (\'*\',kl[1]))\n
+</string> </value>
+        </item>
+        <item>
+            <key> <string>_code</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_filepath</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_owner</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>policy,membershiponly=False</string> </value>
+        </item>
+        <item>
+            <key> <string>errors</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>func_code</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>co_argcount</string> </key>
+                        <value> <int>2</int> </value>
+                    </item>
+                    <item>
+                        <key> <string>co_varnames</string> </key>
+                        <value>
+                          <tuple>
+                            <string>policy</string>
+                            <string>membershiponly</string>
+                            <string>_getattr_</string>
+                            <string>context</string>
+                            <string>klass</string>
+                            <string>None</string>
+                            <string>False</string>
+                            <string>kl</string>
+                            <string>len</string>
+                            <string>_getitem_</string>
+                            <string>pol</string>
+                          </tuple>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>func_defaults</string> </key>
+            <value>
+              <tuple>
+                <int>0</int>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Document_policyApplies</string> </value>
+        </item>
+        <item>
+            <key> <string>warnings</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml
index 9447f2e167..75e6306c80 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml
@@ -74,7 +74,6 @@
                         <string>Assignee</string>
                         <string>Assignor</string>
                         <string>Associate</string>
-                        <string>Auditor</string>
                         <string>Manager</string>
                         <string>Owner</string>
                       </tuple>
@@ -113,7 +112,6 @@
                         <string>Assignee</string>
                         <string>Assignor</string>
                         <string>Associate</string>
-                        <string>Auditor</string>
                         <string>Manager</string>
                         <string>Owner</string>
                       </tuple>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml
index 4603d683ed..963154fe00 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml
@@ -42,8 +42,6 @@
               <tuple>
                 <string>cancel</string>
                 <string>cancel_action</string>
-                <string>share</string>
-                <string>share_action</string>
                 <string>submit</string>
                 <string>submit_action</string>
               </tuple>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml
index 51306d28b3..289ecbe6ee 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml
@@ -48,10 +48,6 @@
               <tuple>
                 <string>archive</string>
                 <string>archive_action</string>
-                <string>retract</string>
-                <string>retract_action</string>
-                <string>submit</string>
-                <string>submit_action</string>
               </tuple>
             </value>
         </item>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml
index 0709fad453..228b87b23c 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml
@@ -48,6 +48,8 @@
                 <string>reject_action</string>
                 <string>release</string>
                 <string>release_action</string>
+                <string>share</string>
+                <string>share_action</string>
               </tuple>
             </value>
         </item>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract.xml
deleted file mode 100644
index 30f57116e9..0000000000
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract.xml
+++ /dev/null
@@ -1,76 +0,0 @@
-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <tuple>
-        <tuple>
-          <string>Products.DCWorkflow.Transitions</string>
-          <string>TransitionDefinition</string>
-        </tuple>
-        <none/>
-      </tuple>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>__ac_local_roles__</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>_owner</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>actbox_category</string> </key>
-            <value> <string>workflow</string> </value>
-        </item>
-        <item>
-            <key> <string>actbox_name</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>actbox_url</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>after_script_name</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>description</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>guard</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>retract</string> </value>
-        </item>
-        <item>
-            <key> <string>new_state_id</string> </key>
-            <value> <string>draft</string> </value>
-        </item>
-        <item>
-            <key> <string>script_name</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>title</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>trigger_type</string> </key>
-            <value> <int>2</int> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract_action.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract_action.xml
deleted file mode 100644
index 5683e1ee06..0000000000
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/retract_action.xml
+++ /dev/null
@@ -1,100 +0,0 @@
-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <tuple>
-        <tuple>
-          <string>Products.DCWorkflow.Transitions</string>
-          <string>TransitionDefinition</string>
-        </tuple>
-        <none/>
-      </tuple>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>__ac_local_roles__</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>_owner</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>actbox_category</string> </key>
-            <value> <string>workflow</string> </value>
-        </item>
-        <item>
-            <key> <string>actbox_name</string> </key>
-            <value> <string>Retract</string> </value>
-        </item>
-        <item>
-            <key> <string>actbox_url</string> </key>
-            <value> <string>%(content_url)s/BaseWorkflow_viewWorkflowActionDialog?workflow_action=retract_action</string> </value>
-        </item>
-        <item>
-            <key> <string>after_script_name</string> </key>
-            <value> <string>retract</string> </value>
-        </item>
-        <item>
-            <key> <string>description</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>guard</string> </key>
-            <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
-            </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>retract_action</string> </value>
-        </item>
-        <item>
-            <key> <string>new_state_id</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>script_name</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>title</string> </key>
-            <value> <string></string> </value>
-        </item>
-        <item>
-            <key> <string>trigger_type</string> </key>
-            <value> <int>1</int> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-  <record id="2" aka="AAAAAAAAAAI=">
-    <pickle>
-      <tuple>
-        <tuple>
-          <string>Products.DCWorkflow.Guard</string>
-          <string>Guard</string>
-        </tuple>
-        <none/>
-      </tuple>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>roles</string> </key>
-            <value>
-              <tuple>
-                <string>Assignee</string>
-                <string>Owner</string>
-              </tuple>
-            </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml
index a750ee84bf..4dc18d9bb1 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml
@@ -95,8 +95,7 @@
             <key> <string>roles</string> </key>
             <value>
               <tuple>
-                <string>Assignee</string>
-                <string>Owner</string>
+                <string>Assignor</string>
               </tuple>
             </value>
         </item>
@@ -117,7 +116,7 @@
       <dictionary>
         <item>
             <key> <string>text</string> </key>
-            <value> <string>python:here.isMemberOf(\'classification/personal\')</string> </value>
+            <value> <string>python:here.Document_policyApplies(\'personal/*\')</string> </value>
         </item>
       </dictionary>
     </pickle>
diff --git a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/submit_action.xml b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/submit_action.xml
index 4f69967f7b..adb9bba3be 100644
--- a/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/submit_action.xml
+++ b/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/submit_action.xml
@@ -79,6 +79,12 @@
     </pickle>
     <pickle>
       <dictionary>
+        <item>
+            <key> <string>expr</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>roles</string> </key>
             <value>
@@ -91,4 +97,23 @@
       </dictionary>
     </pickle>
   </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.CMFCore.Expression</string>
+          <string>Expression</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>text</string> </key>
+            <value> <string>python:not here.Document_policyApplies(\'*/restricted\')</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
 </ZopeData>
diff --git a/bt5/erp5_dms/bt/change_log b/bt5/erp5_dms/bt/change_log
index 712e6c752f..df7d9d025e 100644
--- a/bt5/erp5_dms/bt/change_log
+++ b/bt5/erp5_dms/bt/change_log
@@ -1,3 +1,6 @@
+2006-11-01
+Implemented basic security settings (6 policies)
+
 2006-10-30
 Removed "collaborated", added "shared"
 Implemented "personal/project" security classification
diff --git a/bt5/erp5_dms/bt/dependency_list b/bt5/erp5_dms/bt/dependency_list
index 5baeafc5b1..e69de29bb2 100644
--- a/bt5/erp5_dms/bt/dependency_list
+++ b/bt5/erp5_dms/bt/dependency_list
@@ -1 +0,0 @@
-erp5_project
\ No newline at end of file
diff --git a/bt5/erp5_dms/bt/revision b/bt5/erp5_dms/bt/revision
index eff3954851..6eac4a65cd 100644
--- a/bt5/erp5_dms/bt/revision
+++ b/bt5/erp5_dms/bt/revision
@@ -1 +1 @@
-290
\ No newline at end of file
+292
\ No newline at end of file
diff --git a/bt5/erp5_dms/bt/version b/bt5/erp5_dms/bt/version
index 02d77135a4..8f83716e76 100644
--- a/bt5/erp5_dms/bt/version
+++ b/bt5/erp5_dms/bt/version
@@ -1 +1 @@
-0.81
\ No newline at end of file
+0.82
\ No newline at end of file
-- 
2.30.9