Commit 99ff64fb authored by Rafael Monnerat's avatar Rafael Monnerat

slapos_erp5: [Security] Update security for Organisation and Projects

   Organisation is going to be used as Site to identify the Location of a group of Computers.
   User can add Organisations
   User can add Projects
   Owners are also Assignees on theirs Orgsanisations and Projects
parent 7b937c3f
...@@ -9,12 +9,10 @@ ...@@ -9,12 +9,10 @@
</role> </role>
<role id='R-MEMBER'> <role id='R-MEMBER'>
<item>Auditor</item> <item>Auditor</item>
<item>Author</item>
</role> </role>
<role id='R-SHADOW-PERSON'> <role id='R-SHADOW-PERSON'>
<item>Auditor</item> <item>Auditor</item>
</role> </role>
<role id='zope'>
<item>Owner</item>
</role>
</local_roles> </local_roles>
</local_roles_item> </local_roles_item>
\ No newline at end of file
<local_roles_item>
<local_roles>
<role id='G-COMPANY'>
<item>Auditor</item>
<item>Author</item>
</role>
<role id='R-COMPUTER'>
<item>Auditor</item>
</role>
<role id='R-MEMBER'>
<item>Auditor</item>
<item>Author</item>
</role>
<role id='R-SHADOW-PERSON'>
<item>Auditor</item>
</role>
</local_roles>
</local_roles_item>
\ No newline at end of file
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
<multi_property id='category'>role/computer</multi_property> <multi_property id='category'>role/computer</multi_property>
<multi_property id='base_category'>role</multi_property> <multi_property id='base_category'>role</multi_property>
</role> </role>
<role id='Auditor'> <role id='Auditor; Author'>
<property id='title'>Customer</property> <property id='title'>Customer</property>
<multi_property id='category'>role/member</multi_property> <multi_property id='category'>role/member</multi_property>
<multi_property id='base_category'>role</multi_property> <multi_property id='base_category'>role</multi_property>
......
...@@ -9,6 +9,12 @@ ...@@ -9,6 +9,12 @@
<multi_property id='category'>role/member</multi_property> <multi_property id='category'>role/member</multi_property>
<multi_property id='base_category'>role</multi_property> <multi_property id='base_category'>role</multi_property>
</role> </role>
<role id='Assignee'>
<property id='title'>Person Owner</property>
<property id='description'>XXXX Review this later</property>
<property id='base_category_script'>ERP5Type_acquireSecurityFromOwner</property>
<multi_property id='base_category'>source</multi_property>
</role>
<role id='Auditor'> <role id='Auditor'>
<property id='title'>Person Shadow</property> <property id='title'>Person Shadow</property>
<multi_property id='category'>role/shadow/person</multi_property> <multi_property id='category'>role/shadow/person</multi_property>
......
<type_roles>
<role id='Auditor'>
<property id='title'>Computer</property>
<multi_property id='category'>role/computer</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
<role id='Auditor; Author'>
<property id='title'>Customer</property>
<multi_property id='category'>role/member</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
<role id='Author; Auditor'>
<property id='title'>Group company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Person Shadow</property>
<multi_property id='category'>role/shadow/person</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
</type_roles>
\ No newline at end of file
<type_roles>
<role id='Assignor'>
<property id='title'>Group company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Member</property>
<multi_property id='category'>role/member</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Person Owner</property>
<property id='description'>XXXX Review this later</property>
<property id='base_category_script'>ERP5Type_acquireSecurityFromOwner</property>
<multi_property id='base_category'>source</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Person Shadow</property>
<multi_property id='category'>role/shadow/person</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
</type_roles>
\ No newline at end of file
...@@ -429,7 +429,7 @@ class TestOrganisation(TestSlapOSGroupRoleSecurityMixin): ...@@ -429,7 +429,7 @@ class TestOrganisation(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(organisation, 'G-COMPANY', ['Assignor']) self.assertRoles(organisation, 'G-COMPANY', ['Assignor'])
self.assertRoles(organisation, 'R-MEMBER', ['Auditor']) self.assertRoles(organisation, 'R-MEMBER', ['Auditor'])
self.assertRoles(organisation, 'R-SHADOW-PERSON', ['Auditor']) self.assertRoles(organisation, 'R-SHADOW-PERSON', ['Auditor'])
self.assertRoles(organisation, self.user_id, ['Owner']) self.assertRoles(organisation, self.user_id, ['Owner', 'Assignee'])
test_Member = test_GroupCompany test_Member = test_GroupCompany
...@@ -439,12 +439,36 @@ class TestOrganisationModule(TestSlapOSGroupRoleSecurityMixin): ...@@ -439,12 +439,36 @@ class TestOrganisationModule(TestSlapOSGroupRoleSecurityMixin):
self.changeOwnership(module) self.changeOwnership(module)
self.assertSecurityGroup(module, self.assertSecurityGroup(module,
['G-COMPANY', 'R-COMPUTER', 'R-MEMBER', self.user_id, 'R-SHADOW-PERSON'], False) ['G-COMPANY', 'R-COMPUTER', 'R-MEMBER', self.user_id, 'R-SHADOW-PERSON'], False)
self.assertRoles(module, 'R-MEMBER', ['Auditor']) self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
self.assertRoles(module, 'R-COMPUTER', ['Auditor'])
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
self.assertRoles(module, self.user_id, ['Owner'])
class TestProjectModule(TestSlapOSGroupRoleSecurityMixin):
def test(self):
module = self.portal.project_module
self.changeOwnership(module)
self.assertSecurityGroup(module,
['G-COMPANY', 'R-COMPUTER', 'R-MEMBER', self.user_id, 'R-SHADOW-PERSON'], True)
self.assertRoles(module, 'R-MEMBER', ['Auditor', 'Author'])
self.assertRoles(module, 'R-COMPUTER', ['Auditor']) self.assertRoles(module, 'R-COMPUTER', ['Auditor'])
self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author']) self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor']) self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
self.assertRoles(module, self.user_id, ['Owner']) self.assertRoles(module, self.user_id, ['Owner'])
class TestProject(TestSlapOSGroupRoleSecurityMixin):
def test_GroupCompany(self):
project = self.portal.project_module.newContent(
portal_type='Project')
project.updateLocalRolesOnSecurityGroups()
self.assertSecurityGroup(project,
['G-COMPANY', self.user_id, 'R-MEMBER', 'R-SHADOW-PERSON'], False)
self.assertRoles(project, 'G-COMPANY', ['Assignor'])
self.assertRoles(project, 'R-MEMBER', ['Auditor'])
self.assertRoles(project, 'R-SHADOW-PERSON', ['Auditor'])
self.assertRoles(project, self.user_id, ['Owner', 'Assignee'])
class TestPDF(TestSlapOSGroupRoleSecurityMixin): class TestPDF(TestSlapOSGroupRoleSecurityMixin):
def test_SecurityForShacache(self): def test_SecurityForShacache(self):
pdf = self.portal.document_module.newContent(portal_type='PDF') pdf = self.portal.document_module.newContent(portal_type='PDF')
......
...@@ -47,6 +47,7 @@ portal_gadgets ...@@ -47,6 +47,7 @@ portal_gadgets
portal_integrations portal_integrations
portal_integrations/slapos_payzen_test_integration portal_integrations/slapos_payzen_test_integration
product_module product_module
project_module
purchase_order_module purchase_order_module
purchase_trade_condition_module purchase_trade_condition_module
query_module query_module
......
...@@ -73,6 +73,8 @@ Phone Call ...@@ -73,6 +73,8 @@ Phone Call
Presentation Presentation
Product Product
Product Module Product Module
Project
Project Module
Purchase Invoice Transaction Purchase Invoice Transaction
Purchase Order Purchase Order
Purchase Order Module Purchase Order Module
......
...@@ -34,6 +34,8 @@ from Products.ERP5Type.tests.utils import DummyMailHost ...@@ -34,6 +34,8 @@ from Products.ERP5Type.tests.utils import DummyMailHost
from Products.ERP5Type.Utils import convertToUpperCase from Products.ERP5Type.Utils import convertToUpperCase
import os import os
import glob import glob
from functools import wraps
from Products.ERP5Type.tests.utils import createZODBPythonScript
from AccessControl.SecurityManagement import getSecurityManager, \ from AccessControl.SecurityManagement import getSecurityManager, \
setSecurityManager setSecurityManager
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment