2006-07-24

* made all the security system work (!!! required a change to ERP5Type.py and to destination_project base cat., not in svn yet)

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@8725 20353a03-c40f-0410-a6d1-a30d3c3de9de

bt5/erp5_dms/ExtensionTemplateItem/asSecurityGroupId.py

+def asSecurityGroupId(self,**kw):
+  ## Script (Python) "xERP5Type_asSecurityGroupId"
+  ##bind container=container
+  ##bind self=self
+  ##bind namespace=
+  ##bind script=script
+  ##bind subpath=traverse_subpath
+  ##parameters=category_order, **kw
+  ##title=
+  ##
+  # category_order : list of base_categories we want to use to generate the group id
+  # kw : keys should be base categories,
+  #      values should be value of corresponding relative urls (obtained by getBaseCategory())
+  #
+  # Example call : self.ERP5TypeSecurity_asGroupId(category_order=('site', 'group', 'function'),
+  #                    site='france/lille', group='nexedi', function='accounting/accountant')
+  # This will generate a string like 'LIL_NXD_ACT' where "LIL", "NXD" and "ACT" are the codification
+  #   of respecively "france/lille", "nexedi" and "accounting/accountant" categories
+  #
+  # ERP5Type_asSecurityGroupId can also return a list of users whenever a category points
+  # to a Person instance. This is useful to implement user based local role assignments
+
+
+  code_list = []
+  user_list = []
+
+  # sort the category list lexicographically
+  # this prevents us to choose the exact order we want,
+  # but also prevents some human mistake to break everything by creating site_function instead of function_site
+  category_order=kw.get('category_order',None)
+  if category_order not in (None, ''):
+    category_order = list(category_order)
+    category_order.sort()
+  else:
+    category_order = []
+
+  for base_category in category_order:
+   if kw.has_key(base_category):
+    category_list   = kw[base_category]
+    if type(category_list)==type(''):
+      category_list = [category_list]
+    for category in category_list:
+      category_path   = '%s/%s' % (base_category, category)
+      category_object = self.portal_categories.getCategoryValue(category_path)
+      if category_object in (None, ''):
+        raise "SecurityRoleDefinitionError", "Category '%s' doesn't exist" % (category_path)
+      if category_object.getPortalType() == 'Person':
+        # We define a person here
+        user_name = category_object.getReference()
+        if user_name is not None: user_list.append(user_name)
+      elif category_object.getPortalType() == 'Project':
+        # We use the project reference as a group
+        category_code = category_object.getReference(category_object.getTitle())
+        code_list.append(category_code)
+      else:
+        # We define a group item here
+        category_code   = category_object.getCodification() or category_object.getId()
+        code_list.append(category_code)
+
+  # Return a list of users or a single group
+  if user_list: 
+    self.log('user_list',user_list)
+    return user_list
+  self.log('code_list',code_list)
+  return '_'.join(code_list)

bt5/erp5_dms/ExtensionTemplateItem/asSecurityGroupIdList.py

+from Products.ERP5Type.Utils import cartesianProduct
+
+def asSecurityGroupIdList(self, category_order=None, **kw):
+  # category_order : list of base_categories we want to use to generate the group id
+  # kw : keys should be base categories,
+  #      values should be value of corresponding relative urls (obtained by getBaseCategory())
+  #
+  # Example call : self.ERP5TypeSecurity_asGroupId(category_order=('site', 'group', 'function'),
+  #                    site='france/lille', group='nexedi', function='accounting/accountant')
+  # This will generate a string like 'LIL_NXD_ACT' where "LIL", "NXD" and "ACT" are the codification
+  #   of respecively "france/lille", "nexedi" and "accounting/accountant" categories
+  #
+  # ERP5Type_asSecurityGroupId can also return a list of users whenever a category points
+  # to a Person instance. This is useful to implement user based local role assignments
+  code_list = []
+  user_list = []
+
+  # sort the category list lexicographically
+  # this prevents us to choose the exact order we want,
+  # but also prevents some human mistake to break everything by creating site_function instead of function_site
+  if category_order not in (None, ''):
+    category_order = list(category_order)
+    category_order.sort()
+  else:
+    category_order = []
+
+  code_dict = {}
+  for base_category in category_order:
+    code_dict[base_category] = []
+    category_list   = kw[base_category]
+    if isinstance(category_list, str):
+      category_list = [category_list]
+    for category in category_list:
+      category_path   = '%s/%s' % (base_category, category)
+      category_object = self.portal_categories.getCategoryValue(category_path)
+      if category_object in (None, ''):
+        raise RuntimeError, "Category '%s' doesn't exist" % (category_path)
+      if category_object.getPortalType() == 'Person':
+        # We define a person here
+        user_name = category_object.getReference()
+        if user_name is not None: user_list.append(user_name)
+      else:
+        # We define a group item here
+        try:
+          category_code   = category_object.getCodification()
+        except AttributeError:
+          category_code = category_object.getReference()
+        if category_code not in code_dict[base_category]:
+          code_dict[base_category].append(category_code)
+        if base_category=='site':
+          category_object = category_object.getParentValue()
+          while category_object.getPortalType()!='Base Category':
+            # LOG('checking category_object:',0,category_object.getRelativeUrl())
+            category_code = category_object.getCodification()
+            if category_code is not None and category_code not in code_dict[base_category]:
+              code_dict[base_category].append(category_code)
+            category_object = category_object.getParentValue()
+        #code_list.append(category_code)
+
+  # Return a list of users or a single group
+  #LOG('asSecurityGroupIdList, user_list',0,user_list)
+  if user_list: return user_list
+
+  # LOG('asSecurityGroupIdList, code_dict',0,code_dict)
+  def getCombinationList(item_list):
+    if len(item_list):
+      result = getCombinationList(item_list[1:])
+      return [item_list[:1] + x for x in result] + result
+    return [[]]
+
+  code_list_of_list = []
+  for base_category in category_order:
+    code_list_of_list.append(code_dict[base_category])
+  full_code_list = []
+  for code_list in cartesianProduct(code_list_of_list):
+    for x in getCombinationList(code_list):
+      if len(x):
+        # we have to sort it to match these in object local roles
+        x.sort()
+        full_code_list.extend(['_'.join(x) ])
+
+  #LOG('asSecurityGroupIdList, result',0,['_'.join(x) for x in getCombinationList(code_list) if len(x)])
+  #return ['_'.join(x) for x in getCombinationList(code_list) if len(x)]
+  #LOG('asSecurityGroupIdList', 0,  'return full_code_list = %s' %(full_code_list,))
+  self.log('full_code_list',full_code_list)
+  return full_code_list

bt5/erp5_dms/LocalRolesTemplateItem/.xml

-<local_roles_item>
- <local_roles>
-  <role id='zope'>
-   <item>Owner</item>
-  </role>
- </local_roles>
- <group_local_roles>
- </group_local_roles>
-</local_roles_item>
\ No newline at end of file

bt5/erp5_dms/PortalTypeRolesTemplateItem/Presentation.xml

 <type_roles>
   <role id='Assignor'>
-   <property id='title'>Team Reviewer</property>
+   <property id='title'>Team Assignor</property>
    <property id='description'>The head of the team who is in charge of reviewing documents published by his team. He is granted special rights on documents produced by his team.</property>
    <property id='condition'>python:not object.getSourceProject()</property>
    <property id='priority'>10</property>
@@ -27,7 +27,7 @@
    <multi_property id='category'></multi_property>
    <multi_property id='base_category'>source_project</multi_property>
   </role>
-  <role id='Assignor'>
+  <role id='Reviewer'>
    <property id='title'>Project Reviewer</property>
    <property id='description'>The head of the project who is in charge of reviewing documents produced by the project before release or publication.</property>
    <property id='condition'>python:object.getSourceProject()</property>
@@ -36,8 +36,8 @@
    <multi_property id='category'>function/project/director</multi_property>
    <multi_property id='base_category'>source_project</multi_property>
   </role>
-  <role id='Associate'>
-   <property id='title'>Team Associates</property>
+  <role id='Anonymous'>
+   <property id='title'>Team Ass</property>
    <property id='description'>All team members have a right to access non restricted documents before their release or publication.</property>
    <property id='condition'>python:not object.isMemberOf('classification/personnal/restricted')</property>
    <property id='priority'>10</property>

bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_asSecurityGroupId.xml

-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <tuple>
-        <tuple>
-          <string>Products.PythonScripts.PythonScript</string>
-          <string>PythonScript</string>
-        </tuple>
-        <none/>
-      </tuple>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>Python_magic</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>Script_magic</string> </key>
-            <value> <int>3</int> </value>
-        </item>
-        <item>
-            <key> <string>__ac_local_roles__</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>_bind_names</string> </key>
-            <value>
-              <object>
-                <klass>
-                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
-                </klass>
-                <tuple/>
-                <state>
-                  <dictionary>
-                    <item>
-                        <key> <string>_asgns</string> </key>
-                        <value>
-                          <dictionary>
-                            <item>
-                                <key> <string>name_container</string> </key>
-                                <value> <string>container</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_context</string> </key>
-                                <value> <string>context</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_m_self</string> </key>
-                                <value> <string>script</string> </value>
-                            </item>
-                            <item>
-                                <key> <string>name_subpath</string> </key>
-                                <value> <string>traverse_subpath</string> </value>
-                            </item>
-                          </dictionary>
-                        </value>
-                    </item>
-                  </dictionary>
-                </state>
-              </object>
-            </value>
-        </item>
-        <item>
-            <key> <string>_body</string> </key>
-            <value> <string># category_order : list of base_categories we want to use to generate the group id\n
-# kw : keys should be base categories,\n
-#      values should be value of corresponding relative urls (obtained by getBaseCategory())\n
-#\n
-# Example call : context.ERP5TypeSecurity_asGroupId(category_order=(\'site\', \'group\', \'function\'),\n
-#                    site=\'france/lille\', group=\'nexedi\', function=\'accounting/accountant\')\n
-# This will generate a string like \'LIL_NXD_ACT\' where "LIL", "NXD" and "ACT" are the codification\n
-#   of respecively "france/lille", "nexedi" and "accounting/accountant" categories\n
-#\n
-# ERP5Type_asSecurityGroupId can also return a list of users whenever a category points\n
-# to a Person instance. This is useful to implement user based local role assignments\n
-\n
-context.log(script.getId(),category_order)\n
-context.log(script.getId(),kw)\n
-\n
-code_list = []\n
-user_list = []\n
-\n
-# sort the category list lexicographically\n
-# this prevents us to choose the exact order we want,\n
-# but also prevents some human mistake to break everything by creating site_function instead of function_site\n
-if category_order not in (None, \'\'):\n
-  category_order = list(category_order)\n
-  category_order.sort()\n
-else:\n
-  category_order = []\n
-\n
-for base_category in category_order:\n
- if kw.has_key(base_category):\n
-  category_list   = kw[base_category]\n
-  if same_type(category_list, \'\'):\n
-    category_list = [category_list]\n
-  for category in category_list:\n
-    category_path   = \'%s/%s\' % (base_category, category)\n
-    category_object = context.portal_categories.getCategoryValue(category_path)\n
-    if category_object in (None, \'\'):\n
-      raise "SecurityRoleDefinitionError", "Category \'%s\' doesn\'t exist" % (category_path)\n
-    if category_object.getPortalType() == \'Person\':\n
-      # We define a person here\n
-      user_name = category_object.getReference()\n
-      if user_name is not None: user_list.append(user_name)\n
-    elif category_object.getPortalType() == \'Project\':\n
-      # We use the project reference as a group\n
-      category_code = category_object.getReference(category_object.getTitle())\n
-      code_list.append(category_code)\n
-    else:\n
-      # We define a group item here\n
-      category_code   = category_object.getCodification() or category_object.getId()\n
-      code_list.append(category_code)\n
-\n
-# Return a list of users or a single group\n
-if user_list: \n
-  context.log(\'user_list\',user_list)\n
-  return user_list\n
-context.log(\'code_list\',code_list)\n
-return \'_\'.join(code_list)\n
-</string> </value>
-        </item>
-        <item>
-            <key> <string>_code</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>_filepath</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>_params</string> </key>
-            <value> <string>category_order, **kw</string> </value>
-        </item>
-        <item>
-            <key> <string>errors</string> </key>
-            <value>
-              <tuple/>
-            </value>
-        </item>
-        <item>
-            <key> <string>func_code</string> </key>
-            <value>
-              <object>
-                <klass>
-                  <global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
-                </klass>
-                <tuple/>
-                <state>
-                  <dictionary>
-                    <item>
-                        <key> <string>co_argcount</string> </key>
-                        <value> <int>1</int> </value>
-                    </item>
-                    <item>
-                        <key> <string>co_varnames</string> </key>
-                        <value>
-                          <tuple>
-                            <string>category_order</string>
-                            <string>kw</string>
-                            <string>_getattr_</string>
-                            <string>context</string>
-                            <string>script</string>
-                            <string>code_list</string>
-                            <string>user_list</string>
-                            <string>None</string>
-                            <string>list</string>
-                            <string>_getiter_</string>
-                            <string>base_category</string>
-                            <string>_getitem_</string>
-                            <string>category_list</string>
-                            <string>same_type</string>
-                            <string>category</string>
-                            <string>category_path</string>
-                            <string>category_object</string>
-                            <string>user_name</string>
-                            <string>category_code</string>
-                          </tuple>
-                        </value>
-                    </item>
-                  </dictionary>
-                </state>
-              </object>
-            </value>
-        </item>
-        <item>
-            <key> <string>func_defaults</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>ERP5Type_asSecurityGroupId</string> </value>
-        </item>
-        <item>
-            <key> <string>warnings</string> </key>
-            <value>
-              <tuple/>
-            </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>

bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/OOoDocument_view/my_function.xml

@@ -3,8 +3,11 @@
   <record id="1" aka="AAAAAAAAAAE=">
     <pickle>
       <tuple>
-        <global name="ListField" module="Products.Formulator.StandardFields"/>
-        <tuple/>
+        <tuple>
+          <string>Products.Formulator.StandardFields</string>
+          <string>ListField</string>
+        </tuple>
+        <none/>
       </tuple>
     </pickle>
     <pickle>
@@ -280,7 +283,7 @@
       <dictionary>
         <item>
             <key> <string>_text</string> </key>
-            <value> <string>python:not here.getAgent()</string> </value>
+            <value> <string>python:1#not here.getAgent()</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/OOoDocument_view/my_group.xml

@@ -3,8 +3,11 @@
   <record id="1" aka="AAAAAAAAAAE=">
     <pickle>
       <tuple>
-        <global name="ListField" module="Products.Formulator.StandardFields"/>
-        <tuple/>
+        <tuple>
+          <string>Products.Formulator.StandardFields</string>
+          <string>ListField</string>
+        </tuple>
+        <none/>
       </tuple>
     </pickle>
     <pickle>
@@ -280,7 +283,7 @@
       <dictionary>
         <item>
             <key> <string>_text</string> </key>
-            <value> <string>python:not here.getAgent()</string> </value>
+            <value> <string>python:1#not here.getAgent()</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/OOoDocument_view/my_site.xml

@@ -3,8 +3,11 @@
   <record id="1" aka="AAAAAAAAAAE=">
     <pickle>
       <tuple>
-        <global name="ListField" module="Products.Formulator.StandardFields"/>
-        <tuple/>
+        <tuple>
+          <string>Products.Formulator.StandardFields</string>
+          <string>ListField</string>
+        </tuple>
+        <none/>
       </tuple>
     </pickle>
     <pickle>
@@ -280,7 +283,7 @@
       <dictionary>
         <item>
             <key> <string>_text</string> </key>
-            <value> <string>python:not here.getAgent()</string> </value>
+            <value> <string>python:1 #not here.getAgent()</string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/local_permission_workflow.xml → bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms_patch/ERP5Type_asSecurityGroupId.xml

@@ -4,8 +4,8 @@
     <pickle>
       <tuple>
         <tuple>
-          <string>Products.ERP5.InteractionWorkflow</string>
-          <string>InteractionWorkflowDefinition</string>
+          <string>Products.ExternalMethod.ExternalMethod</string>
+          <string>ExternalMethod</string>
         </tuple>
         <none/>
       </tuple>
@@ -19,30 +19,20 @@
             </value>
         </item>
         <item>
-            <key> <string>_objects</string> </key>
-            <value>
-              <tuple/>
-            </value>
+            <key> <string>_function</string> </key>
+            <value> <string>asSecurityGroupId</string> </value>
         </item>
         <item>
-            <key> <string>_owner</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>groups</string> </key>
-            <value>
-              <tuple/>
-            </value>
+            <key> <string>_module</string> </key>
+            <value> <string>asSecurityGroupId</string> </value>
         </item>
         <item>
             <key> <string>id</string> </key>
-            <value> <string>local_permission_workflow</string> </value>
+            <value> <string>ERP5Type_asSecurityGroupId</string> </value>
         </item>
         <item>
             <key> <string>title</string> </key>
-            <value> <string>Local Permission Workflow</string> </value>
+            <value> <string></string> </value>
         </item>
       </dictionary>
     </pickle>

bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms_patch/ERP5Type_asSecurityGroupIdList.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Products.ExternalMethod.ExternalMethod</string>
+          <string>ExternalMethod</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>__ac_local_roles__</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>_function</string> </key>
+            <value> <string>asSecurityGroupIdList</string> </value>
+        </item>
+        <item>
+            <key> <string>_module</string> </key>
+            <value> <string>asSecurityGroupIdList</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>ERP5Type_asSecurityGroupIdList</string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string></string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_dms/bt/change_log

+2006-07-24
+* made all the security system work (!!! required a change to ERP5Type.py and to destination_project base cat., not in svn yet)
+
 2006-02-22 BG
 * finished (and renamed) local roles interaction workflow
 * assigned portal types to appropriate workflows

bt5/erp5_dms/bt/copyright_list

+Nexedi
\ No newline at end of file

bt5/erp5_dms/bt/dependency_list

+erp5_project
\ No newline at end of file

bt5/erp5_dms/bt/maintainer_list

+jp
+kevin
+bartek
\ No newline at end of file

bt5/erp5_dms/bt/template_extension_id_list

+asSecurityGroupIdList
+asSecurityGroupId
\ No newline at end of file

bt5/erp5_dms/bt/version

-0.61
\ No newline at end of file
+0.62
\ No newline at end of file