From 40e29fa41d86a96877e23cc307a81a3141bff77d Mon Sep 17 00:00:00 2001 From: Rafael Monnerat <rafael@nexedi.com> Date: Sat, 12 Dec 2020 17:55:48 +0000 Subject: [PATCH] slapos_erp5: Update Security on Organisation and Projects Move access into assignment based security --- .../Organisation.xml | 8 ++++++ .../PortalTypeRolesTemplateItem/Project.xml | 11 ++++---- ...st.erp5.testSlapOSERP5GroupRoleSecurity.py | 26 +++++-------------- 3 files changed, 21 insertions(+), 24 deletions(-) diff --git a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation.xml b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation.xml index 821ff80fd..e8975992b 100644 --- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation.xml +++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation.xml @@ -7,9 +7,17 @@ </role> <role id='Auditor'> <property id='title'>Member</property> + <property id='description'>User can only see SlapOS company for invoice purposes.</property> + <property id='condition'>python: here.getGroup() == "company"</property> <multi_property id='category'>role/member</multi_property> <multi_property id='base_category'>role</multi_property> </role> + <role id='Assignee'> + <property id='title'>Organisation Member</property> + <property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property> + <multi_property id='categories'>local_role_group/organisation</multi_property> + <multi_property id='base_category'>destination</multi_property> + </role> <role id='Assignee'> <property id='title'>Person Owner</property> <property id='description'>XXXX Review this later</property> diff --git a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml index 821ff80fd..a31548b56 100644 --- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml +++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml @@ -5,11 +5,6 @@ <multi_property id='category'>group/company</multi_property> <multi_property id='base_category'>group</multi_property> </role> - <role id='Auditor'> - <property id='title'>Member</property> - <multi_property id='category'>role/member</multi_property> - <multi_property id='base_category'>role</multi_property> - </role> <role id='Assignee'> <property id='title'>Person Owner</property> <property id='description'>XXXX Review this later</property> @@ -23,4 +18,10 @@ <multi_property id='category'>role/shadow/person</multi_property> <multi_property id='base_category'>role</multi_property> </role> + <role id='Assignee'> + <property id='title'>Project Member</property> + <property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property> + <multi_property id='categories'>local_role_group/project</multi_property> + <multi_property id='base_category'>destination_project</multi_property> + </role> </type_roles> \ No newline at end of file diff --git a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py index c0452b1b0..77a040efc 100644 --- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py +++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py @@ -371,8 +371,6 @@ class TestDrawing(TestSlapOSGroupRoleSecurityMixin): self.assertRoles(drawing, 'G-COMPANY', ['Assignor']) self.assertRoles(drawing, self.user_id, ['Owner']) - test_GroupCompany = test_SecurityForShacache - class TestFile(TestSlapOSGroupRoleSecurityMixin): def test_SecurityForShacache(self): file_ = self.portal.document_module.newContent(portal_type='File') @@ -387,8 +385,6 @@ class TestFile(TestSlapOSGroupRoleSecurityMixin): self.assertRoles(file_, 'G-COMPANY', ['Assignor']) self.assertRoles(file_, self.user_id, ['Owner']) - test_GroupCompany = test_SecurityForShacache - class TestHostingSubscription(TestSlapOSGroupRoleSecurityMixin): def test_RelatedSoftwareInstanceGroup(self): reference = 'TESTHS-%s' % self.generateNewId() @@ -445,8 +441,6 @@ class TestImage(TestSlapOSGroupRoleSecurityMixin): self.assertRoles(image, 'G-COMPANY', ['Assignor']) self.assertRoles(image, self.user_id, ['Owner']) - test_GroupCompany = test_SecurityForShacache - class TestImageModule(TestSlapOSGroupRoleSecurityMixin): def test(self): module = self.portal.image_module @@ -463,11 +457,12 @@ class TestOrganisation(TestSlapOSGroupRoleSecurityMixin): def test_GroupCompany(self): organisation = self.portal.organisation_module.newContent( portal_type='Organisation') + organisation.setReference("TESTORG-%s" % self.generateNewId()) organisation.updateLocalRolesOnSecurityGroups() self.assertSecurityGroup(organisation, - ['G-COMPANY', self.user_id, 'R-MEMBER', 'R-SHADOW-PERSON'], False) + ['G-COMPANY', self.user_id, organisation.getReference(), 'R-SHADOW-PERSON'], False) self.assertRoles(organisation, 'G-COMPANY', ['Assignor']) - self.assertRoles(organisation, 'R-MEMBER', ['Auditor']) + self.assertRoles(organisation, organisation.getReference(), ['Assignee']) self.assertRoles(organisation, 'R-SHADOW-PERSON', ['Auditor']) self.assertRoles(organisation, self.user_id, ['Owner', 'Assignee']) @@ -498,14 +493,15 @@ class TestProjectModule(TestSlapOSGroupRoleSecurityMixin): self.assertRoles(module, self.user_id, ['Owner']) class TestProject(TestSlapOSGroupRoleSecurityMixin): - def test_GroupCompany(self): + + def test(self): project = self.portal.project_module.newContent( portal_type='Project') project.updateLocalRolesOnSecurityGroups() self.assertSecurityGroup(project, - ['G-COMPANY', self.user_id, 'R-MEMBER', 'R-SHADOW-PERSON'], False) + ['G-COMPANY', self.user_id, project.getReference(), 'R-SHADOW-PERSON'], False) self.assertRoles(project, 'G-COMPANY', ['Assignor']) - self.assertRoles(project, 'R-MEMBER', ['Auditor']) + self.assertRoles(project, project.getReference(), ['Assignee']) self.assertRoles(project, 'R-SHADOW-PERSON', ['Auditor']) self.assertRoles(project, self.user_id, ['Owner', 'Assignee']) @@ -523,8 +519,6 @@ class TestPDF(TestSlapOSGroupRoleSecurityMixin): self.assertRoles(pdf, 'G-COMPANY', ['Assignor']) self.assertRoles(pdf, self.user_id, ['Owner']) - test_GroupCompany = test_SecurityForShacache - class TestPerson(TestSlapOSGroupRoleSecurityMixin): def test_GroupCompany(self): person = self.portal.person_module.newContent(portal_type='Person') @@ -645,8 +639,6 @@ class TestPresentation(TestSlapOSGroupRoleSecurityMixin): self.assertRoles(presentation, 'G-COMPANY', ['Assignor']) self.assertRoles(presentation, self.user_id, ['Owner']) - test_GroupCompany = test_SecurityForShacache - class TestSlaveInstance(TestSlapOSGroupRoleSecurityMixin): def test_GroupCompany(self): instance = self.portal.software_instance_module.newContent( @@ -898,8 +890,6 @@ class TestSpreadsheet(TestSlapOSGroupRoleSecurityMixin): self.assertRoles(spreadsheet, 'G-COMPANY', ['Assignor']) self.assertRoles(spreadsheet, self.user_id, ['Owner']) - test_GroupCompany = test_SecurityForShacache - class TestText(TestSlapOSGroupRoleSecurityMixin): def test_SecurityForShacache(self): text = self.portal.document_module.newContent( @@ -915,8 +905,6 @@ class TestText(TestSlapOSGroupRoleSecurityMixin): self.assertRoles(text, 'G-COMPANY', ['Assignor']) self.assertRoles(text, self.user_id, ['Owner']) - test_GroupCompany = test_SecurityForShacache - class TestContributionTool(TestSlapOSGroupRoleSecurityMixin): def test(self): module = self.portal.portal_contributions -- 2.30.9