Commit 6fa904ff authored by Bartek Górny's avatar Bartek Górny

Implemented basic security settings (6 policies)

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@11041 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent ada49245
<type_roles>
<role id='Associate'>
<property id='title'>Project Assignees</property>
<property id='description'>Policy: personal/project
<property id='title'>Project Associates</property>
<property id='description'>Policy: */project
Rule: all project members have a right to access document once it has been shared or released</property>
<property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
<property id='condition'>python:object.Document_policyApplies('*/project')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Assignor'>
<property id='title'>P/P - Project Director</property>
<property id='description'>Policy: personal/project
<property id='title'>Project Director</property>
<property id='description'>Policy: */project
Rule: project director is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
<property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
<property id='condition'>python:object.Document_policyApplies('*/project')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'>function/project/director</multi_property>
<multi_property id='category'>function/knowledge/manager</multi_property>
<multi_property id='base_category'>source_project</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignee'>
<property id='title'>P/P - Project Owner</property>
<property id='description'>Policy: personal/project
Rule: the creator is Assignee - can edit the doc and share it with the team</property>
<property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
<property id='title'>Owner</property>
<property id='description'>Policy: */*
Rule: the creator is Assignee - can edit the doc and submit it</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromUser</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>reference</multi_property>
</role>
<role id='Auditor'>
<property id='title'>P/P - Organisation members</property>
<property id='description'>Policy: personal/project
Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)</property>
<property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
<property id='title'>Organisation members</property>
<property id='description'>Policy: */*
Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)
This does not apply if it is a project document and does not have a project</property>
<property id='condition'>python: not object.Document_policyApplies('*/restricted') and (object.Document_policyApplies('*/project') or not object.Document_policyApplies('*/project',True) )</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Project Collaborators</property>
<property id='description'>Policy: collaborative/project
Rule: all members of project team can edit the document before it is submitted, and can submit it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/project')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Team Director</property>
<property id='description'>Policy: */team
Rule: team manager is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
<property id='condition'>python:object.Document_policyApplies('*/team')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<multi_property id='category'>function/knowledge/manager</multi_property>
<multi_property id='base_category'>group</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Associate'>
<property id='title'>Team Associates</property>
<property id='description'>Policy: */team
Rule: all team members have a right to access document once it has been shared or released</property>
<property id='condition'>python:object.Document_policyApplies('*/team')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Team Collaborators</property>
<property id='description'>Policy: collaborative/team
Rule: all members of the team can edit the document before it is submitted, and can submit it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/team')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Public Collaborators</property>
<property id='description'>Policy: collaborative/public
Rule: everyone in the organisation (root group) can edit the doc before it is submitted, and can suggest its publication</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Public Reviewer</property>
<property id='description'>Policy: collaborative/public
Rule: any person with knowledge/manager role can publish the document and manage access rights to it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
<multi_property id='category'>function/knowledge/manager</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
</type_roles>
\ No newline at end of file
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<tuple>
<string>Products.PythonScripts.PythonScript</string>
<string>PythonScript</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Python_magic</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>__ac_local_roles__</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>klass=context.getClassification()\n
if klass is None:return False\n
kl=klass.split(\'/\')\n
\n
if len(kl)==1:\n
# personal = personal/restricted\n
if kl[0]==\'personal\':kl.append(\'restricted\')\n
# collaborative = collaborative/team\n
if kl[0]==\'collaborative\':kl.append(\'team\')\n
\n
# personal/restricted is unconditional\n
if kl==[\'personal,restricted\']:\n
return policy==\'personal/restricted\'\n
\n
pol=policy.split(\'/\')\n
\n
\n
if not membershiponly:\n
# project policies do not apply if we don\'t have source_project\n
if pol[1]==\'project\':\n
if context.getSourceProject()==None:\n
return False\n
\n
# if all conditions are met, check if the policy is ok (wildcards are ok)\n
return (pol[0] in (\'*\',kl[0])) and (pol[1] in (\'*\',kl[1]))\n
</string> </value>
</item>
<item>
<key> <string>_code</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_filepath</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_owner</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>policy,membershiponly=False</string> </value>
</item>
<item>
<key> <string>errors</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>func_code</string> </key>
<value>
<object>
<klass>
<global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>2</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>policy</string>
<string>membershiponly</string>
<string>_getattr_</string>
<string>context</string>
<string>klass</string>
<string>None</string>
<string>False</string>
<string>kl</string>
<string>len</string>
<string>_getitem_</string>
<string>pol</string>
</tuple>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>func_defaults</string> </key>
<value>
<tuple>
<int>0</int>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Document_policyApplies</string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
<value>
<tuple/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -74,7 +74,6 @@
<string>Assignee</string>
<string>Assignor</string>
<string>Associate</string>
<string>Auditor</string>
<string>Manager</string>
<string>Owner</string>
</tuple>
......@@ -113,7 +112,6 @@
<string>Assignee</string>
<string>Assignor</string>
<string>Associate</string>
<string>Auditor</string>
<string>Manager</string>
<string>Owner</string>
</tuple>
......
......@@ -42,8 +42,6 @@
<tuple>
<string>cancel</string>
<string>cancel_action</string>
<string>share</string>
<string>share_action</string>
<string>submit</string>
<string>submit_action</string>
</tuple>
......
......@@ -48,10 +48,6 @@
<tuple>
<string>archive</string>
<string>archive_action</string>
<string>retract</string>
<string>retract_action</string>
<string>submit</string>
<string>submit_action</string>
</tuple>
</value>
</item>
......
......@@ -48,6 +48,8 @@
<string>reject_action</string>
<string>release</string>
<string>release_action</string>
<string>share</string>
<string>share_action</string>
</tuple>
</value>
</item>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<tuple>
<string>Products.DCWorkflow.Transitions</string>
<string>TransitionDefinition</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>__ac_local_roles__</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_owner</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>actbox_category</string> </key>
<value> <string>workflow</string> </value>
</item>
<item>
<key> <string>actbox_name</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>actbox_url</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>after_script_name</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>description</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>guard</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>retract</string> </value>
</item>
<item>
<key> <string>new_state_id</string> </key>
<value> <string>draft</string> </value>
</item>
<item>
<key> <string>script_name</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>trigger_type</string> </key>
<value> <int>2</int> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<tuple>
<string>Products.DCWorkflow.Transitions</string>
<string>TransitionDefinition</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>__ac_local_roles__</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>_owner</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>actbox_category</string> </key>
<value> <string>workflow</string> </value>
</item>
<item>
<key> <string>actbox_name</string> </key>
<value> <string>Retract</string> </value>
</item>
<item>
<key> <string>actbox_url</string> </key>
<value> <string>%(content_url)s/BaseWorkflow_viewWorkflowActionDialog?workflow_action=retract_action</string> </value>
</item>
<item>
<key> <string>after_script_name</string> </key>
<value> <string>retract</string> </value>
</item>
<item>
<key> <string>description</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>guard</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>retract_action</string> </value>
</item>
<item>
<key> <string>new_state_id</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>script_name</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>trigger_type</string> </key>
<value> <int>1</int> </value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<tuple>
<tuple>
<string>Products.DCWorkflow.Guard</string>
<string>Guard</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>roles</string> </key>
<value>
<tuple>
<string>Assignee</string>
<string>Owner</string>
</tuple>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -95,8 +95,7 @@
<key> <string>roles</string> </key>
<value>
<tuple>
<string>Assignee</string>
<string>Owner</string>
<string>Assignor</string>
</tuple>
</value>
</item>
......@@ -117,7 +116,7 @@
<dictionary>
<item>
<key> <string>text</string> </key>
<value> <string>python:here.isMemberOf(\'classification/personal\')</string> </value>
<value> <string>python:here.Document_policyApplies(\'personal/*\')</string> </value>
</item>
</dictionary>
</pickle>
......
......@@ -79,6 +79,12 @@
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>expr</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
<item>
<key> <string>roles</string> </key>
<value>
......@@ -91,4 +97,23 @@
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<tuple>
<tuple>
<string>Products.CMFCore.Expression</string>
<string>Expression</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>text</string> </key>
<value> <string>python:not here.Document_policyApplies(\'*/restricted\')</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
2006-11-01
Implemented basic security settings (6 policies)
2006-10-30
Removed "collaborated", added "shared"
Implemented "personal/project" security classification
......
erp5_project
\ No newline at end of file
290
\ No newline at end of file
292
\ No newline at end of file
0.81
\ No newline at end of file
0.82
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment