Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
21
Merge Requests
21
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
slapos.core
Commits
40e29fa4
Commit
40e29fa4
authored
Dec 12, 2020
by
Rafael Monnerat
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
slapos_erp5: Update Security on Organisation and Projects
Move access into assignment based security
parent
1aa79918
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
21 additions
and
24 deletions
+21
-24
master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation.xml
.../slapos_erp5/PortalTypeRolesTemplateItem/Organisation.xml
+8
-0
master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml
...r/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml
+6
-5
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
...l_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+7
-19
No files found.
master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Organisation.xml
View file @
40e29fa4
...
@@ -7,9 +7,17 @@
...
@@ -7,9 +7,17 @@
</role>
</role>
<role
id=
'Auditor'
>
<role
id=
'Auditor'
>
<property
id=
'title'
>
Member
</property>
<property
id=
'title'
>
Member
</property>
<property
id=
'description'
>
User can only see SlapOS company for invoice purposes.
</property>
<property
id=
'condition'
>
python: here.getGroup() == "company"
</property>
<multi_property
id=
'category'
>
role/member
</multi_property>
<multi_property
id=
'category'
>
role/member
</multi_property>
<multi_property
id=
'base_category'
>
role
</multi_property>
<multi_property
id=
'base_category'
>
role
</multi_property>
</role>
</role>
<role
id=
'Assignee'
>
<property
id=
'title'
>
Organisation Member
</property>
<property
id=
'base_category_script'
>
ERP5Type_getSecurityCategoryFromSelf
</property>
<multi_property
id=
'categories'
>
local_role_group/organisation
</multi_property>
<multi_property
id=
'base_category'
>
destination
</multi_property>
</role>
<role
id=
'Assignee'
>
<role
id=
'Assignee'
>
<property
id=
'title'
>
Person Owner
</property>
<property
id=
'title'
>
Person Owner
</property>
<property
id=
'description'
>
XXXX Review this later
</property>
<property
id=
'description'
>
XXXX Review this later
</property>
...
...
master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Project.xml
View file @
40e29fa4
...
@@ -5,11 +5,6 @@
...
@@ -5,11 +5,6 @@
<multi_property
id=
'category'
>
group/company
</multi_property>
<multi_property
id=
'category'
>
group/company
</multi_property>
<multi_property
id=
'base_category'
>
group
</multi_property>
<multi_property
id=
'base_category'
>
group
</multi_property>
</role>
</role>
<role
id=
'Auditor'
>
<property
id=
'title'
>
Member
</property>
<multi_property
id=
'category'
>
role/member
</multi_property>
<multi_property
id=
'base_category'
>
role
</multi_property>
</role>
<role
id=
'Assignee'
>
<role
id=
'Assignee'
>
<property
id=
'title'
>
Person Owner
</property>
<property
id=
'title'
>
Person Owner
</property>
<property
id=
'description'
>
XXXX Review this later
</property>
<property
id=
'description'
>
XXXX Review this later
</property>
...
@@ -23,4 +18,10 @@
...
@@ -23,4 +18,10 @@
<multi_property
id=
'category'
>
role/shadow/person
</multi_property>
<multi_property
id=
'category'
>
role/shadow/person
</multi_property>
<multi_property
id=
'base_category'
>
role
</multi_property>
<multi_property
id=
'base_category'
>
role
</multi_property>
</role>
</role>
<role
id=
'Assignee'
>
<property
id=
'title'
>
Project Member
</property>
<property
id=
'base_category_script'
>
ERP5Type_getSecurityCategoryFromSelf
</property>
<multi_property
id=
'categories'
>
local_role_group/project
</multi_property>
<multi_property
id=
'base_category'
>
destination_project
</multi_property>
</role>
</type_roles>
</type_roles>
\ No newline at end of file
master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
View file @
40e29fa4
...
@@ -371,8 +371,6 @@ class TestDrawing(TestSlapOSGroupRoleSecurityMixin):
...
@@ -371,8 +371,6 @@ class TestDrawing(TestSlapOSGroupRoleSecurityMixin):
self
.
assertRoles
(
drawing
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
drawing
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
drawing
,
self
.
user_id
,
[
'Owner'
])
self
.
assertRoles
(
drawing
,
self
.
user_id
,
[
'Owner'
])
test_GroupCompany
=
test_SecurityForShacache
class
TestFile
(
TestSlapOSGroupRoleSecurityMixin
):
class
TestFile
(
TestSlapOSGroupRoleSecurityMixin
):
def
test_SecurityForShacache
(
self
):
def
test_SecurityForShacache
(
self
):
file_
=
self
.
portal
.
document_module
.
newContent
(
portal_type
=
'File'
)
file_
=
self
.
portal
.
document_module
.
newContent
(
portal_type
=
'File'
)
...
@@ -387,8 +385,6 @@ class TestFile(TestSlapOSGroupRoleSecurityMixin):
...
@@ -387,8 +385,6 @@ class TestFile(TestSlapOSGroupRoleSecurityMixin):
self
.
assertRoles
(
file_
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
file_
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
file_
,
self
.
user_id
,
[
'Owner'
])
self
.
assertRoles
(
file_
,
self
.
user_id
,
[
'Owner'
])
test_GroupCompany
=
test_SecurityForShacache
class
TestHostingSubscription
(
TestSlapOSGroupRoleSecurityMixin
):
class
TestHostingSubscription
(
TestSlapOSGroupRoleSecurityMixin
):
def
test_RelatedSoftwareInstanceGroup
(
self
):
def
test_RelatedSoftwareInstanceGroup
(
self
):
reference
=
'TESTHS-%s'
%
self
.
generateNewId
()
reference
=
'TESTHS-%s'
%
self
.
generateNewId
()
...
@@ -445,8 +441,6 @@ class TestImage(TestSlapOSGroupRoleSecurityMixin):
...
@@ -445,8 +441,6 @@ class TestImage(TestSlapOSGroupRoleSecurityMixin):
self
.
assertRoles
(
image
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
image
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
image
,
self
.
user_id
,
[
'Owner'
])
self
.
assertRoles
(
image
,
self
.
user_id
,
[
'Owner'
])
test_GroupCompany
=
test_SecurityForShacache
class
TestImageModule
(
TestSlapOSGroupRoleSecurityMixin
):
class
TestImageModule
(
TestSlapOSGroupRoleSecurityMixin
):
def
test
(
self
):
def
test
(
self
):
module
=
self
.
portal
.
image_module
module
=
self
.
portal
.
image_module
...
@@ -463,11 +457,12 @@ class TestOrganisation(TestSlapOSGroupRoleSecurityMixin):
...
@@ -463,11 +457,12 @@ class TestOrganisation(TestSlapOSGroupRoleSecurityMixin):
def
test_GroupCompany
(
self
):
def
test_GroupCompany
(
self
):
organisation
=
self
.
portal
.
organisation_module
.
newContent
(
organisation
=
self
.
portal
.
organisation_module
.
newContent
(
portal_type
=
'Organisation'
)
portal_type
=
'Organisation'
)
organisation
.
setReference
(
"TESTORG-%s"
%
self
.
generateNewId
())
organisation
.
updateLocalRolesOnSecurityGroups
()
organisation
.
updateLocalRolesOnSecurityGroups
()
self
.
assertSecurityGroup
(
organisation
,
self
.
assertSecurityGroup
(
organisation
,
[
'G-COMPANY'
,
self
.
user_id
,
'R-MEMBER'
,
'R-SHADOW-PERSON'
],
False
)
[
'G-COMPANY'
,
self
.
user_id
,
organisation
.
getReference
()
,
'R-SHADOW-PERSON'
],
False
)
self
.
assertRoles
(
organisation
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
organisation
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
organisation
,
'R-MEMBER'
,
[
'Auditor
'
])
self
.
assertRoles
(
organisation
,
organisation
.
getReference
(),
[
'Assignee
'
])
self
.
assertRoles
(
organisation
,
'R-SHADOW-PERSON'
,
[
'Auditor'
])
self
.
assertRoles
(
organisation
,
'R-SHADOW-PERSON'
,
[
'Auditor'
])
self
.
assertRoles
(
organisation
,
self
.
user_id
,
[
'Owner'
,
'Assignee'
])
self
.
assertRoles
(
organisation
,
self
.
user_id
,
[
'Owner'
,
'Assignee'
])
...
@@ -498,14 +493,15 @@ class TestProjectModule(TestSlapOSGroupRoleSecurityMixin):
...
@@ -498,14 +493,15 @@ class TestProjectModule(TestSlapOSGroupRoleSecurityMixin):
self
.
assertRoles
(
module
,
self
.
user_id
,
[
'Owner'
])
self
.
assertRoles
(
module
,
self
.
user_id
,
[
'Owner'
])
class
TestProject
(
TestSlapOSGroupRoleSecurityMixin
):
class
TestProject
(
TestSlapOSGroupRoleSecurityMixin
):
def
test_GroupCompany
(
self
):
def
test
(
self
):
project
=
self
.
portal
.
project_module
.
newContent
(
project
=
self
.
portal
.
project_module
.
newContent
(
portal_type
=
'Project'
)
portal_type
=
'Project'
)
project
.
updateLocalRolesOnSecurityGroups
()
project
.
updateLocalRolesOnSecurityGroups
()
self
.
assertSecurityGroup
(
project
,
self
.
assertSecurityGroup
(
project
,
[
'G-COMPANY'
,
self
.
user_id
,
'R-MEMBER'
,
'R-SHADOW-PERSON'
],
False
)
[
'G-COMPANY'
,
self
.
user_id
,
project
.
getReference
()
,
'R-SHADOW-PERSON'
],
False
)
self
.
assertRoles
(
project
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
project
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
project
,
'R-MEMBER'
,
[
'Auditor
'
])
self
.
assertRoles
(
project
,
project
.
getReference
(),
[
'Assignee
'
])
self
.
assertRoles
(
project
,
'R-SHADOW-PERSON'
,
[
'Auditor'
])
self
.
assertRoles
(
project
,
'R-SHADOW-PERSON'
,
[
'Auditor'
])
self
.
assertRoles
(
project
,
self
.
user_id
,
[
'Owner'
,
'Assignee'
])
self
.
assertRoles
(
project
,
self
.
user_id
,
[
'Owner'
,
'Assignee'
])
...
@@ -523,8 +519,6 @@ class TestPDF(TestSlapOSGroupRoleSecurityMixin):
...
@@ -523,8 +519,6 @@ class TestPDF(TestSlapOSGroupRoleSecurityMixin):
self
.
assertRoles
(
pdf
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
pdf
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
pdf
,
self
.
user_id
,
[
'Owner'
])
self
.
assertRoles
(
pdf
,
self
.
user_id
,
[
'Owner'
])
test_GroupCompany
=
test_SecurityForShacache
class
TestPerson
(
TestSlapOSGroupRoleSecurityMixin
):
class
TestPerson
(
TestSlapOSGroupRoleSecurityMixin
):
def
test_GroupCompany
(
self
):
def
test_GroupCompany
(
self
):
person
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
)
person
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
)
...
@@ -645,8 +639,6 @@ class TestPresentation(TestSlapOSGroupRoleSecurityMixin):
...
@@ -645,8 +639,6 @@ class TestPresentation(TestSlapOSGroupRoleSecurityMixin):
self
.
assertRoles
(
presentation
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
presentation
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
presentation
,
self
.
user_id
,
[
'Owner'
])
self
.
assertRoles
(
presentation
,
self
.
user_id
,
[
'Owner'
])
test_GroupCompany
=
test_SecurityForShacache
class
TestSlaveInstance
(
TestSlapOSGroupRoleSecurityMixin
):
class
TestSlaveInstance
(
TestSlapOSGroupRoleSecurityMixin
):
def
test_GroupCompany
(
self
):
def
test_GroupCompany
(
self
):
instance
=
self
.
portal
.
software_instance_module
.
newContent
(
instance
=
self
.
portal
.
software_instance_module
.
newContent
(
...
@@ -898,8 +890,6 @@ class TestSpreadsheet(TestSlapOSGroupRoleSecurityMixin):
...
@@ -898,8 +890,6 @@ class TestSpreadsheet(TestSlapOSGroupRoleSecurityMixin):
self
.
assertRoles
(
spreadsheet
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
spreadsheet
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
spreadsheet
,
self
.
user_id
,
[
'Owner'
])
self
.
assertRoles
(
spreadsheet
,
self
.
user_id
,
[
'Owner'
])
test_GroupCompany
=
test_SecurityForShacache
class
TestText
(
TestSlapOSGroupRoleSecurityMixin
):
class
TestText
(
TestSlapOSGroupRoleSecurityMixin
):
def
test_SecurityForShacache
(
self
):
def
test_SecurityForShacache
(
self
):
text
=
self
.
portal
.
document_module
.
newContent
(
text
=
self
.
portal
.
document_module
.
newContent
(
...
@@ -915,8 +905,6 @@ class TestText(TestSlapOSGroupRoleSecurityMixin):
...
@@ -915,8 +905,6 @@ class TestText(TestSlapOSGroupRoleSecurityMixin):
self
.
assertRoles
(
text
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
text
,
'G-COMPANY'
,
[
'Assignor'
])
self
.
assertRoles
(
text
,
self
.
user_id
,
[
'Owner'
])
self
.
assertRoles
(
text
,
self
.
user_id
,
[
'Owner'
])
test_GroupCompany
=
test_SecurityForShacache
class
TestContributionTool
(
TestSlapOSGroupRoleSecurityMixin
):
class
TestContributionTool
(
TestSlapOSGroupRoleSecurityMixin
):
def
test
(
self
):
def
test
(
self
):
module
=
self
.
portal
.
portal_contributions
module
=
self
.
portal
.
portal_contributions
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment