slapos_erp5: Allow SHADOW user to access and create Sale Invoices

On the subscription process, we would like the user (as anonymous), be able to pay before Join.

slapos_erp5: Allow SHADOW user to access and create Sale Invoices
On the subscription process, we would like the user (as anonymous), be able to pay before Join.
f5307013 · Rafael Monnerat · 24bffc4c · f5307013 · f5307013 · f5307013
Commit f5307013 authored Aug 08, 2018 by Rafael Monnerat
7 changed files
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module.xml
@@ -8,7 +8,12 @@
   <item>Auditor</item>
  </role>
  <role id='R-SHADOW-PERSON'>
-   <item>Auditor</item>
+   <item>Assignor</item>
  </role>
 </local_roles>
+ <local_role_group_ids>
+  <local_role_group_id id='shadow'>
+    <principal id='R-SHADOW-PERSON'>Assignor</principal>
+  </local_role_group_id>
+ </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/LocalRolesTemplateItem/organisation_module.xml
+++ b/master/bt5/slapos_erp5/LocalRolesTemplateItem/organisation_module.xml
@@ -15,4 +15,13 @@
   <item>Auditor</item>
  </role>
 </local_roles>
+ <local_role_group_ids>
+  <local_role_group_id id='group'>
+    <principal id='G-COMPANY'>Auditor</principal>
+    <principal id='G-COMPANY'>Author</principal>
+  </local_role_group_id>
+  <local_role_group_id id='shadow'>
+    <principal id='R-SHADOW-PERSON'>Auditor</principal>
+  </local_role_group_id>
+ </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Transaction%20Module.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Transaction%20Module.xml
@@ -9,8 +9,9 @@
   <multi_property id='category'>role/member</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>
-  <role id='Auditor'>
+  <role id='Assignor'>
   <property id='title'>Person Shadow</property>
+   <multi_property id='categories'>local_role_group/shadow</multi_property>
   <multi_property id='category'>role/shadow/person</multi_property>
   <multi_property id='base_category'>role</multi_property>
  </role>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payment%20Transaction.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payment%20Transaction.xml
 <type_roles>
  <role id='Assignor'>
   <property id='title'>Group company</property>
+   <multi_property id='categories'>local_role_group/shadow</multi_property>
   <multi_property id='category'>group/company</multi_property>
   <multi_property id='base_category'>group</multi_property>
  </role>
+  <role id='Auditor'>
+   <property id='title'>Person Shadow</property>
+   <multi_property id='category'>role/shadow/person</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
  <role id='Auditor'>
   <property id='title'>Shadow User</property>
   <property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>
   <property id='base_category_script'>PaymentTransactionType_getSecurityCategoryFromUser</property>
+   <multi_property id='categories'>local_role_group/shadow</multi_property>
   <multi_property id='base_category'>aggregate</multi_property>
  </role>
  <role id='Auditor'>

--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Sale%20Invoice%20Transaction.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Sale%20Invoice%20Transaction.xml
@@ -4,6 +4,12 @@
   <multi_property id='category'>group/company</multi_property>
   <multi_property id='base_category'>group</multi_property>
  </role>
+  <role id='Assignee'>
+   <property id='title'>Person Shadow</property>
+   <multi_property id='categories'>local_role_group/shadow</multi_property>
+   <multi_property id='category'>role/shadow/person</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
  <role id='Auditor'>
   <property id='title'>User</property>
   <property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>

--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
@@ -928,7 +928,7 @@ class TestAccountingTransactionModule(TestSlapOSGroupRoleSecurityMixin):
    self.assertSecurityGroup(module,
        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON', 'R-MEMBER'], True)
    self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
-    self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
+    self.assertRoles(module, 'R-SHADOW-PERSON', ['Assignor'])
    self.assertRoles(module, 'R-MEMBER', ['Auditor'])
    self.assertRoles(module, self.user_id, ['Owner'])
@@ -958,7 +958,7 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
        portal_type='Payment Transaction')
    product.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
+        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
    self.assertRoles(product, self.user_id, ['Owner'])
@@ -974,7 +974,8 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
    product.updateLocalRolesOnSecurityGroups()
    shadow_user_id = 'SHADOW-%s' % person.getUserId()
    self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, person.getUserId(), shadow_user_id], False)
+        ['G-COMPANY', self.user_id, person.getUserId(), shadow_user_id, 
+         'R-SHADOW-PERSON'], False)
    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
    self.assertRoles(product, shadow_user_id, ['Auditor'])
    self.assertRoles(product, person.getUserId(), ['Auditor'])
@@ -992,7 +993,8 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
    product.updateLocalRolesOnSecurityGroups()
    shadow_user_id = 'SHADOW-%s' % person.getUserId()
    self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, person.getUserId(), shadow_user_id], False)
+        ['G-COMPANY', self.user_id, person.getUserId(),
+         shadow_user_id, 'R-SHADOW-PERSON'], False)
    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
    self.assertRoles(product, shadow_user_id, ['Auditor'])
    self.assertRoles(product, person.getUserId(), ['Auditor'])
@@ -1014,7 +1016,7 @@ class TestSaleInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin):
        portal_type='Sale Invoice Transaction')
    product.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
+        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
    self.assertRoles(product, self.user_id, ['Owner'])
@@ -1029,7 +1031,8 @@ class TestSaleInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin):
        )
    product.updateLocalRolesOnSecurityGroups()
    self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, person.getUserId()], False)
+        ['G-COMPANY', self.user_id, person.getUserId(), 
+         'R-SHADOW-PERSON'], False)
    self.assertRoles(product, 'G-COMPANY', ['Assignor'])
    self.assertRoles(product, person.getUserId(), ['Auditor'])
    self.assertRoles(product, self.user_id, ['Owner'])

--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.py
@@ -281,7 +281,7 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
    payment_transaction = self.portal.accounting_module.newContent(
        portal_type='Payment Transaction')
    self.assertSecurityGroup(payment_transaction, [self.user_id,
-        'G-COMPANY'],
+        'G-COMPANY', 'R-SHADOW-PERSON'],
        False)
    payment_transaction.edit(
@@ -290,7 +290,7 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
    self.assertSecurityGroup(payment_transaction, [self.user_id,
        'G-COMPANY', 'SHADOW-%s' % self.person_user.getUserId(),
-        self.person_user.getUserId()],
+        self.person_user.getUserId(), 'R-SHADOW-PERSON'],
        False)
  def test_PayzenEvent_setDestinationSection(self):
@@ -339,7 +339,7 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
    sale_invoice_transaction = self.portal.accounting_module.newContent(
        portal_type='Sale Invoice Transaction')
    self.assertSecurityGroup(sale_invoice_transaction, [self.user_id,
-        'G-COMPANY'],
+        'G-COMPANY', 'R-SHADOW-PERSON'],
        False)
    sale_invoice_transaction.edit(
@@ -347,7 +347,7 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
    self.commit()
    self.assertSecurityGroup(sale_invoice_transaction, [self.user_id,
-        'G-COMPANY', self.person_user.getUserId()],
+        'G-COMPANY', self.person_user.getUserId(), 'R-SHADOW-PERSON'],
        False)
  def test_SupportRequest_setDestinationDecision(self):