slapos_erp5: Allow SHADOW user to access and create Sale Invoices

On the subscription process, we would like the user (as anonymous), be able to pay before Join.

master/bt5/slapos_erp5/LocalRolesTemplateItem/accounting_module.xml

@@ -8,7 +8,12 @@
    <item>Auditor</item>
   </role>
   <role id='R-SHADOW-PERSON'>
-   <item>Auditor</item>
+   <item>Assignor</item>
   </role>
  </local_roles>
+ <local_role_group_ids>
+  <local_role_group_id id='shadow'>
+    <principal id='R-SHADOW-PERSON'>Assignor</principal>
+  </local_role_group_id>
+ </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/LocalRolesTemplateItem/organisation_module.xml

@@ -15,4 +15,13 @@
    <item>Auditor</item>
   </role>
  </local_roles>
+ <local_role_group_ids>
+  <local_role_group_id id='group'>
+    <principal id='G-COMPANY'>Auditor</principal>
+    <principal id='G-COMPANY'>Author</principal>
+  </local_role_group_id>
+  <local_role_group_id id='shadow'>
+    <principal id='R-SHADOW-PERSON'>Auditor</principal>
+  </local_role_group_id>
+ </local_role_group_ids>
 </local_roles_item>
\ No newline at end of file

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Accounting%20Transaction%20Module.xml

@@ -9,8 +9,9 @@
    <multi_property id='category'>role/member</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>
-  <role id='Auditor'>
+  <role id='Assignor'>
    <property id='title'>Person Shadow</property>
+   <multi_property id='categories'>local_role_group/shadow</multi_property>
    <multi_property id='category'>role/shadow/person</multi_property>
    <multi_property id='base_category'>role</multi_property>
   </role>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Payment%20Transaction.xml

 <type_roles>
   <role id='Assignor'>
    <property id='title'>Group company</property>
+   <multi_property id='categories'>local_role_group/shadow</multi_property>
    <multi_property id='category'>group/company</multi_property>
    <multi_property id='base_category'>group</multi_property>
   </role>
+  <role id='Auditor'>
+   <property id='title'>Person Shadow</property>
+   <multi_property id='category'>role/shadow/person</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
   <role id='Auditor'>
    <property id='title'>Shadow User</property>
    <property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>
    <property id='base_category_script'>PaymentTransactionType_getSecurityCategoryFromUser</property>
+   <multi_property id='categories'>local_role_group/shadow</multi_property>
    <multi_property id='base_category'>aggregate</multi_property>
   </role>
   <role id='Auditor'>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Sale%20Invoice%20Transaction.xml

@@ -4,6 +4,12 @@
    <multi_property id='category'>group/company</multi_property>
    <multi_property id='base_category'>group</multi_property>
   </role>
+  <role id='Assignee'>
+   <property id='title'>Person Shadow</property>
+   <multi_property id='categories'>local_role_group/shadow</multi_property>
+   <multi_property id='category'>role/shadow/person</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
   <role id='Auditor'>
    <property id='title'>User</property>
    <property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property>

master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py

@@ -928,7 +928,7 @@ class TestAccountingTransactionModule(TestSlapOSGroupRoleSecurityMixin):
     self.assertSecurityGroup(module,
         ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON', 'R-MEMBER'], True)
     self.assertRoles(module, 'G-COMPANY', ['Auditor', 'Author'])
-    self.assertRoles(module, 'R-SHADOW-PERSON', ['Auditor'])
+    self.assertRoles(module, 'R-SHADOW-PERSON', ['Assignor'])
     self.assertRoles(module, 'R-MEMBER', ['Auditor'])
     self.assertRoles(module, self.user_id, ['Owner'])
 
@@ -958,7 +958,7 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Payment Transaction')
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
+        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
     self.assertRoles(product, 'G-COMPANY', ['Assignor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
@@ -974,7 +974,8 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
     product.updateLocalRolesOnSecurityGroups()
     shadow_user_id = 'SHADOW-%s' % person.getUserId()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, person.getUserId(), shadow_user_id], False)
+        ['G-COMPANY', self.user_id, person.getUserId(), shadow_user_id, 
+         'R-SHADOW-PERSON'], False)
     self.assertRoles(product, 'G-COMPANY', ['Assignor'])
     self.assertRoles(product, shadow_user_id, ['Auditor'])
     self.assertRoles(product, person.getUserId(), ['Auditor'])
@@ -992,7 +993,8 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
     product.updateLocalRolesOnSecurityGroups()
     shadow_user_id = 'SHADOW-%s' % person.getUserId()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, person.getUserId(), shadow_user_id], False)
+        ['G-COMPANY', self.user_id, person.getUserId(),
+         shadow_user_id, 'R-SHADOW-PERSON'], False)
     self.assertRoles(product, 'G-COMPANY', ['Assignor'])
     self.assertRoles(product, shadow_user_id, ['Auditor'])
     self.assertRoles(product, person.getUserId(), ['Auditor'])
@@ -1014,7 +1016,7 @@ class TestSaleInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin):
         portal_type='Sale Invoice Transaction')
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id], False)
+        ['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
     self.assertRoles(product, 'G-COMPANY', ['Assignor'])
     self.assertRoles(product, self.user_id, ['Owner'])
 
@@ -1029,7 +1031,8 @@ class TestSaleInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin):
         )
     product.updateLocalRolesOnSecurityGroups()
     self.assertSecurityGroup(product,
-        ['G-COMPANY', self.user_id, person.getUserId()], False)
+        ['G-COMPANY', self.user_id, person.getUserId(), 
+         'R-SHADOW-PERSON'], False)
     self.assertRoles(product, 'G-COMPANY', ['Assignor'])
     self.assertRoles(product, person.getUserId(), ['Auditor'])
     self.assertRoles(product, self.user_id, ['Owner'])

master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.py

@@ -281,7 +281,7 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
     payment_transaction = self.portal.accounting_module.newContent(
         portal_type='Payment Transaction')
     self.assertSecurityGroup(payment_transaction, [self.user_id,
-        'G-COMPANY'],
+        'G-COMPANY', 'R-SHADOW-PERSON'],
         False)
 
     payment_transaction.edit(
@@ -290,7 +290,7 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
 
     self.assertSecurityGroup(payment_transaction, [self.user_id,
         'G-COMPANY', 'SHADOW-%s' % self.person_user.getUserId(),
-        self.person_user.getUserId()],
+        self.person_user.getUserId(), 'R-SHADOW-PERSON'],
         False)
 
   def test_PayzenEvent_setDestinationSection(self):
@@ -339,7 +339,7 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
     sale_invoice_transaction = self.portal.accounting_module.newContent(
         portal_type='Sale Invoice Transaction')
     self.assertSecurityGroup(sale_invoice_transaction, [self.user_id,
-        'G-COMPANY'],
+        'G-COMPANY', 'R-SHADOW-PERSON'],
         False)
 
     sale_invoice_transaction.edit(
@@ -347,7 +347,7 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
     self.commit()
 
     self.assertSecurityGroup(sale_invoice_transaction, [self.user_id,
-        'G-COMPANY', self.person_user.getUserId()],
+        'G-COMPANY', self.person_user.getUserId(), 'R-SHADOW-PERSON'],
         False)
 
   def test_SupportRequest_setDestinationDecision(self):