From d3964abe5988c3f254ca35c0fa13e09f941c6d90 Mon Sep 17 00:00:00 2001
From: Romain Courteaud <romain@nexedi.com>
Date: Wed, 5 Sep 2012 12:04:53 +0200
Subject: [PATCH] Add Computer Network security configuration.

---
 .../computer_network_module.xml               |  11 ++
 .../base_category_list.xml                    |   3 +
 .../Computer%20Network%20Module.xml           |   7 +
 .../Computer%20Network.xml                    |  13 ++
 .../workflow_chain_type.xml                   |   4 +
 .../testVifibComputerNetworkSecurity.py       | 132 ++++++++++++++++++
 .../Base_setSourceAdministration.xml          |   1 +
 master/bt5/vifib_erp5/bt/revision             |   2 +-
 .../vifib_erp5/bt/template_local_role_list    |   1 +
 .../vifib_erp5/bt/template_local_roles_list   |   1 +
 .../template_portal_type_base_category_list   |   1 +
 .../bt/template_portal_type_role_list         |   2 +
 .../bt/template_portal_type_roles_list        |   2 +
 .../template_portal_type_workflow_chain_list  |   1 +
 .../bt5/vifib_erp5/bt/template_test_id_list   |   1 +
 15 files changed, 181 insertions(+), 1 deletion(-)
 create mode 100644 master/bt5/vifib_erp5/LocalRolesTemplateItem/computer_network_module.xml
 create mode 100644 master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network%20Module.xml
 create mode 100644 master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml
 create mode 100644 master/bt5/vifib_erp5/TestTemplateItem/testVifibComputerNetworkSecurity.py

diff --git a/master/bt5/vifib_erp5/LocalRolesTemplateItem/computer_network_module.xml b/master/bt5/vifib_erp5/LocalRolesTemplateItem/computer_network_module.xml
new file mode 100644
index 000000000..204fe93b6
--- /dev/null
+++ b/master/bt5/vifib_erp5/LocalRolesTemplateItem/computer_network_module.xml
@@ -0,0 +1,11 @@
+<local_roles_item>
+ <local_roles>
+  <role id='R-MEMBER'>
+   <item>Auditor</item>
+   <item>Author</item>
+  </role>
+  <role id='zope'>
+   <item>Owner</item>
+  </role>
+ </local_roles>
+</local_roles_item>
\ No newline at end of file
diff --git a/master/bt5/vifib_erp5/PortalTypeBaseCategoryTemplateItem/base_category_list.xml b/master/bt5/vifib_erp5/PortalTypeBaseCategoryTemplateItem/base_category_list.xml
index aeeb9d0f0..04e91459a 100644
--- a/master/bt5/vifib_erp5/PortalTypeBaseCategoryTemplateItem/base_category_list.xml
+++ b/master/bt5/vifib_erp5/PortalTypeBaseCategoryTemplateItem/base_category_list.xml
@@ -2,4 +2,7 @@
  <portal_type id="Computer">
   <item>source_administration</item>
  </portal_type>
+ <portal_type id="Computer Network">
+  <item>source_administration</item>
+ </portal_type>
 </base_category_list>
\ No newline at end of file
diff --git a/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network%20Module.xml b/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network%20Module.xml
new file mode 100644
index 000000000..9401d0e8f
--- /dev/null
+++ b/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network%20Module.xml
@@ -0,0 +1,7 @@
+<type_roles>
+  <role id='Auditor; Author'>
+   <property id='title'>Member</property>
+   <multi_property id='category'>role/member</multi_property>
+   <multi_property id='base_category'>role</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file
diff --git a/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml b/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml
new file mode 100644
index 000000000..a64671285
--- /dev/null
+++ b/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml
@@ -0,0 +1,13 @@
+<type_roles>
+  <role id='Assignee'>
+   <property id='title'>Computer Agent</property>
+   <property id='description'>Monovalued role</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
+   <multi_property id='base_category'>source_administration</multi_property>
+  </role>
+  <role id='Assignor'>
+   <property id='title'>Group company</property>
+   <multi_property id='category'>group/company</multi_property>
+   <multi_property id='base_category'>group</multi_property>
+  </role>
+</type_roles>
\ No newline at end of file
diff --git a/master/bt5/vifib_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml b/master/bt5/vifib_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml
index 30bb869e2..4adb3423e 100644
--- a/master/bt5/vifib_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml
+++ b/master/bt5/vifib_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml
@@ -3,6 +3,10 @@
   <type>Computer</type>
   <workflow>local_permission_vifib_interaction_workflow</workflow>
  </chain>
+ <chain>
+  <type>Computer Network</type>
+  <workflow>local_permission_vifib_interaction_workflow</workflow>
+ </chain>
  <chain>
   <type>Hosting Subscription</type>
   <workflow>local_permission_vifib_interaction_workflow</workflow>
diff --git a/master/bt5/vifib_erp5/TestTemplateItem/testVifibComputerNetworkSecurity.py b/master/bt5/vifib_erp5/TestTemplateItem/testVifibComputerNetworkSecurity.py
new file mode 100644
index 000000000..6994c0ad2
--- /dev/null
+++ b/master/bt5/vifib_erp5/TestTemplateItem/testVifibComputerNetworkSecurity.py
@@ -0,0 +1,132 @@
+# Copyright (c) 2012 Nexedi SA and Contributors. All Rights Reserved.
+import unittest
+from Products.Vifib.tests.testVifibSlapWebService import \
+  TestVifibSlapWebServiceMixin
+
+READ = 'Access contents information'
+VIEW = 'View'
+ADD = 'Add portal content'
+WRITE = 'Modify portal content'
+OTHER_AUDITOR = [
+  'Access Transient Objects',
+  'Access session data',
+  'Copy or Move',
+  'List folder contents',
+  'View History'
+  ]
+OTHER_AUTHOR = [
+  'Add portal folders',
+  ]
+
+class TestVifibComputerNetworkSecurity(TestVifibSlapWebServiceMixin):
+
+  def generateNewId(self):
+    return self.getPortalObject().portal_ids.generateNewId(
+                                     id_group=('slapos_core_test'))
+
+  def getTitle(self):
+    return "Test Vifib Computer Network Security"
+
+  def createMemberUser(self):
+    portal = self.getPortalObject()
+    new_id = self.generateNewId()
+
+    # Clone person document
+    person_user = portal.person_module.template_member.\
+                                 Base_createCloneDocument(batch_mode=1)
+    person_user.edit(
+      title="live_test_%s" % new_id,
+      reference="live_test_%s" % new_id,
+      default_email_text="live_test_%s@example.org" % new_id,
+    )
+    person_user.validate()
+    for assignment in person_user.contentValues(portal_type="Assignment"):
+      assignment.open()
+    return person_user
+
+  def afterSetUp(self):
+    pass
+
+  def beforeTearDown(self):
+    pass
+
+  def _getLocalRoles(self, context):
+    return [x[0] for x in context.get_local_roles()]
+
+  def _permissionsOfRole(self, context, role):
+    return [x['name'] for x in context.permissionsOfRole(role) \
+          if x['selected'] == 'SELECTED']
+
+  def assertPermissionsOfRole(self, context, role, permission_list):
+    self.assertSameSet(
+      permission_list,
+      self._permissionsOfRole(context, role))
+
+  def assertSecurityGroup(self, context, security_group_list, acquired):
+    self.assertEquals(acquired, context._getAcquireLocalRoles())
+    self.assertSameSet(
+      security_group_list,
+      self._getLocalRoles(context)
+    )
+
+  def assertRoles(self, context, security_group, role_list):
+    self.assertSameSet(
+      role_list,
+      context.get_local_roles_for_userid(security_group)
+    )
+
+  def test_ComputerNetworkModuleLocalRoles(self):
+    module = self.portal.computer_network_module
+    self.assertSecurityGroup(module, ['R-MEMBER', 'zope'], False)
+    self.assertRoles(module, 'R-MEMBER', ['Author', 'Auditor'])
+    self.assertRoles(module, 'zope', ['Owner'])
+
+  def test_ComputerNetworkModulePermissions(self):
+    module = self.portal.computer_network_module
+    self.assertPermissionsOfRole(module, 'Owner', [])
+    self.assertPermissionsOfRole(module, 'Auditor',
+                                 [READ, VIEW] + OTHER_AUDITOR)
+    self.assertPermissionsOfRole(module, 'Author',
+                                 [READ, ADD] + OTHER_AUDITOR + OTHER_AUTHOR)
+
+  def test_ComputerNetworkLocalRoles(self):
+    module = self.portal.computer_network_module
+    network = module.newContent(portal_type="Computer Network")
+
+    self.assertSecurityGroup(network, ['ERP5TypeTestCase', 'G-COMPANY'], False)
+    self.assertRoles(network, 'ERP5TypeTestCase', ['Owner'])
+    self.assertRoles(network, 'G-COMPANY', ['Assignor'])
+
+    # Setting source administration give person the assignee role
+    person = self.createMemberUser()
+    network.edit(source_administration_value=person)
+    self.assertSecurityGroup(network,
+        ['ERP5TypeTestCase', 'G-COMPANY', person.getReference()], False)
+    self.assertRoles(network, person.getReference(), ['Assignee'])
+
+  def test_ComputerNetworkPermission(self):
+    module = self.portal.computer_network_module
+    network = module.newContent(portal_type="Computer Network")
+
+    # Check draft state
+    self.assertEquals('draft', network.getValidationState())
+    self.assertPermissionsOfRole(network, 'Owner',
+                                 [READ, VIEW, ADD, WRITE])
+    self.assertPermissionsOfRole(network, 'Assignor',
+                                 [READ, VIEW, ADD, WRITE])
+    self.assertPermissionsOfRole(network, 'Assignee',
+                                 [READ, VIEW, ADD, WRITE])
+
+    # Check validated state
+    network.validate()
+    self.assertEquals('validated', network.getValidationState())
+    self.assertPermissionsOfRole(network, 'Owner', [])
+    self.assertPermissionsOfRole(network, 'Assignor',
+                                 [READ, VIEW, ADD, WRITE])
+    self.assertPermissionsOfRole(network, 'Assignee',
+                                 [READ, VIEW, ADD, WRITE])
+
+def test_suite():
+  suite = unittest.TestSuite()
+  suite.addTest(unittest.makeSuite(TestVifibComputerNetworkSecurity))
+  return suite
diff --git a/master/bt5/vifib_erp5/WorkflowTemplateItem/portal_workflow/local_permission_vifib_interaction_workflow/interactions/Base_setSourceAdministration.xml b/master/bt5/vifib_erp5/WorkflowTemplateItem/portal_workflow/local_permission_vifib_interaction_workflow/interactions/Base_setSourceAdministration.xml
index 7db68b6db..6967e5b80 100644
--- a/master/bt5/vifib_erp5/WorkflowTemplateItem/portal_workflow/local_permission_vifib_interaction_workflow/interactions/Base_setSourceAdministration.xml
+++ b/master/bt5/vifib_erp5/WorkflowTemplateItem/portal_workflow/local_permission_vifib_interaction_workflow/interactions/Base_setSourceAdministration.xml
@@ -69,6 +69,7 @@
             <value>
               <list>
                 <string>Computer</string>
+                <string>Computer Network</string>
                 <string>Internal Packing List</string>
                 <string>Purchase Packing List</string>
               </list>
diff --git a/master/bt5/vifib_erp5/bt/revision b/master/bt5/vifib_erp5/bt/revision
index c95da112f..1b6db1e86 100644
--- a/master/bt5/vifib_erp5/bt/revision
+++ b/master/bt5/vifib_erp5/bt/revision
@@ -1 +1 @@
-459
\ No newline at end of file
+460
\ No newline at end of file
diff --git a/master/bt5/vifib_erp5/bt/template_local_role_list b/master/bt5/vifib_erp5/bt/template_local_role_list
index 4000e2afb..04cecfcde 100644
--- a/master/bt5/vifib_erp5/bt/template_local_role_list
+++ b/master/bt5/vifib_erp5/bt/template_local_role_list
@@ -17,6 +17,7 @@ business_process_module/vifib_sale_business_process
 campaign_module
 component_module
 computer_module
+computer_network_module
 credential_update_module
 currency_module
 currency_module/EUR
diff --git a/master/bt5/vifib_erp5/bt/template_local_roles_list b/master/bt5/vifib_erp5/bt/template_local_roles_list
index 4000e2afb..cad06f5e2 100644
--- a/master/bt5/vifib_erp5/bt/template_local_roles_list
+++ b/master/bt5/vifib_erp5/bt/template_local_roles_list
@@ -4,6 +4,7 @@ account_module/capital
 account_module/coll_vat
 account_module/equipments
 account_module/inventories
+computer_network_module
 account_module/payable
 account_module/profit_loss
 account_module/purchase
diff --git a/master/bt5/vifib_erp5/bt/template_portal_type_base_category_list b/master/bt5/vifib_erp5/bt/template_portal_type_base_category_list
index 22ea602ac..69a66d76d 100644
--- a/master/bt5/vifib_erp5/bt/template_portal_type_base_category_list
+++ b/master/bt5/vifib_erp5/bt/template_portal_type_base_category_list
@@ -1 +1,2 @@
+Computer Network | source_administration
 Computer | source_administration
\ No newline at end of file
diff --git a/master/bt5/vifib_erp5/bt/template_portal_type_role_list b/master/bt5/vifib_erp5/bt/template_portal_type_role_list
index 004e94d37..6fb9bcb53 100644
--- a/master/bt5/vifib_erp5/bt/template_portal_type_role_list
+++ b/master/bt5/vifib_erp5/bt/template_portal_type_role_list
@@ -16,6 +16,8 @@ Component
 Component Module
 Computer
 Computer Module
+Computer Network
+Computer Network Module
 Computer Partition
 Contribution Tool
 Credential Update Module
diff --git a/master/bt5/vifib_erp5/bt/template_portal_type_roles_list b/master/bt5/vifib_erp5/bt/template_portal_type_roles_list
index 004e94d37..bb2cb2c77 100644
--- a/master/bt5/vifib_erp5/bt/template_portal_type_roles_list
+++ b/master/bt5/vifib_erp5/bt/template_portal_type_roles_list
@@ -1,5 +1,7 @@
 Account
 Account Module
+Computer Network
+Computer Network Module
 Accounting Period
 Accounting Transaction
 Accounting Transaction Module
diff --git a/master/bt5/vifib_erp5/bt/template_portal_type_workflow_chain_list b/master/bt5/vifib_erp5/bt/template_portal_type_workflow_chain_list
index 8cba695a8..d6208fe98 100644
--- a/master/bt5/vifib_erp5/bt/template_portal_type_workflow_chain_list
+++ b/master/bt5/vifib_erp5/bt/template_portal_type_workflow_chain_list
@@ -1,3 +1,4 @@
+Computer Network | local_permission_vifib_interaction_workflow
 Computer | local_permission_vifib_interaction_workflow
 Hosting Subscription | local_permission_vifib_interaction_workflow
 Internal Packing List | local_permission_vifib_interaction_workflow
diff --git a/master/bt5/vifib_erp5/bt/template_test_id_list b/master/bt5/vifib_erp5/bt/template_test_id_list
index bb9fe9556..f0a40348d 100644
--- a/master/bt5/vifib_erp5/bt/template_test_id_list
+++ b/master/bt5/vifib_erp5/bt/template_test_id_list
@@ -4,5 +4,6 @@ testVifibModuleSecurity
 testVifibUserAdmin
 testVifibUserCustomer
 testVifibUserDeveloper
+testVifibComputerNetworkSecurity
 testVifibConstraint
 testVifibPayZen
\ No newline at end of file
-- 
2.30.9