From d3964abe5988c3f254ca35c0fa13e09f941c6d90 Mon Sep 17 00:00:00 2001 From: Romain Courteaud <romain@nexedi.com> Date: Wed, 5 Sep 2012 12:04:53 +0200 Subject: [PATCH] Add Computer Network security configuration. --- .../computer_network_module.xml | 11 ++ .../base_category_list.xml | 3 + .../Computer%20Network%20Module.xml | 7 + .../Computer%20Network.xml | 13 ++ .../workflow_chain_type.xml | 4 + .../testVifibComputerNetworkSecurity.py | 132 ++++++++++++++++++ .../Base_setSourceAdministration.xml | 1 + master/bt5/vifib_erp5/bt/revision | 2 +- .../vifib_erp5/bt/template_local_role_list | 1 + .../vifib_erp5/bt/template_local_roles_list | 1 + .../template_portal_type_base_category_list | 1 + .../bt/template_portal_type_role_list | 2 + .../bt/template_portal_type_roles_list | 2 + .../template_portal_type_workflow_chain_list | 1 + .../bt5/vifib_erp5/bt/template_test_id_list | 1 + 15 files changed, 181 insertions(+), 1 deletion(-) create mode 100644 master/bt5/vifib_erp5/LocalRolesTemplateItem/computer_network_module.xml create mode 100644 master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network%20Module.xml create mode 100644 master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml create mode 100644 master/bt5/vifib_erp5/TestTemplateItem/testVifibComputerNetworkSecurity.py diff --git a/master/bt5/vifib_erp5/LocalRolesTemplateItem/computer_network_module.xml b/master/bt5/vifib_erp5/LocalRolesTemplateItem/computer_network_module.xml new file mode 100644 index 000000000..204fe93b6 --- /dev/null +++ b/master/bt5/vifib_erp5/LocalRolesTemplateItem/computer_network_module.xml @@ -0,0 +1,11 @@ +<local_roles_item> + <local_roles> + <role id='R-MEMBER'> + <item>Auditor</item> + <item>Author</item> + </role> + <role id='zope'> + <item>Owner</item> + </role> + </local_roles> +</local_roles_item> \ No newline at end of file diff --git a/master/bt5/vifib_erp5/PortalTypeBaseCategoryTemplateItem/base_category_list.xml b/master/bt5/vifib_erp5/PortalTypeBaseCategoryTemplateItem/base_category_list.xml index aeeb9d0f0..04e91459a 100644 --- a/master/bt5/vifib_erp5/PortalTypeBaseCategoryTemplateItem/base_category_list.xml +++ b/master/bt5/vifib_erp5/PortalTypeBaseCategoryTemplateItem/base_category_list.xml @@ -2,4 +2,7 @@ <portal_type id="Computer"> <item>source_administration</item> </portal_type> + <portal_type id="Computer Network"> + <item>source_administration</item> + </portal_type> </base_category_list> \ No newline at end of file diff --git a/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network%20Module.xml b/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network%20Module.xml new file mode 100644 index 000000000..9401d0e8f --- /dev/null +++ b/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network%20Module.xml @@ -0,0 +1,7 @@ +<type_roles> + <role id='Auditor; Author'> + <property id='title'>Member</property> + <multi_property id='category'>role/member</multi_property> + <multi_property id='base_category'>role</multi_property> + </role> +</type_roles> \ No newline at end of file diff --git a/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml b/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml new file mode 100644 index 000000000..a64671285 --- /dev/null +++ b/master/bt5/vifib_erp5/PortalTypeRolesTemplateItem/Computer%20Network.xml @@ -0,0 +1,13 @@ +<type_roles> + <role id='Assignee'> + <property id='title'>Computer Agent</property> + <property id='description'>Monovalued role</property> + <property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property> + <multi_property id='base_category'>source_administration</multi_property> + </role> + <role id='Assignor'> + <property id='title'>Group company</property> + <multi_property id='category'>group/company</multi_property> + <multi_property id='base_category'>group</multi_property> + </role> +</type_roles> \ No newline at end of file diff --git a/master/bt5/vifib_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml b/master/bt5/vifib_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml index 30bb869e2..4adb3423e 100644 --- a/master/bt5/vifib_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml +++ b/master/bt5/vifib_erp5/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml @@ -3,6 +3,10 @@ <type>Computer</type> <workflow>local_permission_vifib_interaction_workflow</workflow> </chain> + <chain> + <type>Computer Network</type> + <workflow>local_permission_vifib_interaction_workflow</workflow> + </chain> <chain> <type>Hosting Subscription</type> <workflow>local_permission_vifib_interaction_workflow</workflow> diff --git a/master/bt5/vifib_erp5/TestTemplateItem/testVifibComputerNetworkSecurity.py b/master/bt5/vifib_erp5/TestTemplateItem/testVifibComputerNetworkSecurity.py new file mode 100644 index 000000000..6994c0ad2 --- /dev/null +++ b/master/bt5/vifib_erp5/TestTemplateItem/testVifibComputerNetworkSecurity.py @@ -0,0 +1,132 @@ +# Copyright (c) 2012 Nexedi SA and Contributors. All Rights Reserved. +import unittest +from Products.Vifib.tests.testVifibSlapWebService import \ + TestVifibSlapWebServiceMixin + +READ = 'Access contents information' +VIEW = 'View' +ADD = 'Add portal content' +WRITE = 'Modify portal content' +OTHER_AUDITOR = [ + 'Access Transient Objects', + 'Access session data', + 'Copy or Move', + 'List folder contents', + 'View History' + ] +OTHER_AUTHOR = [ + 'Add portal folders', + ] + +class TestVifibComputerNetworkSecurity(TestVifibSlapWebServiceMixin): + + def generateNewId(self): + return self.getPortalObject().portal_ids.generateNewId( + id_group=('slapos_core_test')) + + def getTitle(self): + return "Test Vifib Computer Network Security" + + def createMemberUser(self): + portal = self.getPortalObject() + new_id = self.generateNewId() + + # Clone person document + person_user = portal.person_module.template_member.\ + Base_createCloneDocument(batch_mode=1) + person_user.edit( + title="live_test_%s" % new_id, + reference="live_test_%s" % new_id, + default_email_text="live_test_%s@example.org" % new_id, + ) + person_user.validate() + for assignment in person_user.contentValues(portal_type="Assignment"): + assignment.open() + return person_user + + def afterSetUp(self): + pass + + def beforeTearDown(self): + pass + + def _getLocalRoles(self, context): + return [x[0] for x in context.get_local_roles()] + + def _permissionsOfRole(self, context, role): + return [x['name'] for x in context.permissionsOfRole(role) \ + if x['selected'] == 'SELECTED'] + + def assertPermissionsOfRole(self, context, role, permission_list): + self.assertSameSet( + permission_list, + self._permissionsOfRole(context, role)) + + def assertSecurityGroup(self, context, security_group_list, acquired): + self.assertEquals(acquired, context._getAcquireLocalRoles()) + self.assertSameSet( + security_group_list, + self._getLocalRoles(context) + ) + + def assertRoles(self, context, security_group, role_list): + self.assertSameSet( + role_list, + context.get_local_roles_for_userid(security_group) + ) + + def test_ComputerNetworkModuleLocalRoles(self): + module = self.portal.computer_network_module + self.assertSecurityGroup(module, ['R-MEMBER', 'zope'], False) + self.assertRoles(module, 'R-MEMBER', ['Author', 'Auditor']) + self.assertRoles(module, 'zope', ['Owner']) + + def test_ComputerNetworkModulePermissions(self): + module = self.portal.computer_network_module + self.assertPermissionsOfRole(module, 'Owner', []) + self.assertPermissionsOfRole(module, 'Auditor', + [READ, VIEW] + OTHER_AUDITOR) + self.assertPermissionsOfRole(module, 'Author', + [READ, ADD] + OTHER_AUDITOR + OTHER_AUTHOR) + + def test_ComputerNetworkLocalRoles(self): + module = self.portal.computer_network_module + network = module.newContent(portal_type="Computer Network") + + self.assertSecurityGroup(network, ['ERP5TypeTestCase', 'G-COMPANY'], False) + self.assertRoles(network, 'ERP5TypeTestCase', ['Owner']) + self.assertRoles(network, 'G-COMPANY', ['Assignor']) + + # Setting source administration give person the assignee role + person = self.createMemberUser() + network.edit(source_administration_value=person) + self.assertSecurityGroup(network, + ['ERP5TypeTestCase', 'G-COMPANY', person.getReference()], False) + self.assertRoles(network, person.getReference(), ['Assignee']) + + def test_ComputerNetworkPermission(self): + module = self.portal.computer_network_module + network = module.newContent(portal_type="Computer Network") + + # Check draft state + self.assertEquals('draft', network.getValidationState()) + self.assertPermissionsOfRole(network, 'Owner', + [READ, VIEW, ADD, WRITE]) + self.assertPermissionsOfRole(network, 'Assignor', + [READ, VIEW, ADD, WRITE]) + self.assertPermissionsOfRole(network, 'Assignee', + [READ, VIEW, ADD, WRITE]) + + # Check validated state + network.validate() + self.assertEquals('validated', network.getValidationState()) + self.assertPermissionsOfRole(network, 'Owner', []) + self.assertPermissionsOfRole(network, 'Assignor', + [READ, VIEW, ADD, WRITE]) + self.assertPermissionsOfRole(network, 'Assignee', + [READ, VIEW, ADD, WRITE]) + +def test_suite(): + suite = unittest.TestSuite() + suite.addTest(unittest.makeSuite(TestVifibComputerNetworkSecurity)) + return suite diff --git a/master/bt5/vifib_erp5/WorkflowTemplateItem/portal_workflow/local_permission_vifib_interaction_workflow/interactions/Base_setSourceAdministration.xml b/master/bt5/vifib_erp5/WorkflowTemplateItem/portal_workflow/local_permission_vifib_interaction_workflow/interactions/Base_setSourceAdministration.xml index 7db68b6db..6967e5b80 100644 --- a/master/bt5/vifib_erp5/WorkflowTemplateItem/portal_workflow/local_permission_vifib_interaction_workflow/interactions/Base_setSourceAdministration.xml +++ b/master/bt5/vifib_erp5/WorkflowTemplateItem/portal_workflow/local_permission_vifib_interaction_workflow/interactions/Base_setSourceAdministration.xml @@ -69,6 +69,7 @@ <value> <list> <string>Computer</string> + <string>Computer Network</string> <string>Internal Packing List</string> <string>Purchase Packing List</string> </list> diff --git a/master/bt5/vifib_erp5/bt/revision b/master/bt5/vifib_erp5/bt/revision index c95da112f..1b6db1e86 100644 --- a/master/bt5/vifib_erp5/bt/revision +++ b/master/bt5/vifib_erp5/bt/revision @@ -1 +1 @@ -459 \ No newline at end of file +460 \ No newline at end of file diff --git a/master/bt5/vifib_erp5/bt/template_local_role_list b/master/bt5/vifib_erp5/bt/template_local_role_list index 4000e2afb..04cecfcde 100644 --- a/master/bt5/vifib_erp5/bt/template_local_role_list +++ b/master/bt5/vifib_erp5/bt/template_local_role_list @@ -17,6 +17,7 @@ business_process_module/vifib_sale_business_process campaign_module component_module computer_module +computer_network_module credential_update_module currency_module currency_module/EUR diff --git a/master/bt5/vifib_erp5/bt/template_local_roles_list b/master/bt5/vifib_erp5/bt/template_local_roles_list index 4000e2afb..cad06f5e2 100644 --- a/master/bt5/vifib_erp5/bt/template_local_roles_list +++ b/master/bt5/vifib_erp5/bt/template_local_roles_list @@ -4,6 +4,7 @@ account_module/capital account_module/coll_vat account_module/equipments account_module/inventories +computer_network_module account_module/payable account_module/profit_loss account_module/purchase diff --git a/master/bt5/vifib_erp5/bt/template_portal_type_base_category_list b/master/bt5/vifib_erp5/bt/template_portal_type_base_category_list index 22ea602ac..69a66d76d 100644 --- a/master/bt5/vifib_erp5/bt/template_portal_type_base_category_list +++ b/master/bt5/vifib_erp5/bt/template_portal_type_base_category_list @@ -1 +1,2 @@ +Computer Network | source_administration Computer | source_administration \ No newline at end of file diff --git a/master/bt5/vifib_erp5/bt/template_portal_type_role_list b/master/bt5/vifib_erp5/bt/template_portal_type_role_list index 004e94d37..6fb9bcb53 100644 --- a/master/bt5/vifib_erp5/bt/template_portal_type_role_list +++ b/master/bt5/vifib_erp5/bt/template_portal_type_role_list @@ -16,6 +16,8 @@ Component Component Module Computer Computer Module +Computer Network +Computer Network Module Computer Partition Contribution Tool Credential Update Module diff --git a/master/bt5/vifib_erp5/bt/template_portal_type_roles_list b/master/bt5/vifib_erp5/bt/template_portal_type_roles_list index 004e94d37..bb2cb2c77 100644 --- a/master/bt5/vifib_erp5/bt/template_portal_type_roles_list +++ b/master/bt5/vifib_erp5/bt/template_portal_type_roles_list @@ -1,5 +1,7 @@ Account Account Module +Computer Network +Computer Network Module Accounting Period Accounting Transaction Accounting Transaction Module diff --git a/master/bt5/vifib_erp5/bt/template_portal_type_workflow_chain_list b/master/bt5/vifib_erp5/bt/template_portal_type_workflow_chain_list index 8cba695a8..d6208fe98 100644 --- a/master/bt5/vifib_erp5/bt/template_portal_type_workflow_chain_list +++ b/master/bt5/vifib_erp5/bt/template_portal_type_workflow_chain_list @@ -1,3 +1,4 @@ +Computer Network | local_permission_vifib_interaction_workflow Computer | local_permission_vifib_interaction_workflow Hosting Subscription | local_permission_vifib_interaction_workflow Internal Packing List | local_permission_vifib_interaction_workflow diff --git a/master/bt5/vifib_erp5/bt/template_test_id_list b/master/bt5/vifib_erp5/bt/template_test_id_list index bb9fe9556..f0a40348d 100644 --- a/master/bt5/vifib_erp5/bt/template_test_id_list +++ b/master/bt5/vifib_erp5/bt/template_test_id_list @@ -4,5 +4,6 @@ testVifibModuleSecurity testVifibUserAdmin testVifibUserCustomer testVifibUserDeveloper +testVifibComputerNetworkSecurity testVifibConstraint testVifibPayZen \ No newline at end of file -- 2.30.9