Commit f18fcc3b authored by Romain Courteaud's avatar Romain Courteaud

slapos_erp5: fixup Payment Transaction security

parent 26747043
<type_roles> <type_roles>
<role id='Assignee'> <role id='Assignee'>
<property id='title'>Person Shadow</property> <property id='title'>Person Shadow</property>
<property id='condition'>python: here.getDestinationSection('', portal_type='Person') == ""</property> <property id='condition'>python: (here.getDestinationSection('', portal_type='Person') == "") and (here.getLedger("") == "automated")</property>
<multi_property id='categories'>local_role_group/shadow</multi_property> <multi_property id='categories'>local_role_group/shadow</multi_property>
<multi_property id='category'>role/shadow/person</multi_property> <multi_property id='category'>role/shadow/person</multi_property>
<multi_property id='base_category'>role</multi_property> <multi_property id='base_category'>role</multi_property>
...@@ -10,12 +10,12 @@ ...@@ -10,12 +10,12 @@
<property id='title'>ReadOnly for Accountant</property> <property id='title'>ReadOnly for Accountant</property>
<property id='condition'>python: context.getLedger("") == "automated"</property> <property id='condition'>python: context.getLedger("") == "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property> <multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property> <multi_property id='category'>function/accounting*</multi_property>
<multi_property id='base_category'>function</multi_property> <multi_property id='base_category'>function</multi_property>
</role> </role>
<role id='Auditor'> <role id='Auditor'>
<property id='title'>Shadow User</property> <property id='title'>Shadow User</property>
<property id='condition'>python: here.getDestinationSection('', portal_type='Person') != ''</property> <property id='condition'>python: (here.getDestinationSection('', portal_type='Person') != "") and (here.getLedger("") == "automated")</property>
<property id='base_category_script'>PaymentTransaction_getSecurityCategoryFromUser</property> <property id='base_category_script'>PaymentTransaction_getSecurityCategoryFromUser</property>
<multi_property id='categories'>local_role_group/shadow</multi_property> <multi_property id='categories'>local_role_group/shadow</multi_property>
<multi_property id='base_category'>aggregate</multi_property> <multi_property id='base_category'>aggregate</multi_property>
...@@ -27,11 +27,18 @@ ...@@ -27,11 +27,18 @@
<multi_property id='categories'>local_role_group/user</multi_property> <multi_property id='categories'>local_role_group/user</multi_property>
<multi_property id='base_category'>destination_section</multi_property> <multi_property id='base_category'>destination_section</multi_property>
</role> </role>
<role id='Assignee'>
<property id='title'>Writable for Accountant Agent</property>
<property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting/agent</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignor'> <role id='Assignor'>
<property id='title'>Writable for Accountant</property> <property id='title'>Writable for Accountant Manager</property>
<property id='condition'>python: context.getLedger("") != "automated"</property> <property id='condition'>python: context.getLedger("") != "automated"</property>
<multi_property id='categories'>local_role_group/function</multi_property> <multi_property id='categories'>local_role_group/function</multi_property>
<multi_property id='category'>function/accounting</multi_property> <multi_property id='category'>function/accounting/manager</multi_property>
<multi_property id='base_category'>function</multi_property> <multi_property id='base_category'>function</multi_property>
</role> </role>
</type_roles> </type_roles>
\ No newline at end of file
...@@ -1336,16 +1336,28 @@ class TestBalanceTransaction(TestSlapOSGroupRoleSecurityMixin): ...@@ -1336,16 +1336,28 @@ class TestBalanceTransaction(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(product, self.user_id, ['Owner']) self.assertRoles(product, self.user_id, ['Owner'])
class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin): class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
def test_GroupCompany(self): def test_AccountingFunction_LedgerNotAutomated(self):
product = self.portal.accounting_module.newContent( product = self.portal.accounting_module.newContent(
portal_type='Payment Transaction') portal_type='Payment Transaction')
product.updateLocalRolesOnSecurityGroups() product.updateLocalRolesOnSecurityGroups()
self.assertSecurityGroup(product, self.assertSecurityGroup(product,
['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False) ['F-ACCMAN', 'F-ACCAGT', self.user_id], False)
self.assertRoles(product, 'G-COMPANY', ['Assignor']) self.assertRoles(product, 'F-ACCMAN', ['Assignor'])
self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
self.assertRoles(product, self.user_id, ['Owner']) self.assertRoles(product, self.user_id, ['Owner'])
def test_ShadowUser(self): def test_AccountingFunction_LedgerAutomated(self):
product = self.portal.accounting_module.newContent(
portal_type='Payment Transaction')
product.edit(ledger='automated')
product.updateLocalRolesOnSecurityGroups()
self.assertSecurityGroup(product,
['F-ACCOUNTING*', 'R-SHADOW-PERSON', self.user_id], False)
self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
self.assertRoles(product, 'R-SHADOW-PERSON', ['Assignee'])
self.assertRoles(product, self.user_id, ['Owner'])
def test_UserWithoutLedger(self):
reference = 'TESTPERSON-%s' % self.generateNewId() reference = 'TESTPERSON-%s' % self.generateNewId()
person = self.portal.person_module.newContent(portal_type='Person', person = self.portal.person_module.newContent(portal_type='Person',
reference=reference) reference=reference)
...@@ -1355,15 +1367,13 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin): ...@@ -1355,15 +1367,13 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
destination_section_value=person, destination_section_value=person,
) )
product.updateLocalRolesOnSecurityGroups() product.updateLocalRolesOnSecurityGroups()
shadow_user_id = 'SHADOW-%s' % person.getUserId()
self.assertSecurityGroup(product, self.assertSecurityGroup(product,
['F-IS*', self.user_id, person.getUserId(), shadow_user_id], False) ['F-ACCMAN', 'F-ACCAGT', self.user_id], False)
self.assertRoles(product, 'F-IS*', ['Assignor']) self.assertRoles(product, 'F-ACCMAN', ['Assignor'])
self.assertRoles(product, shadow_user_id, ['Auditor']) self.assertRoles(product, 'F-ACCAGT', ['Assignee'])
self.assertRoles(product, person.getUserId(), ['Auditor'])
self.assertRoles(product, self.user_id, ['Owner']) self.assertRoles(product, self.user_id, ['Owner'])
def test_User(self): def test_UserLedger(self):
reference = 'TESTPERSON-%s' % self.generateNewId() reference = 'TESTPERSON-%s' % self.generateNewId()
person = self.portal.person_module.newContent(portal_type='Person', person = self.portal.person_module.newContent(portal_type='Person',
reference=reference) reference=reference)
...@@ -1371,25 +1381,18 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin): ...@@ -1371,25 +1381,18 @@ class TestPaymentTransaction(TestSlapOSGroupRoleSecurityMixin):
portal_type='Payment Transaction') portal_type='Payment Transaction')
product.edit( product.edit(
destination_section_value=person, destination_section_value=person,
ledger='automated'
) )
product.updateLocalRolesOnSecurityGroups() product.updateLocalRolesOnSecurityGroups()
shadow_user_id = 'SHADOW-%s' % person.getUserId() shadow_user_id = 'SHADOW-%s' % person.getUserId()
self.assertSecurityGroup(product, self.assertSecurityGroup(product,
['G-COMPANY', self.user_id, person.getUserId(), ['F-ACCOUNTING*', self.user_id, person.getUserId(),
shadow_user_id], False) shadow_user_id], False)
self.assertRoles(product, 'G-COMPANY', ['Assignor']) self.assertRoles(product, 'F-ACCOUNTING*', ['Auditor'])
self.assertRoles(product, shadow_user_id, ['Auditor']) self.assertRoles(product, shadow_user_id, ['Auditor'])
self.assertRoles(product, person.getUserId(), ['Auditor']) self.assertRoles(product, person.getUserId(), ['Auditor'])
self.assertRoles(product, self.user_id, ['Owner']) self.assertRoles(product, self.user_id, ['Owner'])
def test_User_without_destination_section(self):
product = self.portal.accounting_module.newContent(
portal_type='Payment Transaction')
product.updateLocalRolesOnSecurityGroups()
self.assertSecurityGroup(product,
['G-COMPANY', self.user_id, 'R-SHADOW-PERSON'], False)
self.assertRoles(product, 'G-COMPANY', ['Assignor'])
self.assertRoles(product, self.user_id, ['Owner'])
class TestPurchaseInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin): class TestPurchaseInvoiceTransaction(TestSlapOSGroupRoleSecurityMixin):
def test_AccountingFunction_LedgerNotAutomated(self): def test_AccountingFunction_LedgerNotAutomated(self):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment