[Erp5-report] r11040 - in /erp5/trunk/bt5/erp5_dms: PortalTypeRolesTemplateItem/ SkinTempla...
nobody at svn.erp5.org
nobody at svn.erp5.org
Wed Nov 1 16:58:25 CET 2006
Author: bartek
Date: Wed Nov 1 16:58:24 2006
New Revision: 11040
URL: http://svn.erp5.org?rev=11040&view=rev
Log:
Implemented basic security settings (6 policies)
Added:
erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_policyApplies.xml
Modified:
erp5/trunk/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml
erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml
erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml
erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml
erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml
erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml
erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/submit_action.xml
erp5/trunk/bt5/erp5_dms/bt/change_log
erp5/trunk/bt5/erp5_dms/bt/dependency_list
erp5/trunk/bt5/erp5_dms/bt/revision
erp5/trunk/bt5/erp5_dms/bt/version
Modified: erp5/trunk/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml?rev=11040&r1=11039&r2=11040&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml (original)
+++ erp5/trunk/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml Wed Nov 1 16:58:24 2006
@@ -1,43 +1,104 @@
<type_roles>
<role id='Associate'>
- <property id='title'>Project Assignees</property>
- <property id='description'>Policy: personal/project
+ <property id='title'>Project Associates</property>
+ <property id='description'>Policy: */project
Rule: all project members have a right to access document once it has been shared or released</property>
- <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+ <property id='condition'>python:object.Document_policyApplies('*/project')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Assignor'>
- <property id='title'>P/P - Project Director</property>
- <property id='description'>Policy: personal/project
+ <property id='title'>Project Director</property>
+ <property id='description'>Policy: */project
Rule: project director is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
- <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+ <property id='condition'>python:object.Document_policyApplies('*/project')</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
- <multi_property id='category'>function/project/director</multi_property>
+ <multi_property id='category'>function/knowledge/manager</multi_property>
<multi_property id='base_category'>source_project</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignee'>
- <property id='title'>P/P - Project Owner</property>
- <property id='description'>Policy: personal/project
-Rule: the creator is Assignee - can edit the doc and share it with the team</property>
- <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+ <property id='title'>Owner</property>
+ <property id='description'>Policy: */*
+Rule: the creator is Assignee - can edit the doc and submit it</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromUser</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>reference</multi_property>
</role>
<role id='Auditor'>
- <property id='title'>P/P - Organisation members</property>
- <property id='description'>Policy: personal/project
-Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)</property>
- <property id='condition'>python:object.getSourceProject() and object.isMemberOf('classification/personal/project')</property>
+ <property id='title'>Organisation members</property>
+ <property id='description'>Policy: */*
+Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)
+This does not apply if it is a project document and does not have a project</property>
+ <property id='condition'>python: not object.Document_policyApplies('*/restricted') and (object.Document_policyApplies('*/project') or not object.Document_policyApplies('*/project',True) )</property>
<property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
<multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
+ <role id='Assignee'>
+ <property id='title'>Project Collaborators</property>
+ <property id='description'>Policy: collaborative/project
+Rule: all members of project team can edit the document before it is submitted, and can submit it</property>
+ <property id='condition'>python:object.Document_policyApplies('collaborative/project')</property>
+ <property id='priority'>10</property>
+ <property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
+ <multi_property id='category'></multi_property>
+ <multi_property id='base_category'>source_project</multi_property>
+ </role>
+ <role id='Assignor'>
+ <property id='title'>Team Director</property>
+ <property id='description'>Policy: */team
+Rule: team manager is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
+ <property id='condition'>python:object.Document_policyApplies('*/team')</property>
+ <property id='priority'>10</property>
+ <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+ <multi_property id='category'>function/knowledge/manager</multi_property>
+ <multi_property id='base_category'>group</multi_property>
+ <multi_property id='base_category'>function</multi_property>
+ </role>
+ <role id='Associate'>
+ <property id='title'>Team Associates</property>
+ <property id='description'>Policy: */team
+Rule: all team members have a right to access document once it has been shared or released</property>
+ <property id='condition'>python:object.Document_policyApplies('*/team')</property>
+ <property id='priority'>10</property>
+ <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+ <multi_property id='category'></multi_property>
+ <multi_property id='base_category'>group</multi_property>
+ </role>
+ <role id='Assignee'>
+ <property id='title'>Team Collaborators</property>
+ <property id='description'>Policy: collaborative/team
+Rule: all members of the team can edit the document before it is submitted, and can submit it</property>
+ <property id='condition'>python:object.Document_policyApplies('collaborative/team')</property>
+ <property id='priority'>10</property>
+ <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+ <multi_property id='category'></multi_property>
+ <multi_property id='base_category'>group</multi_property>
+ </role>
+ <role id='Assignee'>
+ <property id='title'>Public Collaborators</property>
+ <property id='description'>Policy: collaborative/public
+Rule: everyone in the organisation (root group) can edit the doc before it is submitted, and can suggest its publication</property>
+ <property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
+ <property id='priority'>10</property>
+ <property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
+ <multi_property id='category'></multi_property>
+ <multi_property id='base_category'>group</multi_property>
+ </role>
+ <role id='Assignor'>
+ <property id='title'>Public Reviewer</property>
+ <property id='description'>Policy: collaborative/public
+Rule: any person with knowledge/manager role can publish the document and manage access rights to it</property>
+ <property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
+ <property id='priority'>10</property>
+ <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+ <multi_property id='category'>function/knowledge/manager</multi_property>
+ <multi_property id='base_category'>function</multi_property>
+ </role>
</type_roles>
Added: erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_policyApplies.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_policyApplies.xml?rev=11040&view=auto
==============================================================================
--- erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_policyApplies.xml (added)
+++ erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_policyApplies.xml Wed Nov 1 16:58:24 2006
@@ -1,0 +1,184 @@
+<?xml version="1.0"?>
+<ZopeData>
+ <record id="1" aka="AAAAAAAAAAE=">
+ <pickle>
+ <tuple>
+ <tuple>
+ <string>Products.PythonScripts.PythonScript</string>
+ <string>PythonScript</string>
+ </tuple>
+ <none/>
+ </tuple>
+ </pickle>
+ <pickle>
+ <dictionary>
+ <item>
+ <key> <string>Python_magic</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>Script_magic</string> </key>
+ <value> <int>3</int> </value>
+ </item>
+ <item>
+ <key> <string>__ac_local_roles__</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>_bind_names</string> </key>
+ <value>
+ <object>
+ <klass>
+ <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+ </klass>
+ <tuple/>
+ <state>
+ <dictionary>
+ <item>
+ <key> <string>_asgns</string> </key>
+ <value>
+ <dictionary>
+ <item>
+ <key> <string>name_container</string> </key>
+ <value> <string>container</string> </value>
+ </item>
+ <item>
+ <key> <string>name_context</string> </key>
+ <value> <string>context</string> </value>
+ </item>
+ <item>
+ <key> <string>name_m_self</string> </key>
+ <value> <string>script</string> </value>
+ </item>
+ <item>
+ <key> <string>name_subpath</string> </key>
+ <value> <string>traverse_subpath</string> </value>
+ </item>
+ </dictionary>
+ </value>
+ </item>
+ </dictionary>
+ </state>
+ </object>
+ </value>
+ </item>
+ <item>
+ <key> <string>_body</string> </key>
+ <value> <string>klass=context.getClassification()\n
+if klass is None:return False\n
+kl=klass.split(\'/\')\n
+\n
+if len(kl)==1:\n
+ # personal = personal/restricted\n
+ if kl[0]==\'personal\':kl.append(\'restricted\')\n
+ # collaborative = collaborative/team\n
+ if kl[0]==\'collaborative\':kl.append(\'team\')\n
+\n
+# personal/restricted is unconditional\n
+if kl==[\'personal,restricted\']:\n
+ return policy==\'personal/restricted\'\n
+\n
+pol=policy.split(\'/\')\n
+\n
+\n
+if not membershiponly:\n
+ # project policies do not apply if we don\'t have source_project\n
+ if pol[1]==\'project\':\n
+ if context.getSourceProject()==None:\n
+ return False\n
+\n
+# if all conditions are met, check if the policy is ok (wildcards are ok)\n
+return (pol[0] in (\'*\',kl[0])) and (pol[1] in (\'*\',kl[1]))\n
+</string> </value>
+ </item>
+ <item>
+ <key> <string>_code</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>_filepath</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>_owner</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>_params</string> </key>
+ <value> <string>policy,membershiponly=False</string> </value>
+ </item>
+ <item>
+ <key> <string>errors</string> </key>
+ <value>
+ <tuple/>
+ </value>
+ </item>
+ <item>
+ <key> <string>func_code</string> </key>
+ <value>
+ <object>
+ <klass>
+ <global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
+ </klass>
+ <tuple/>
+ <state>
+ <dictionary>
+ <item>
+ <key> <string>co_argcount</string> </key>
+ <value> <int>2</int> </value>
+ </item>
+ <item>
+ <key> <string>co_varnames</string> </key>
+ <value>
+ <tuple>
+ <string>policy</string>
+ <string>membershiponly</string>
+ <string>_getattr_</string>
+ <string>context</string>
+ <string>klass</string>
+ <string>None</string>
+ <string>False</string>
+ <string>kl</string>
+ <string>len</string>
+ <string>_getitem_</string>
+ <string>pol</string>
+ </tuple>
+ </value>
+ </item>
+ </dictionary>
+ </state>
+ </object>
+ </value>
+ </item>
+ <item>
+ <key> <string>func_defaults</string> </key>
+ <value>
+ <tuple>
+ <int>0</int>
+ </tuple>
+ </value>
+ </item>
+ <item>
+ <key> <string>id</string> </key>
+ <value> <string>Document_policyApplies</string> </value>
+ </item>
+ <item>
+ <key> <string>warnings</string> </key>
+ <value>
+ <tuple/>
+ </value>
+ </item>
+ </dictionary>
+ </pickle>
+ </record>
+</ZopeData>
Modified: erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml?rev=11040&r1=11039&r2=11040&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml (original)
+++ erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/archived.xml Wed Nov 1 16:58:24 2006
@@ -74,7 +74,6 @@
<string>Assignee</string>
<string>Assignor</string>
<string>Associate</string>
- <string>Auditor</string>
<string>Manager</string>
<string>Owner</string>
</tuple>
@@ -113,7 +112,6 @@
<string>Assignee</string>
<string>Assignor</string>
<string>Associate</string>
- <string>Auditor</string>
<string>Manager</string>
<string>Owner</string>
</tuple>
Modified: erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml?rev=11040&r1=11039&r2=11040&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml (original)
+++ erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/draft.xml Wed Nov 1 16:58:24 2006
@@ -42,8 +42,6 @@
<tuple>
<string>cancel</string>
<string>cancel_action</string>
- <string>share</string>
- <string>share_action</string>
<string>submit</string>
<string>submit_action</string>
</tuple>
Modified: erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml?rev=11040&r1=11039&r2=11040&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml (original)
+++ erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/shared.xml Wed Nov 1 16:58:24 2006
@@ -48,10 +48,6 @@
<tuple>
<string>archive</string>
<string>archive_action</string>
- <string>retract</string>
- <string>retract_action</string>
- <string>submit</string>
- <string>submit_action</string>
</tuple>
</value>
</item>
Modified: erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml?rev=11040&r1=11039&r2=11040&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml (original)
+++ erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/states/submitted.xml Wed Nov 1 16:58:24 2006
@@ -48,6 +48,8 @@
<string>reject_action</string>
<string>release</string>
<string>release_action</string>
+ <string>share</string>
+ <string>share_action</string>
</tuple>
</value>
</item>
Modified: erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml?rev=11040&r1=11039&r2=11040&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml (original)
+++ erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/share_action.xml Wed Nov 1 16:58:24 2006
@@ -95,8 +95,7 @@
<key> <string>roles</string> </key>
<value>
<tuple>
- <string>Assignee</string>
- <string>Owner</string>
+ <string>Assignor</string>
</tuple>
</value>
</item>
@@ -117,7 +116,7 @@
<dictionary>
<item>
<key> <string>text</string> </key>
- <value> <string>python:here.isMemberOf(\'classification/personal\')</string> </value>
+ <value> <string>python:here.Document_policyApplies(\'personal/*\')</string> </value>
</item>
</dictionary>
</pickle>
Modified: erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/submit_action.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/submit_action.xml?rev=11040&r1=11039&r2=11040&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/submit_action.xml (original)
+++ erp5/trunk/bt5/erp5_dms/WorkflowTemplateItem/portal_workflow/document_publication_workflow/transitions/submit_action.xml Wed Nov 1 16:58:24 2006
@@ -80,6 +80,12 @@
<pickle>
<dictionary>
<item>
+ <key> <string>expr</string> </key>
+ <value>
+ <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+ </value>
+ </item>
+ <item>
<key> <string>roles</string> </key>
<value>
<tuple>
@@ -91,4 +97,23 @@
</dictionary>
</pickle>
</record>
+ <record id="3" aka="AAAAAAAAAAM=">
+ <pickle>
+ <tuple>
+ <tuple>
+ <string>Products.CMFCore.Expression</string>
+ <string>Expression</string>
+ </tuple>
+ <none/>
+ </tuple>
+ </pickle>
+ <pickle>
+ <dictionary>
+ <item>
+ <key> <string>text</string> </key>
+ <value> <string>python:not here.Document_policyApplies(\'*/restricted\')</string> </value>
+ </item>
+ </dictionary>
+ </pickle>
+ </record>
</ZopeData>
Modified: erp5/trunk/bt5/erp5_dms/bt/change_log
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/bt/change_log?rev=11040&r1=11039&r2=11040&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/bt/change_log (original)
+++ erp5/trunk/bt5/erp5_dms/bt/change_log Wed Nov 1 16:58:24 2006
@@ -1,3 +1,6 @@
+2006-11-01
+Implemented basic security settings (6 policies)
+
2006-10-30
Removed "collaborated", added "shared"
Implemented "personal/project" security classification
Modified: erp5/trunk/bt5/erp5_dms/bt/dependency_list
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/bt/dependency_list?rev=11040&r1=11039&r2=11040&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/bt/dependency_list (original)
+++ erp5/trunk/bt5/erp5_dms/bt/dependency_list Wed Nov 1 16:58:24 2006
@@ -1,1 +1,0 @@
-erp5_project
Modified: erp5/trunk/bt5/erp5_dms/bt/revision
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/bt/revision?rev=11040&r1=11039&r2=11040&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/bt/revision (original)
+++ erp5/trunk/bt5/erp5_dms/bt/revision Wed Nov 1 16:58:24 2006
@@ -1,1 +1,1 @@
-290
+292
Modified: erp5/trunk/bt5/erp5_dms/bt/version
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/bt/version?rev=11040&r1=11039&r2=11040&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/bt/version (original)
+++ erp5/trunk/bt5/erp5_dms/bt/version Wed Nov 1 16:58:24 2006
@@ -1,1 +1,1 @@
-0.81
+0.82
More information about the Erp5-report
mailing list