[Erp5-report] r12590 - in /erp5/trunk/bt5/erp5_dms: PortalTypeRolesTemplateItem/ SkinTempla...
nobody at svn.erp5.org
nobody at svn.erp5.org
Fri Feb 9 11:04:51 CET 2007
Author: bartek
Date: Fri Feb 9 11:04:45 2007
New Revision: 12590
URL: http://svn.erp5.org?rev=12590&view=rev
Log:
Changed security script naming - not to overwrite ERP5Type_getSecurityCategoryFromAssignment
Added:
erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignmentTree.xml
Modified:
erp5/trunk/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml
erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignmentStrict.xml
erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryMapping.xml
erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryRoot.xml
erp5/trunk/bt5/erp5_dms/bt/revision
Modified: erp5/trunk/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml?rev=12590&r1=12589&r2=12590&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml (original)
+++ erp5/trunk/bt5/erp5_dms/PortalTypeRolesTemplateItem/Text.xml Fri Feb 9 11:04:45 2007
@@ -1,19 +1,20 @@
<type_roles>
<role id='Associate'>
<property id='title'>Project Associates</property>
- <property id='description'>Policy: */project
+ <property id='description'>Policy: */project
Rule: all project members have a right to access document once it has been shared or released</property>
<property id='condition'>python:object.Document_policyApplies('*/project')</property>
- <property id='priority'>10.0</property>
+ <property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
+ <multi_property id='category'></multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Project Director</property>
- <property id='description'>Policy: */project
+ <property id='description'>Policy: */project
Rule: project director is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
<property id='condition'>python:object.Document_policyApplies('*/project')</property>
- <property id='priority'>10.0</property>
+ <property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
<multi_property id='category'>function/knowledge/manager</multi_property>
<multi_property id='base_category'>function</multi_property>
@@ -21,87 +22,93 @@
</role>
<role id='Assignee'>
<property id='title'>Owner</property>
- <property id='description'>Policy: */*
+ <property id='description'>Policy: */*
Rule: the creator is Assignee - can edit the doc and submit it</property>
- <property id='priority'>10.0</property>
+ <property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromUser</property>
+ <multi_property id='category'></multi_property>
<multi_property id='base_category'>reference</multi_property>
</role>
<role id='Auditor'>
<property id='title'>Organisation members</property>
- <property id='description'>Policy: */*
-Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)
+ <property id='description'>Policy: */*
+Rule: all people working for the same organisation are Auditors (we identify the organisation by the first part of the "group" path)
This does not apply if it is a project document and does not have a project</property>
<property id='condition'>python: not object.Document_policyApplies('*/restricted') and (object.Document_policyApplies('*/project') or not object.Document_policyApplies('*/project',True) )</property>
- <property id='priority'>10.0</property>
+ <property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
+ <multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Project Collaborators</property>
- <property id='description'>Policy: collaborative/project
+ <property id='description'>Policy: collaborative/project
Rule: all members of project team can edit the document before it is submitted, and can submit it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/project')</property>
- <property id='priority'>10.0</property>
+ <property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromArrow</property>
+ <multi_property id='category'></multi_property>
<multi_property id='base_category'>source_project</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Team Director</property>
- <property id='description'>Policy: */team
+ <property id='description'>Policy: */team
Rule: team manager is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
<property id='condition'>python:object.Document_policyApplies('*/team')</property>
- <property id='priority'>10.0</property>
- <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+ <property id='priority'>10</property>
+ <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignmentTree</property>
<multi_property id='category'>function/auc/department/director_of_department</multi_property>
<multi_property id='base_category'>group</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Team Deputy</property>
- <property id='description'>Policy: */team
+ <property id='description'>Policy: */team
Rule: team manager is an Assignor (has management rights to the doc - can review it, release, publish, add local roles)</property>
<property id='condition'>python:object.Document_policyApplies('*/team')</property>
- <property id='priority'>10.0</property>
- <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+ <property id='priority'>10</property>
+ <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignmentTree</property>
<multi_property id='category'>function/auc/department/deputy_director_of_department</multi_property>
<multi_property id='base_category'>group</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
<role id='Associate'>
<property id='title'>Team Associates</property>
- <property id='description'>Policy: */team
+ <property id='description'>Policy: */team
Rule: all team members have a right to access document once it has been shared or released</property>
<property id='condition'>python:object.Document_policyApplies('*/team')</property>
- <property id='priority'>10.0</property>
- <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+ <property id='priority'>10</property>
+ <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignmentTree</property>
+ <multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Team Collaborators</property>
- <property id='description'>Policy: collaborative/team
+ <property id='description'>Policy: collaborative/team
Rule: all members of the team can edit the document before it is submitted, and can submit it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/team')</property>
- <property id='priority'>10.0</property>
- <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+ <property id='priority'>10</property>
+ <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignmentTree</property>
+ <multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignee'>
<property id='title'>Public Collaborators</property>
- <property id='description'>Policy: collaborative/public
+ <property id='description'>Policy: collaborative/public
Rule: everyone in the organisation (root group) can edit the doc before it is submitted, and can suggest its publication</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
- <property id='priority'>10.0</property>
+ <property id='priority'>10</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryRoot</property>
+ <multi_property id='category'></multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Public Reviewer</property>
- <property id='description'>Policy: collaborative/public
+ <property id='description'>Policy: collaborative/public
Rule: any person with knowledge/manager role can publish the document and manage access rights to it</property>
<property id='condition'>python:object.Document_policyApplies('collaborative/public')</property>
- <property id='priority'>10.0</property>
- <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignment</property>
+ <property id='priority'>10</property>
+ <property id='base_category_script'>ERP5Type_getSecurityCategoryFromAssignmentTree</property>
<multi_property id='category'>function/knowledge/manager</multi_property>
<multi_property id='base_category'>function</multi_property>
</role>
Modified: erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignmentStrict.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignmentStrict.xml?rev=12590&r1=12589&r2=12590&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignmentStrict.xml (original)
+++ erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignmentStrict.xml Fri Feb 9 11:04:45 2007
@@ -69,11 +69,11 @@
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
- This does the same as ERP5Type_getSecurityCategoryFromAssignment, but we use it if we want\n
+ This does the same as ERP5Type_getSecurityCategoryFromAssignmentTree, but we use it if we want\n
only the group the user is directly assigned to (not the whole group hierarchy path).\n
"""\n
\n
-return context.ERP5Type_getSecurityCategoryFromAssignment(base_category_list, user_name, object, portal_type, strict=True)\n
+return context.ERP5Type_getSecurityCategoryFromAssignmentTree(base_category_list, user_name, object, portal_type, strict=True)\n
</string> </value>
</item>
<item>
Added: erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignmentTree.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignmentTree.xml?rev=12590&view=auto
==============================================================================
--- erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignmentTree.xml (added)
+++ erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryFromAssignmentTree.xml Fri Feb 9 11:04:45 2007
@@ -1,0 +1,253 @@
+<?xml version="1.0"?>
+<ZopeData>
+ <record id="1" aka="AAAAAAAAAAE=">
+ <pickle>
+ <tuple>
+ <tuple>
+ <string>Products.PythonScripts.PythonScript</string>
+ <string>PythonScript</string>
+ </tuple>
+ <none/>
+ </tuple>
+ </pickle>
+ <pickle>
+ <dictionary>
+ <item>
+ <key> <string>Python_magic</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>Script_magic</string> </key>
+ <value> <int>3</int> </value>
+ </item>
+ <item>
+ <key> <string>__ac_local_roles__</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>_bind_names</string> </key>
+ <value>
+ <object>
+ <klass>
+ <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+ </klass>
+ <tuple/>
+ <state>
+ <dictionary>
+ <item>
+ <key> <string>_asgns</string> </key>
+ <value>
+ <dictionary>
+ <item>
+ <key> <string>name_container</string> </key>
+ <value> <string>container</string> </value>
+ </item>
+ <item>
+ <key> <string>name_context</string> </key>
+ <value> <string>context</string> </value>
+ </item>
+ <item>
+ <key> <string>name_m_self</string> </key>
+ <value> <string>script</string> </value>
+ </item>
+ <item>
+ <key> <string>name_subpath</string> </key>
+ <value> <string>traverse_subpath</string> </value>
+ </item>
+ </dictionary>
+ </value>
+ </item>
+ </dictionary>
+ </state>
+ </object>
+ </value>
+ </item>
+ <item>
+ <key> <string>_body</string> </key>
+ <value> <string encoding="cdata"><![CDATA[
+
+"""\n
+A script returning security categories from a Person\'s assignments.\n
+\n
+Differences to the stock implementation:\n
+\n
+* if category is source_project, we look for destination_project\n
+\n
+* if category is group, we return not only the group, but also all its parents\n
+ (unless we say it is strict)\n
+"""\n
+\n
+# XXX For now, this script requires proxy manager to retrieve the Person object in all cases\n
+\n
+category_list = []\n
+\n
+person_module = context.portal_url.getPortalObject().getDefaultModule(\'Person\')\n
+# It is better to keep getObject(), in this script this\n
+# prevent a very strange bug, sometimes without getObject the\n
+# assignment is not found\n
+person_object_list = [x.getObject() for x in person_module.searchFolder(portal_type=\'Person\', reference=user_name)]\n
+\n
+if len(person_object_list) != 1:\n
+ if len(person_object_list) > 1:\n
+ raise ConsistencyError, "Error: There is more than one Person with reference \'%s\'" % user_name\n
+ else:\n
+ # if a person_object was not found in the module, we do nothing more\n
+ # this happens for example when a manager with no associated person object\n
+ # creates a person_object for a new user\n
+ return []\n
+\n
+person_object = person_object_list[0]\n
+\n
+# We look for valid assignments of this user\n
+for assignment in person_object.contentValues(filter={\'portal_type\': \'Assignment\'}):\n
+ category_dict = {}\n
+ if assignment.getValidationState() == \'open\':\n
+ try:\n
+ for base_category in base_category_list:\n
+ if base_category == \'source_project\':\n
+ category_value = assignment.getDestinationProject()\n
+ else:\n
+ category_value = assignment.getProperty(base_category)\n
+ if category_value not in (None, \'\'):\n
+ if root: category_value=category_value.split(\'/\')[0]\n
+ category_dict[base_category] = category_value\n
+ else:\n
+ raise RuntimeError, "Error: \'%s\' property is required in order to update person security group" % (base_category)\n
+ category_list.append(category_dict)\n
+ # if it is group, we go up the hierarchy (because if you work in group/a/b/c, chances are you \n
+ # are working in group/a/b, too :)\n
+ if base_category == \'group\' and not strict:\n
+ grouplist = category_value.split(\'/\')\n
+ for i in range(1,len(grouplist)):\n
+ cdict = category_dict.copy()\n
+ cdict[\'group\'] = \'/\'.join(grouplist[:-i])\n
+ category_list.append(cdict)\n
+ except RuntimeError,e:\n
+ context.log(str(e))\n
+\n
+return category_list\n
+
+
+]]></string> </value>
+ </item>
+ <item>
+ <key> <string>_code</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>_filepath</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>_owner</string> </key>
+ <value>
+ <none/>
+ </value>
+ </item>
+ <item>
+ <key> <string>_params</string> </key>
+ <value> <string>base_category_list, user_name, object, portal_type, strict=False, root=False</string> </value>
+ </item>
+ <item>
+ <key> <string>_proxy_roles</string> </key>
+ <value>
+ <tuple>
+ <string>Manager</string>
+ </tuple>
+ </value>
+ </item>
+ <item>
+ <key> <string>errors</string> </key>
+ <value>
+ <tuple/>
+ </value>
+ </item>
+ <item>
+ <key> <string>func_code</string> </key>
+ <value>
+ <object>
+ <klass>
+ <global name="FuncCode" module="Shared.DC.Scripts.Signature"/>
+ </klass>
+ <tuple/>
+ <state>
+ <dictionary>
+ <item>
+ <key> <string>co_argcount</string> </key>
+ <value> <int>6</int> </value>
+ </item>
+ <item>
+ <key> <string>co_varnames</string> </key>
+ <value>
+ <tuple>
+ <string>base_category_list</string>
+ <string>user_name</string>
+ <string>object</string>
+ <string>portal_type</string>
+ <string>strict</string>
+ <string>root</string>
+ <string>category_list</string>
+ <string>_getattr_</string>
+ <string>context</string>
+ <string>person_module</string>
+ <string>append</string>
+ <string>$append0</string>
+ <string>_getiter_</string>
+ <string>x</string>
+ <string>person_object_list</string>
+ <string>len</string>
+ <string>ConsistencyError</string>
+ <string>_getitem_</string>
+ <string>person_object</string>
+ <string>assignment</string>
+ <string>category_dict</string>
+ <string>base_category</string>
+ <string>category_value</string>
+ <string>None</string>
+ <string>_write_</string>
+ <string>RuntimeError</string>
+ <string>grouplist</string>
+ <string>range</string>
+ <string>i</string>
+ <string>cdict</string>
+ <string>e</string>
+ <string>str</string>
+ </tuple>
+ </value>
+ </item>
+ </dictionary>
+ </state>
+ </object>
+ </value>
+ </item>
+ <item>
+ <key> <string>func_defaults</string> </key>
+ <value>
+ <tuple>
+ <int>0</int>
+ <int>0</int>
+ </tuple>
+ </value>
+ </item>
+ <item>
+ <key> <string>id</string> </key>
+ <value> <string>ERP5Type_getSecurityCategoryFromAssignmentTree</string> </value>
+ </item>
+ <item>
+ <key> <string>warnings</string> </key>
+ <value>
+ <tuple/>
+ </value>
+ </item>
+ </dictionary>
+ </pickle>
+ </record>
+</ZopeData>
Modified: erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryMapping.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryMapping.xml?rev=12590&r1=12589&r2=12590&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryMapping.xml (original)
+++ erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryMapping.xml Fri Feb 9 11:04:45 2007
@@ -75,10 +75,10 @@
# XXX-JPS This code is quite frightening. I wonder really what it is for.\n
\n
return (\n
-(\'ERP5Type_getSecurityCategoryFromAssignment\', [\'function\'] ),\n
-(\'ERP5Type_getSecurityCategoryFromAssignment\', [\'source_project\'] ),\n
-(\'ERP5Type_getSecurityCategoryFromAssignment\', [\'function\', \'source_project\'] ),\n
-(\'ERP5Type_getSecurityCategoryFromAssignment\', [\'group\'] ),\n
+(\'ERP5Type_getSecurityCategoryFromAssignmentTree\', [\'function\'] ),\n
+(\'ERP5Type_getSecurityCategoryFromAssignmentTree\', [\'source_project\'] ),\n
+(\'ERP5Type_getSecurityCategoryFromAssignmentTree\', [\'function\', \'source_project\'] ),\n
+(\'ERP5Type_getSecurityCategoryFromAssignmentTree\', [\'group\'] ),\n
(\'ERP5Type_getSecurityCategoryRoot\', [\'group\']),\n
)\n
</string> </value>
Modified: erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryRoot.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryRoot.xml?rev=12590&r1=12589&r2=12590&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryRoot.xml (original)
+++ erp5/trunk/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/ERP5Type_getSecurityCategoryRoot.xml Fri Feb 9 11:04:45 2007
@@ -69,14 +69,14 @@
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
-This is the same as ERP5Type_getSecurityCategoryFromAssignment\n
+This is the same as ERP5Type_getSecurityCategoryFromAssignmentTree\n
only it returns only the first part of category\n
It is used e.g. to figure out if the user is working anywhere\n
in the certain organisation - for this, all we need is the first part\n
of the group category.\n
"""\n
\n
-return context.ERP5Type_getSecurityCategoryFromAssignment(base_category_list, user_name, object, portal_type, strict=True, root=True)\n
+return context.ERP5Type_getSecurityCategoryFromAssignmentTree(base_category_list, user_name, object, portal_type, strict=True, root=True)\n
</string> </value>
</item>
<item>
Modified: erp5/trunk/bt5/erp5_dms/bt/revision
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_dms/bt/revision?rev=12590&r1=12589&r2=12590&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_dms/bt/revision (original)
+++ erp5/trunk/bt5/erp5_dms/bt/revision Fri Feb 9 11:04:45 2007
@@ -1,1 +1,1 @@
-506
+508
More information about the Erp5-report
mailing list