Fully Open Edge Cloud

Upgrading Security

Comments from upgrade of old ERP5 with old security to PAS based + roles based model.
  • Last Update:2017-01-20
  • Version:001
  • Language:en

This document contains comments from migrating a very old ERP5 site with old security to PAS based + roles based security model.

Table of Contents

Migration Script

I wrote the following script (not the most beautiful):

types_tool = context.portal_types
  if ptype:
    ptype = types_tool[ptype]
    ptype.updateRoleMapping()
    return

  portal = context.getPortalObject()
  for ptype in types_tool.objectIds():
    portal.person_module.activate(activity='SQLQueue').ERP5Site_updateRoleMapping(ptype=ptype)

  return "done"

Results:

  • Worked.
  • I had to remove some useless reindexObject and immediateReindexObject activities.
  • I wonder why activate() does not work on a portal object (too bad).
  • In my opinion, upgrading securities in an ERP5 Site should be a bit easier.

Recommendations

  • Make sure that the updateRoleMapping does not generate too many reindexing activities (1 reindexObject per object is probably enough for a mass upgrade). Or maybe even better, prevent reindexing in such a case. Or maybe better, write a reindexing script such as ERP5Site_reindexAll which also upgrades security (and does not generate more reindexing messages).
  • make reindexing of large folders a bit better (ie. by splitting the reindexing on each component of the folder) - I already committed this

In the end, I would like to be able to massively upgrade the security of a site without pain and in real time.

Related Articles