I have spent a day upgrading a very old ERP5 site from old security to the modern PAS based + roles based model.

Here are some comments and hints about this experience.

I wrote the following script (not the most beautiful):

types_tool = context.portal_types
if ptype:
  ptype = types_tool[ptype]
  ptype.updateRoleMapping()
  return

portal = context.getPortalObject()
for ptype in types_tool.objectIds():
  portal.person_module.activate(activity='SQLQueue').ERP5Site_updateRoleMapping(ptype=ptype)

return "done"

Now here are the results:

* it worked

but:

* I had to remove some useless reindexObject and immediateReindexObject activities

* I wonder why activate() does not work on a portal object (too bad)

In my opinion, upgrading securities in an ERP5 Site should be a bit easier. Here are my recommendations:

* make sure that the updateRoleMapping does not generate too many reindexing activities (1 reindexObject per object is probably enough for a mass upgrade). Or maybe even better, prevent reindexing in such a case. Or maybe better, write a reindexing script such as ERP5Site_reindexAll which also upgrades security (and does not generate more reindexing messages).

* make reindexing of large folders a bit better (ie. by splitting the reindexing on each component of the folder) - I already committed this

In the end, I would like to be able to massively upgrade the security of a site without pain and in real time.

Discussion/UpgradingSecurity (last edited 2008-01-03 13:48:11 by localhost)