I have spent a day upgrading a very old ERP5 site from old security to the modern PAS based + roles based model.
Here are some comments and hints about this experience.
I wrote the following script (not the most beautiful):
types_tool = context.portal_types if ptype: ptype = types_tool[ptype] ptype.updateRoleMapping() return portal = context.getPortalObject() for ptype in types_tool.objectIds(): portal.person_module.activate(activity='SQLQueue').ERP5Site_updateRoleMapping(ptype=ptype) return "done"
Now here are the results:
* it worked
* I had to remove some useless reindexObject and immediateReindexObject activities
* I wonder why activate() does not work on a portal object (too bad)
In my opinion, upgrading securities in an ERP5 Site should be a bit easier. Here are my recommendations:
* make sure that the updateRoleMapping does not generate too many reindexing activities (1 reindexObject per object is probably enough for a mass upgrade). Or maybe even better, prevent reindexing in such a case. Or maybe better, write a reindexing script such as ERP5Site_reindexAll which also upgrades security (and does not generate more reindexing messages).
* make reindexing of large folders a bit better (ie. by splitting the reindexing on each component of the folder) - I already committed this
In the end, I would like to be able to massively upgrade the security of a site without pain and in real time.