diff --git a/news/URB-3165.feature b/news/URB-3165.feature
new file mode 100644
index 000000000..bdc1cbfef
--- /dev/null
+++ b/news/URB-3165.feature
@@ -0,0 +1,2 @@
+Remove permission to create integrated licences
+[daggelpop]
\ No newline at end of file
diff --git a/src/Products/urban/migration/update_270.py b/src/Products/urban/migration/update_270.py
index f5a9b0d35..b7ba7a439 100644
--- a/src/Products/urban/migration/update_270.py
+++ b/src/Products/urban/migration/update_270.py
@@ -23,3 +23,24 @@ def rename_patrimony_certificate(context):
patrimony_config_folder.reindexObject(["Title"])
logger.info("upgrade step done!")
+
+
+def remove_permission_to_create_integrated_licences(context):
+ logger = logging.getLogger("urban: remove permission to create integrated licences")
+ logger.info("starting upgrade step")
+
+ portal = api.portal.get()
+ codt_integratedlicences_folder = getattr(portal.urban, "codt_integratedlicences")
+ if not codt_integratedlicences_folder:
+ logger.error("couldn't find codt_integratedlicences folder, aborting!")
+ return
+
+ for principal_id, roles in codt_integratedlicences_folder.get_local_roles():
+ if "Contributor" in roles:
+ remaining_roles = tuple(set(roles).difference(["Contributor"]))
+ codt_integratedlicences_folder.manage_delLocalRoles([principal_id])
+ if remaining_roles:
+ codt_integratedlicences_folder.manage_addLocalRoles(principal_id, remaining_roles)
+
+ codt_integratedlicences_folder.reindexObjectSecurity()
+ logger.info("upgrade step done!")
diff --git a/src/Products/urban/migration/upgrades.zcml b/src/Products/urban/migration/upgrades.zcml
index 7829b104a..45512995d 100644
--- a/src/Products/urban/migration/upgrades.zcml
+++ b/src/Products/urban/migration/upgrades.zcml
@@ -649,4 +649,13 @@
profile="Products.urban:default"
/>
+
+
diff --git a/src/Products/urban/profiles/default/metadata.xml b/src/Products/urban/profiles/default/metadata.xml
index af59da615..cf1914309 100644
--- a/src/Products/urban/profiles/default/metadata.xml
+++ b/src/Products/urban/profiles/default/metadata.xml
@@ -1,6 +1,6 @@
- 1150
+ 1151
profile-Products.urban:preinstall
diff --git a/src/Products/urban/setuphandlers.py b/src/Products/urban/setuphandlers.py
index 3f9f4ee3b..5ebe6d608 100644
--- a/src/Products/urban/setuphandlers.py
+++ b/src/Products/urban/setuphandlers.py
@@ -797,10 +797,12 @@ def setDefaultApplicationSecurity(context):
folder.manage_delLocalRoles(["environment_editors"])
if folder_name in urban_folder_names:
folder.manage_addLocalRoles("urban_readers", ("Reader",))
- folder.manage_addLocalRoles("urban_editors", ("Contributor",))
+ if folder_name != getLicenceFolderId("CODT_IntegratedLicence"):
+ folder.manage_addLocalRoles("urban_editors", ("Contributor",))
if folder_name in environment_folder_names:
folder.manage_addLocalRoles("environment_readers", ("Reader",))
- folder.manage_addLocalRoles("environment_editors", ("Contributor",))
+ if folder_name != getLicenceFolderId("CODT_IntegratedLicence"):
+ folder.manage_addLocalRoles("environment_editors", ("Contributor",))
if folder_name == getLicenceFolderId("Inspection"):
folder.manage_addLocalRoles("inspection_editors", ("Contributor",))
@@ -1004,14 +1006,15 @@ def addApplicationFolders(context):
setFolderAllowedTypes(licence_folder, urban_type)
# manage the 'Add' permissions...
try:
- licence_folder.manage_permission(
- "urban: Add %s" % urban_type,
- [
- "Manager",
- "Contributor",
- ],
- acquire=0,
- )
+ if urban_type != "CODT_IntegratedLicence":
+ licence_folder.manage_permission(
+ "urban: Add %s" % urban_type,
+ [
+ "Manager",
+ "Contributor",
+ ],
+ acquire=0,
+ )
except ValueError:
# exception for some portal_types having a different meta_type
if urban_type in [