URB-3165: Remove permission to create integrated licences

news/URB-3165.feature

@@ -0,0 +1,2 @@
+Remove permission to create integrated licences
+[daggelpop]

src/Products/urban/migration/update_270.py

@@ -23,3 +23,24 @@ def rename_patrimony_certificate(context):
     patrimony_config_folder.reindexObject(["Title"])
 
     logger.info("upgrade step done!")
+
+
+def remove_permission_to_create_integrated_licences(context):
+    logger = logging.getLogger("urban: remove permission to create integrated licences")
+    logger.info("starting upgrade step")
+
+    portal = api.portal.get()
+    codt_integratedlicences_folder = getattr(portal.urban, "codt_integratedlicences")
+    if not codt_integratedlicences_folder:
+        logger.error("couldn't find codt_integratedlicences folder, aborting!")
+        return
+
+    for principal_id, roles in codt_integratedlicences_folder.get_local_roles():
+        if "Contributor" in roles:
+            remaining_roles = tuple(set(roles).difference(["Contributor"]))
+            codt_integratedlicences_folder.manage_delLocalRoles([principal_id])
+            if remaining_roles:
+                codt_integratedlicences_folder.manage_addLocalRoles(principal_id, remaining_roles)
+
+    codt_integratedlicences_folder.reindexObjectSecurity()
+    logger.info("upgrade step done!")

src/Products/urban/migration/upgrades.zcml

@@ -649,4 +649,13 @@
         profile="Products.urban:default"
         />
 
+    <gs:upgradeStep
+        title="Remove permission to create integrated licences"
+        description=""
+        source="1150"
+        destination="1151"
+        handler=".update_270.remove_permission_to_create_integrated_licences"
+        profile="Products.urban:default"
+        />
+
 </configure>

src/Products/urban/profiles/default/metadata.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <metadata>
-  <version>1150</version>
+  <version>1151</version>
   <dependencies>
     <dependency>profile-Products.urban:preinstall</dependency>
   </dependencies>

src/Products/urban/setuphandlers.py

@@ -797,10 +797,12 @@ def setDefaultApplicationSecurity(context):
             folder.manage_delLocalRoles(["environment_editors"])
             if folder_name in urban_folder_names:
                 folder.manage_addLocalRoles("urban_readers", ("Reader",))
-                folder.manage_addLocalRoles("urban_editors", ("Contributor",))
+                if folder_name != getLicenceFolderId("CODT_IntegratedLicence"):
+                    folder.manage_addLocalRoles("urban_editors", ("Contributor",))
             if folder_name in environment_folder_names:
                 folder.manage_addLocalRoles("environment_readers", ("Reader",))
-                folder.manage_addLocalRoles("environment_editors", ("Contributor",))
+                if folder_name != getLicenceFolderId("CODT_IntegratedLicence"):
+                    folder.manage_addLocalRoles("environment_editors", ("Contributor",))
             if folder_name == getLicenceFolderId("Inspection"):
                 folder.manage_addLocalRoles("inspection_editors", ("Contributor",))
 
@@ -1004,14 +1006,15 @@ def addApplicationFolders(context):
         setFolderAllowedTypes(licence_folder, urban_type)
         # manage the 'Add' permissions...
         try:
-            licence_folder.manage_permission(
-                "urban: Add %s" % urban_type,
-                [
-                    "Manager",
-                    "Contributor",
-                ],
-                acquire=0,
-            )
+            if urban_type != "CODT_IntegratedLicence":
+                licence_folder.manage_permission(
+                    "urban: Add %s" % urban_type,
+                    [
+                        "Manager",
+                        "Contributor",
+                    ],
+                    acquire=0,
+                )
         except ValueError:
             # exception for some portal_types having a different meta_type
             if urban_type in [