set loops.Owner role on object creation; do not propagate Owner role to children/resources

security/common.py

@@ -167,6 +167,9 @@ def setDefaultSecurity(obj, event):
     aObj = adapted(obj)
     setter = ISecuritySetter(aObj)
     setter.setDefaultSecurity()
+    principal = getCurrentPrincipal()
+    if principal is not None:
+        assignOwner(obj, principal.id)
 
 
 @component.adapter(IConcept, IAssignmentEvent)

security/setter.py

@@ -135,6 +135,7 @@ class LoopsObjectSecuritySetter(BaseSecuritySetter):
         prm = IPrincipalRoleMap(baseObject(source.context))
         for r, p, s in prm.getPrincipalsAndRoles():
             #if p in self.workspacePrincipals:
+            if r != 'loops.Owner':
                 if revert:
                     setPrincipalRole(self.principalRoleManager, r, p, Unset)
                 else:
@@ -203,7 +204,8 @@ class ResourceSecuritySetter(LoopsObjectSecuritySetter):
             vSetters = [ISecuritySetter(adapted(v)) for v in versions]
         prm = IPrincipalRoleMap(baseObject(source.context))
         for r, p, s in prm.getPrincipalsAndRoles():
-            if p in self.workspacePrincipals:
+            #if p in self.workspacePrincipals:
+            if r != 'loops.Owner' and p in self.workspacePrincipals:
                 for v in vSetters:
                     if revert:
                         setPrincipalRole(v.principalRoleManager, r, p, Unset)