* Added groups to roles definition
bzr revid: jean-baptiste.aubort@camptocamp.com-20080804093137-fg2ccx2vo624rp05
This commit is contained in:
parent
8370ba11fd
commit
2316891751
|
@ -2,6 +2,33 @@
|
|||
<terp>
|
||||
<data noupdate="1">
|
||||
|
||||
<!--
|
||||
Users Groups
|
||||
-->
|
||||
<record model="res.groups" id="group_erp_manager">
|
||||
<field name="name">ERP Manager</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_employee">
|
||||
<field name="name">Employee</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_account_manager">
|
||||
<field name="name">Account Manager</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_request">
|
||||
<field name="name">Request</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_extended">
|
||||
<field name="name">Extended View</field>
|
||||
</record>
|
||||
|
||||
<!--<record model="res.groups" id="group_partner">-->
|
||||
<!-- <field name="name">Partner </field>-->
|
||||
<!--</record>-->
|
||||
|
||||
<!--
|
||||
Users
|
||||
-->
|
||||
|
@ -51,33 +78,6 @@
|
|||
<field name="state">open</field>
|
||||
</record>
|
||||
|
||||
<!--
|
||||
Users Groups
|
||||
-->
|
||||
<record model="res.groups" id="group_erp_manager">
|
||||
<field name="name">ERP Manager</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_employee">
|
||||
<field name="name">Employee</field>
|
||||
</record>
|
||||
|
||||
<!--<record model="res.groups" id="group_partner">-->
|
||||
<!-- <field name="name">Partner </field>-->
|
||||
<!--</record>-->
|
||||
|
||||
<record model="res.groups" id="group_account_manager">
|
||||
<field name="name">Account Manager</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_request">
|
||||
<field name="name">Request</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_extended">
|
||||
<field name="name">Extended View</field>
|
||||
</record>
|
||||
|
||||
<!--
|
||||
Objects Groups
|
||||
-->
|
||||
|
|
|
@ -61,6 +61,14 @@
|
|||
<page string="Menus">
|
||||
<field colspan="4" name="menu_access"/>
|
||||
</page>
|
||||
<page string="Roles">
|
||||
<field colspan="4" name="roles">
|
||||
<tree string="Roles">
|
||||
<field name="name"/>
|
||||
<field name="parent_id"/>
|
||||
</tree>
|
||||
</field>
|
||||
</page>
|
||||
<page string="Rules">
|
||||
<field colspan="4" name="rule_groups">
|
||||
<tree string="Rules">
|
||||
|
|
|
@ -978,6 +978,9 @@ Cron Jobs
|
|||
<page string="Users">
|
||||
<field colspan="4" name="users"/>
|
||||
</page>
|
||||
<page string="Groups">
|
||||
<field colspan="4" name="groups"/>
|
||||
</page>
|
||||
</notebook>
|
||||
</form>
|
||||
</field>
|
||||
|
@ -1031,12 +1034,12 @@ Cron Jobs
|
|||
<label align="0.0" colspan="6" string="Multiple rules on same objects are joined using operator OR"/>
|
||||
</group>
|
||||
</page>
|
||||
<page string="Groups">
|
||||
<field colspan="4" name="groups"/>
|
||||
</page>
|
||||
<page string="Users">
|
||||
<field colspan="4" name="users"/>
|
||||
</page>
|
||||
<page string="Groups">
|
||||
<field colspan="4" name="groups"/>
|
||||
</page>
|
||||
</notebook>
|
||||
</form>
|
||||
</field>
|
||||
|
|
|
@ -126,7 +126,6 @@ class ir_model(osv.osv):
|
|||
perm_list.append('u')
|
||||
perms = ",".join(perm_list)
|
||||
res['group_%i'%rule.group_id.id] = perms
|
||||
pprint(result)
|
||||
return result
|
||||
|
||||
def write(self, cr, user, ids, vals, context=None):
|
||||
|
@ -296,13 +295,13 @@ class ir_model_access(osv.osv):
|
|||
if uid==1:
|
||||
return True
|
||||
|
||||
assert mode in ['read','write','create','unlink'], 'Invalid access mode for security'
|
||||
assert mode in ['read','write','create','unlink'], 'Invalid access mode'
|
||||
|
||||
# We check if a specific rule exists
|
||||
cr.execute('SELECT MAX(CASE WHEN perm_'+mode+' THEN 1 else 0 END) '
|
||||
'from ir_model_access a join ir_model m on (m.id=a.model_id) '
|
||||
'join res_groups_users_rel gu on (gu.gid = a.group_id) '
|
||||
'where m.model = %s and gu.uid = %s', (model_name, uid,))
|
||||
'where m.model=%s and gu.uid=%s', (model_name, uid,))
|
||||
r = cr.fetchall()
|
||||
|
||||
print '%s in %s = %s by %i'%(mode, model_name, str(r[0][0]), uid) # FIXME: REMOVE PLEASE
|
||||
|
|
|
@ -28,6 +28,7 @@
|
|||
##############################################################################
|
||||
|
||||
from osv import fields,osv
|
||||
from osv.orm import except_orm
|
||||
import tools
|
||||
import pytz
|
||||
|
||||
|
@ -72,6 +73,7 @@ class roles(osv.osv):
|
|||
'parent_id': fields.many2one('res.roles', 'Parent', select=True),
|
||||
'child_id': fields.one2many('res.roles', 'parent_id', 'Childs'),
|
||||
'users': fields.many2many('res.users', 'res_roles_users_rel', 'rid', 'uid', 'Users'),
|
||||
'groups': fields.many2many('res.groups', 'res_roles_groups_rel', 'rid', 'gid', 'Groups'),
|
||||
}
|
||||
_defaults = {
|
||||
}
|
||||
|
@ -108,7 +110,7 @@ class users(osv.osv):
|
|||
'menu_id': fields.many2one('ir.actions.actions', 'Menu Action'),
|
||||
'groups_id': fields.many2many('res.groups', 'res_groups_users_rel', 'uid', 'gid', 'Groups'),
|
||||
'roles_id': fields.many2many('res.roles', 'res_roles_users_rel', 'uid', 'rid', 'Roles'),
|
||||
'rules_id': fields.many2many('ir.rule.group', 'user_rule_group_rel', 'rule_group_id', 'user_id', 'Rules'),
|
||||
'rules_id': fields.many2many('ir.rule.group', 'user_rule_group_rel', 'user_id', 'rule_group_id', 'Rules'),
|
||||
'company_id': fields.many2one('res.company', 'Company'),
|
||||
'context_lang': fields.selection(_lang_get, 'Language', required=True),
|
||||
'context_tz': fields.selection(_tz_get, 'Timezone', size=64)
|
||||
|
@ -141,26 +143,29 @@ class users(osv.osv):
|
|||
company_get = tools.cache()(company_get)
|
||||
|
||||
def write(self, cr, uid, ids, values, *args, **argv):
|
||||
ok = False
|
||||
res = {}
|
||||
if (ids == [uid]):
|
||||
ok = True
|
||||
for k in values.keys():
|
||||
if k not in ('password', 'signature', 'action_id', 'context_lang', 'context_tz'):
|
||||
ok=False
|
||||
if ok:
|
||||
uid = 1
|
||||
res = super(users, self).write(cr, uid, ids, values, *args, **argv)
|
||||
self.company_get()
|
||||
# Restart the cache on the company_get method
|
||||
self.pool.get('ir.rule').domain_get()
|
||||
if k in ('password', 'signature', 'action_id', 'context_lang', 'context_tz'):
|
||||
ok=True
|
||||
if ok or uid==1:
|
||||
res = super(users, self).write(cr, uid, ids, values, *args, **argv)
|
||||
self.company_get()
|
||||
# Restart the cache on the company_get method
|
||||
self.pool.get('ir.rule').domain_get()
|
||||
else:
|
||||
raise except_orm(_('AccessError'), 'You can not write in this document (res.users)')
|
||||
return res
|
||||
|
||||
def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
|
||||
result = super(users, self).read(cr, uid, ids, fields, context, load)
|
||||
canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', raise_exception=False)
|
||||
if not canwrite:
|
||||
for r in result:
|
||||
if 'password' in r:
|
||||
r['password'] = '********'
|
||||
#canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', raise_exception=False)
|
||||
#if not canwrite and ids!=[uid]:
|
||||
# for r in result:
|
||||
# if 'password' in r:
|
||||
# r['password'] = '********'
|
||||
# result=r
|
||||
return result
|
||||
|
||||
def unlink(self, cr, uid, ids):
|
||||
|
@ -239,6 +244,7 @@ class groups2(osv.osv): ##FIXME: Is there a reason to inherit this object ?
|
|||
_inherit = 'res.groups'
|
||||
_columns = {
|
||||
'users': fields.many2many('res.users', 'res_groups_users_rel', 'gid', 'uid', 'Users'),
|
||||
'roles': fields.many2many('res.roles', 'res_roles_groups_rel', 'gid', 'rid', 'Roles'),
|
||||
}
|
||||
groups2()
|
||||
|
||||
|
|
Loading…
Reference in New Issue