* Added groups to roles definition

bzr revid: jean-baptiste.aubort@camptocamp.com-20080804093137-fg2ccx2vo624rp05
2008-08-04 11:31:37 +02:00 · 2008-08-04 11:31:37 +02:00 · 2316891751
parent 8370ba11fd
commit 2316891751
5 changed files with 64 additions and 48 deletions
--- a/bin/addons/base/base_security.xml
+++ b/bin/addons/base/base_security.xml
@ -2,6 +2,33 @@
 <terp>
 <data noupdate="1">

+<!--
+ Users Groups
+-->
+    <record model="res.groups" id="group_erp_manager">
+        <field name="name">ERP Manager</field>
+    </record>
+    
+    <record model="res.groups" id="group_employee">
+        <field name="name">Employee</field>
+    </record>
+
+    <record model="res.groups" id="group_account_manager">
+        <field name="name">Account Manager</field>
+    </record>
+
+    <record model="res.groups" id="group_request">
+        <field name="name">Request</field>
+    </record>
+    
+    <record model="res.groups" id="group_extended">
+        <field name="name">Extended View</field>
+    </record>
+    
+    <!--<record model="res.groups" id="group_partner">-->
+    <!--    <field name="name">Partner </field>-->
+    <!--</record>-->
+
 <!--
 Users
 -->
@ -51,33 +78,6 @@
       <field name="state">open</field>
    </record>

-<!--
- Users Groups
-->
-    <record model="res.groups" id="group_erp_manager">
-        <field name="name">ERP Manager</field>
-    </record>
-    
-    <record model="res.groups" id="group_employee">
-        <field name="name">Employee</field>
-    </record>
-    
-    <!--<record model="res.groups" id="group_partner">-->
-    <!--    <field name="name">Partner </field>-->
-    <!--</record>-->
-
-    <record model="res.groups" id="group_account_manager">
-        <field name="name">Account Manager</field>
-    </record>
-
-    <record model="res.groups" id="group_request">
-        <field name="name">Request</field>
-    </record>
-    
-    <record model="res.groups" id="group_extended">
-        <field name="name">Extended View</field>
-    </record>
-
 <!--
 Objects Groups
 -->
--- a/bin/addons/base/base_update.xml
+++ b/bin/addons/base/base_update.xml
@ -61,6 +61,14 @@
                        <page string="Menus">
                            <field colspan="4" name="menu_access"/>
                        </page>
+                        <page string="Roles">
+                            <field colspan="4" name="roles">
+                                <tree string="Roles">
+                                    <field name="name"/>
+                                    <field name="parent_id"/>
+                                </tree>
+                            </field>
+                        </page>
                        <page string="Rules">
                            <field colspan="4" name="rule_groups">
                                <tree string="Rules">
--- a/bin/addons/base/ir/ir.xml
+++ b/bin/addons/base/ir/ir.xml
@ -978,6 +978,9 @@ Cron Jobs
                    <page string="Users">
                        <field colspan="4" name="users"/>
                    </page>
+                    <page string="Groups">
+                        <field colspan="4" name="groups"/>
+                    </page>
                </notebook>
            </form>
        </field>
@ -1031,12 +1034,12 @@ Cron Jobs
                            <label align="0.0" colspan="6" string="Multiple rules on same objects are joined using operator OR"/>
                        </group>
                    </page>
-                    <page string="Groups">
-                        <field colspan="4" name="groups"/>
-                    </page>
                    <page string="Users">
                        <field colspan="4" name="users"/>
                    </page>
+                    <page string="Groups">
+                        <field colspan="4" name="groups"/>
+                    </page>
                </notebook>
            </form>
        </field>
--- a/bin/addons/base/ir/ir_model.py
+++ b/bin/addons/base/ir/ir_model.py
@ -126,7 +126,6 @@ class ir_model(osv.osv):
                            perm_list.append('u')
                        perms = ",".join(perm_list)
                        res['group_%i'%rule.group_id.id] = perms
-            pprint(result)
        return result

    def write(self, cr, user, ids, vals, context=None):
@ -296,13 +295,13 @@ class ir_model_access(osv.osv):
        if uid==1:
            return True
        
-        assert mode in ['read','write','create','unlink'], 'Invalid access mode for security'
+        assert mode in ['read','write','create','unlink'], 'Invalid access mode'
        
        # We check if a specific rule exists
        cr.execute('SELECT MAX(CASE WHEN perm_'+mode+' THEN 1 else 0 END) '
            'from ir_model_access a join ir_model m on (m.id=a.model_id) '
                'join res_groups_users_rel gu on (gu.gid = a.group_id) '
-            'where m.model = %s and gu.uid = %s', (model_name, uid,))
+            'where m.model=%s and gu.uid=%s', (model_name, uid,))
        r = cr.fetchall()
        
        print '%s in %s = %s by %i'%(mode, model_name, str(r[0][0]), uid) # FIXME: REMOVE PLEASE
--- a/bin/addons/base/res/res_user.py
+++ b/bin/addons/base/res/res_user.py
@ -28,6 +28,7 @@
 ##############################################################################

 from osv import fields,osv
+from osv.orm import except_orm
 import tools
 import pytz

@ -72,6 +73,7 @@ class roles(osv.osv):
        'parent_id': fields.many2one('res.roles', 'Parent', select=True),
        'child_id': fields.one2many('res.roles', 'parent_id', 'Childs'),
        'users': fields.many2many('res.users', 'res_roles_users_rel', 'rid', 'uid', 'Users'),
+        'groups': fields.many2many('res.groups', 'res_roles_groups_rel', 'rid', 'gid', 'Groups'),
    }
    _defaults = {
    }
@ -108,7 +110,7 @@ class users(osv.osv):
        'menu_id': fields.many2one('ir.actions.actions', 'Menu Action'),
        'groups_id': fields.many2many('res.groups', 'res_groups_users_rel', 'uid', 'gid', 'Groups'),
        'roles_id': fields.many2many('res.roles', 'res_roles_users_rel', 'uid', 'rid', 'Roles'),
-        'rules_id': fields.many2many('ir.rule.group', 'user_rule_group_rel', 'rule_group_id', 'user_id', 'Rules'),
+        'rules_id': fields.many2many('ir.rule.group', 'user_rule_group_rel', 'user_id', 'rule_group_id', 'Rules'),
        'company_id': fields.many2one('res.company', 'Company'),
        'context_lang': fields.selection(_lang_get, 'Language', required=True),
        'context_tz': fields.selection(_tz_get,  'Timezone', size=64)
@ -141,26 +143,29 @@ class users(osv.osv):
    company_get = tools.cache()(company_get)

    def write(self, cr, uid, ids, values, *args, **argv):
+        ok = False
+        res = {}
        if (ids == [uid]):
-            ok = True
            for k in values.keys():
-                if k not in ('password', 'signature', 'action_id', 'context_lang', 'context_tz'):
-                    ok=False
-            if ok:
-                uid = 1
-        res = super(users, self).write(cr, uid, ids, values, *args, **argv)
-        self.company_get()
-        # Restart the cache on the company_get method
-        self.pool.get('ir.rule').domain_get()
+                if k in ('password', 'signature', 'action_id', 'context_lang', 'context_tz'):
+                    ok=True
+        if ok or uid==1:
+            res = super(users, self).write(cr, uid, ids, values, *args, **argv)
+            self.company_get()
+            # Restart the cache on the company_get method
+            self.pool.get('ir.rule').domain_get()
+        else:
+            raise except_orm(_('AccessError'), 'You can not write in this document (res.users)')
        return res

    def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
        result = super(users, self).read(cr, uid, ids, fields, context, load)
-        canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', raise_exception=False)
-        if not canwrite:
-            for r in result:
-                if 'password' in r:
-                    r['password'] = '********'
+        #canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', raise_exception=False)
+        #if not canwrite and ids!=[uid]:
+        #    for r in result:
+        #        if 'password' in r:
+        #            r['password'] = '********'
+        #    result=r
        return result

    def unlink(self, cr, uid, ids):
@ -239,6 +244,7 @@ class groups2(osv.osv): ##FIXME: Is there a reason to inherit this object ?
    _inherit = 'res.groups'
    _columns = {
        'users': fields.many2many('res.users', 'res_groups_users_rel', 'gid', 'uid', 'Users'),
+        'roles': fields.many2many('res.roles', 'res_roles_groups_rel', 'gid', 'rid', 'Roles'),
    }
 groups2()