From 2316891751ffb7fa593cbc99392d4f684942b098 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Aubort <jean-baptiste.aubort@camptocamp.com>
Date: Mon, 4 Aug 2008 11:31:37 +0200
Subject: [PATCH] * Added groups to roles definition

bzr revid: jean-baptiste.aubort@camptocamp.com-20080804093137-fg2ccx2vo624rp05
---
 bin/addons/base/base_security.xml | 54 +++++++++++++++----------------
 bin/addons/base/base_update.xml   |  8 +++++
 bin/addons/base/ir/ir.xml         |  9 ++++--
 bin/addons/base/ir/ir_model.py    |  5 ++-
 bin/addons/base/res/res_user.py   | 36 ++++++++++++---------
 5 files changed, 64 insertions(+), 48 deletions(-)

diff --git a/bin/addons/base/base_security.xml b/bin/addons/base/base_security.xml
index 065ee55f55a..28de043d36e 100644
--- a/bin/addons/base/base_security.xml
+++ b/bin/addons/base/base_security.xml
@@ -2,6 +2,33 @@
 <terp>
 <data noupdate="1">
 
+<!--
+ Users Groups
+-->
+    <record model="res.groups" id="group_erp_manager">
+        <field name="name">ERP Manager</field>
+    </record>
+    
+    <record model="res.groups" id="group_employee">
+        <field name="name">Employee</field>
+    </record>
+
+    <record model="res.groups" id="group_account_manager">
+        <field name="name">Account Manager</field>
+    </record>
+
+    <record model="res.groups" id="group_request">
+        <field name="name">Request</field>
+    </record>
+    
+    <record model="res.groups" id="group_extended">
+        <field name="name">Extended View</field>
+    </record>
+    
+    <!--<record model="res.groups" id="group_partner">-->
+    <!--    <field name="name">Partner </field>-->
+    <!--</record>-->
+
 <!--
  Users
 -->
@@ -51,33 +78,6 @@
        <field name="state">open</field>
     </record>
 
-<!--
- Users Groups
--->
-    <record model="res.groups" id="group_erp_manager">
-        <field name="name">ERP Manager</field>
-    </record>
-    
-    <record model="res.groups" id="group_employee">
-        <field name="name">Employee</field>
-    </record>
-    
-    <!--<record model="res.groups" id="group_partner">-->
-    <!--    <field name="name">Partner </field>-->
-    <!--</record>-->
-
-    <record model="res.groups" id="group_account_manager">
-        <field name="name">Account Manager</field>
-    </record>
-
-    <record model="res.groups" id="group_request">
-        <field name="name">Request</field>
-    </record>
-    
-    <record model="res.groups" id="group_extended">
-        <field name="name">Extended View</field>
-    </record>
-
 <!--
  Objects Groups
 -->
diff --git a/bin/addons/base/base_update.xml b/bin/addons/base/base_update.xml
index 50e90cfc68b..4597ccfa487 100644
--- a/bin/addons/base/base_update.xml
+++ b/bin/addons/base/base_update.xml
@@ -61,6 +61,14 @@
                         <page string="Menus">
                             <field colspan="4" name="menu_access"/>
                         </page>
+                        <page string="Roles">
+                            <field colspan="4" name="roles">
+                                <tree string="Roles">
+                                    <field name="name"/>
+                                    <field name="parent_id"/>
+                                </tree>
+                            </field>
+                        </page>
                         <page string="Rules">
                             <field colspan="4" name="rule_groups">
                                 <tree string="Rules">
diff --git a/bin/addons/base/ir/ir.xml b/bin/addons/base/ir/ir.xml
index eb91d3dea5b..30bd64a3aad 100644
--- a/bin/addons/base/ir/ir.xml
+++ b/bin/addons/base/ir/ir.xml
@@ -978,6 +978,9 @@ Cron Jobs
                     <page string="Users">
                         <field colspan="4" name="users"/>
                     </page>
+                    <page string="Groups">
+                        <field colspan="4" name="groups"/>
+                    </page>
                 </notebook>
             </form>
         </field>
@@ -1031,12 +1034,12 @@ Cron Jobs
                             <label align="0.0" colspan="6" string="Multiple rules on same objects are joined using operator OR"/>
                         </group>
                     </page>
-                    <page string="Groups">
-                        <field colspan="4" name="groups"/>
-                    </page>
                     <page string="Users">
                         <field colspan="4" name="users"/>
                     </page>
+                    <page string="Groups">
+                        <field colspan="4" name="groups"/>
+                    </page>
                 </notebook>
             </form>
         </field>
diff --git a/bin/addons/base/ir/ir_model.py b/bin/addons/base/ir/ir_model.py
index d19406fa441..4a75555fa99 100644
--- a/bin/addons/base/ir/ir_model.py
+++ b/bin/addons/base/ir/ir_model.py
@@ -126,7 +126,6 @@ class ir_model(osv.osv):
                             perm_list.append('u')
                         perms = ",".join(perm_list)
                         res['group_%i'%rule.group_id.id] = perms
-            pprint(result)
         return result
 
     def write(self, cr, user, ids, vals, context=None):
@@ -296,13 +295,13 @@ class ir_model_access(osv.osv):
         if uid==1:
             return True
         
-        assert mode in ['read','write','create','unlink'], 'Invalid access mode for security'
+        assert mode in ['read','write','create','unlink'], 'Invalid access mode'
         
         # We check if a specific rule exists
         cr.execute('SELECT MAX(CASE WHEN perm_'+mode+' THEN 1 else 0 END) '
             'from ir_model_access a join ir_model m on (m.id=a.model_id) '
                 'join res_groups_users_rel gu on (gu.gid = a.group_id) '
-            'where m.model = %s and gu.uid = %s', (model_name, uid,))
+            'where m.model=%s and gu.uid=%s', (model_name, uid,))
         r = cr.fetchall()
         
         print '%s in %s = %s by %i'%(mode, model_name, str(r[0][0]), uid) # FIXME: REMOVE PLEASE
diff --git a/bin/addons/base/res/res_user.py b/bin/addons/base/res/res_user.py
index 5454c0b0f5a..752bd7fc546 100644
--- a/bin/addons/base/res/res_user.py
+++ b/bin/addons/base/res/res_user.py
@@ -28,6 +28,7 @@
 ##############################################################################
 
 from osv import fields,osv
+from osv.orm import except_orm
 import tools
 import pytz
 
@@ -72,6 +73,7 @@ class roles(osv.osv):
         'parent_id': fields.many2one('res.roles', 'Parent', select=True),
         'child_id': fields.one2many('res.roles', 'parent_id', 'Childs'),
         'users': fields.many2many('res.users', 'res_roles_users_rel', 'rid', 'uid', 'Users'),
+        'groups': fields.many2many('res.groups', 'res_roles_groups_rel', 'rid', 'gid', 'Groups'),
     }
     _defaults = {
     }
@@ -108,7 +110,7 @@ class users(osv.osv):
         'menu_id': fields.many2one('ir.actions.actions', 'Menu Action'),
         'groups_id': fields.many2many('res.groups', 'res_groups_users_rel', 'uid', 'gid', 'Groups'),
         'roles_id': fields.many2many('res.roles', 'res_roles_users_rel', 'uid', 'rid', 'Roles'),
-        'rules_id': fields.many2many('ir.rule.group', 'user_rule_group_rel', 'rule_group_id', 'user_id', 'Rules'),
+        'rules_id': fields.many2many('ir.rule.group', 'user_rule_group_rel', 'user_id', 'rule_group_id', 'Rules'),
         'company_id': fields.many2one('res.company', 'Company'),
         'context_lang': fields.selection(_lang_get, 'Language', required=True),
         'context_tz': fields.selection(_tz_get,  'Timezone', size=64)
@@ -141,26 +143,29 @@ class users(osv.osv):
     company_get = tools.cache()(company_get)
 
     def write(self, cr, uid, ids, values, *args, **argv):
+        ok = False
+        res = {}
         if (ids == [uid]):
-            ok = True
             for k in values.keys():
-                if k not in ('password', 'signature', 'action_id', 'context_lang', 'context_tz'):
-                    ok=False
-            if ok:
-                uid = 1
-        res = super(users, self).write(cr, uid, ids, values, *args, **argv)
-        self.company_get()
-        # Restart the cache on the company_get method
-        self.pool.get('ir.rule').domain_get()
+                if k in ('password', 'signature', 'action_id', 'context_lang', 'context_tz'):
+                    ok=True
+        if ok or uid==1:
+            res = super(users, self).write(cr, uid, ids, values, *args, **argv)
+            self.company_get()
+            # Restart the cache on the company_get method
+            self.pool.get('ir.rule').domain_get()
+        else:
+            raise except_orm(_('AccessError'), 'You can not write in this document (res.users)')
         return res
 
     def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
         result = super(users, self).read(cr, uid, ids, fields, context, load)
-        canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', raise_exception=False)
-        if not canwrite:
-            for r in result:
-                if 'password' in r:
-                    r['password'] = '********'
+        #canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', raise_exception=False)
+        #if not canwrite and ids!=[uid]:
+        #    for r in result:
+        #        if 'password' in r:
+        #            r['password'] = '********'
+        #    result=r
         return result
 
     def unlink(self, cr, uid, ids):
@@ -239,6 +244,7 @@ class groups2(osv.osv): ##FIXME: Is there a reason to inherit this object ?
     _inherit = 'res.groups'
     _columns = {
         'users': fields.many2many('res.users', 'res_groups_users_rel', 'gid', 'uid', 'Users'),
+        'roles': fields.many2many('res.roles', 'res_roles_groups_rel', 'gid', 'rid', 'Roles'),
     }
 groups2()