odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

* Better security related views 

* Re-organized security menu
* Added missing crossed object views (ie.: User-Roles)
* Improvements

bzr revid: jean-baptiste.aubort@camptocamp.com-20080728154335-t037bhyekjg9mu97
This commit is contained in:
Jean-Baptiste Aubort 2008-07-28 17:43:35 +02:00
parent 10adecad93
commit 7787904163
7 changed files with 449 additions and 307 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/addons/base/base_demo.xml
View File

@ -10,8 +10,6 @@
<field name="menu_id" ref="action_menu_admin"/>
<field name="address_id" ref="main_address"/>
<field name="company_id" ref="main_company"/>
<field name="group_id" ref="group_employee"/>
</record>
</data>
</terp>

390
bin/addons/base/base_security.xml
View File

@ -22,7 +22,7 @@
<field name="type">form</field>
<field name="arch" type="xml">
<form string="Define password for Root user">
<separator col="4" colspan="4" string="Set password to the root user"/>
<separator col="4" colspan="4" string="Set password for the root user"/>
<newline/>
<field name="password"/>
<newline/>
@ -62,8 +62,12 @@
<field name="name">Employee</field>
</record>
<record model="res.groups" id="group_partner">
<field name="name">Partner </field>
<!--<record model="res.groups" id="group_partner">-->
<!-- <field name="name">Partner </field>-->
<!--</record>-->
<record model="res.groups" id="group_account_manager">
<field name="name">Account Manager</field>
</record>
<record model="res.groups" id="group_partner_manager">
@ -309,28 +313,20 @@
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_actions_act_window_employee">
<field name="name">ir.actions.act_window Employee</field>
<field model="ir.model" name="model_id" search="[('model', '=', 'ir.actions.act_window')]"/>
<record model="ir.model.access" id="access_ir_act_window_group_employee">
<field name="name">ir_act_window group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_act_window"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_model_data_employee">
<field name="name">ir.model.data Employee</field>
<field model="ir.model" name="model_id" ref="model_ir_model_data"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_act_window_view_employee">
<field name="name">ir.act_window.view Employee</field>
<record model="ir.model.access" id="access_ir_act_window_view_group_employee">
<field name="name">ir_act_window_view group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_act_window_view"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
@ -338,29 +334,19 @@
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_ui_view_employee">
<field name="name">ir.ui.view Employee</field>
<field model="ir.model" name="model_id" ref="model_ir_ui_view"/>
<record model="ir.model.access" id="access_ir_model_data_group_employee">
<field name="name">ir_model_data group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_model_data"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_ui_view_sc_employee">
<field name="name">ir.ui.view_sc Employee</field>
<field model="ir.model" name="model_id" ref="model_ir_ui_view_sc"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_ui_menu_employee">
<field name="name">ir.ui.menu Employee</field>
<record model="ir.model.access" id="access_ir_ui_menu_group_employee">
<field name="name">ir_ui_menu group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_ui_menu"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
@ -368,29 +354,79 @@
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_users_employee">
<field name="name">res.users Employee</field>
<field model="ir.model" name="model_id" ref="model_res_users"/>
<record model="ir.model.access" id="access_ir_ui_view_group_employee">
<field name="name">ir_ui_view group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_ui_view"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_users_erp_manager">
<field name="name">res.users ERP Manager</field>
<field model="ir.model" name="model_id" ref="model_res_users"/>
<record model="ir.model.access" id="access_ir_ui_view_sc_group_employee">
<field name="name">ir_ui_view_sc group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_ui_view_sc"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_company_group_employee">
<field name="name">res_company group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_company"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_company_group_erp_manager">
<field name="name">res_company group_erp_manager</field>
<field model="ir.model" name="model_id" ref="model_res_company"/>
<field name="group_id" ref="group_erp_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_lang_employee">
<field name="name">res.lang Employee</field>
<record model="ir.model.access" id="access_res_currency_rate_group_employee">
<field name="name">res_currency_rate group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_currency_rate"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_currency_rate_group_account_manager">
<field name="name">res_currency_rate group_account_manager</field>
<field model="ir.model" name="model_id" ref="model_res_currency_rate"/>
<field name="group_id" ref="group_account_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_groups_group_erp_manager">
<field name="name">res_groups group_erp_manager</field>
<field model="ir.model" name="model_id" ref="model_res_groups"/>
<field name="group_id" ref="group_erp_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_lang_group_employee">
<field name="name">res_lang group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_lang"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
@ -398,39 +434,19 @@
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_bank_account_type_manager">
<field name="name">Bank Account Type Partner Manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank_type"/>
<field name="group_id" ref="group_partner_manager"/>
<record model="ir.model.access" id="access_res_partner_group_employee">
<field name="name">res_partner group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_bank_type_fields_manager">
<field name="name">Bank type fields Partner Manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank_type_field"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_bank_accounts_managere">
<field name="name">Bank Accounts Partner Manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_manager">
<field name="name">Partner Partner Manager</field>
<record model="ir.model.access" id="access_res_partner_group_partner_manager">
<field name="name">res_partner group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
@ -438,79 +454,19 @@
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_channels_manager">
<field name="name">Channels Partner Manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_canal"/>
<field name="group_id" ref="group_partner_manager"/>
<record model="ir.model.access" id="access_res_partner_address_group_employee">
<field name="name">res_partner_address group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_address"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_som_manager">
<field name="name">model_res_partner.som Partner Manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_som"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_event_manager">
<field name="name">model_res_partner.event Partner Manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_event"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_function_manager">
<field name="name">Function of the contact Partner Manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_function"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_categories_manager">
<field name="name">Partner Categories Partner Manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_category"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_title_manager">
<field name="name">model_res_partner.title Partner Manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_title"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_parnter_events_manager">
<field name="name">Partner Events Partner Manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_event_type"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_contact_manager">
<field name="name">Partner Contact Partner Manager</field>
<record model="ir.model.access" id="access_res_partner_address_group_partner_manager">
<field name="name">res_partner_address group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_address"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
@ -518,26 +474,146 @@
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner">
<field name="name">Partner Partner</field>
<field model="ir.model" name="model_id" ref="model_res_partner"/>
<field name="group_id" ref="group_partner"/>
<record model="ir.model.access" id="access_res_partner_bank_group_partner_manager">
<field name="name">res_partner_bank group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record id="access_ui_menu" model="ir.model.access">
<field name="name">Internal Request</field>
<field model="ir.model" name="model_id" ref="model_res_request"/>
<record model="ir.model.access" id="access_res_partner_bank_group_employee">
<field name="name">res_partner_bank group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_type_group_partner_manager">
<field name="name">res_partner_bank_type group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank_type"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_type_field_group_partner_manager">
<field name="name">res_partner_bank_type_field group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank_type_field"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_canal_group_partner_manager">
<field name="name">res_partner_canal group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_canal"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_category_group_partner_manager">
<field name="name">res_partner_category group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_category"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_event_group_partner_manager">
<field name="name">res_partner_event group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_event"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_event_type_group_partner_manager">
<field name="name">res_partner_event_type group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_event_type"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_function_group_partner_manager">
<field name="name">res_partner_function group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_function"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_som_group_partner_manager">
<field name="name">res_partner_som group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_som"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_title_group_partner_manager">
<field name="name">res_partner_title group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_title"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_request_group_request">
<field name="name">res_request group_request</field>
<field model="ir.model" name="model_id" ref="model_res_request"/>
<field name="group_id" ref="group_request"/>
<field eval="True" name="perm_read"/>
<field eval="True" name="perm_write"/>
<field eval="True" name="perm_create"/>
<field eval="False" name="perm_unlink"/>
</record>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_users_group_employee">
<field name="name">res_users group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_users"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_users_group_erp_manager">
<field name="name">res_users group_erp_manager</field>
<field model="ir.model" name="model_id" ref="model_res_users"/>
<field name="group_id" ref="group_erp_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
</data>
</terp>

42
bin/addons/base/base_update.xml
View File

@ -41,25 +41,34 @@
<notebook>
<page string="Group">
<field colspan="4" name="name" select="1"/>
<field colspan="4" name="users"/>
<field colspan="4" name="comment"/>
</page>
<page string="Menus">
<field colspan="4" name="menu_access"/>
<page string="Users">
<field colspan="4" name="users"/>
</page>
<page string="Security">
<field colspan="4" name="model_access">
<form string="Access Controls">
<field colspan="4" name="name" select="1"/>
<field name="model_id" select="1"/>
<newline/>
<page string="Access">
<field colspan="4" name="model_access" select="1">
<tree string="Access Rules" editable="top">
<field name="model_id"/>
<field name="perm_read"/>
<field name="perm_write"/>
<field name="perm_create"/>
<field name="perm_unlink"/>
</form>
<field name="name"/>
</tree>
</field>
</page>
<page string="Menus">
<field colspan="4" name="menu_access"/>
</page>
<page string="Rules">
<field colspan="4" name="rule_groups">
<tree string="Rules">
<field name="name"/>
<field name="model_id"/>
<field name="global"/>
</tree>
</field>
<field colspan="4" name="rule_groups"/>
</page>
</notebook>
</form>
@ -108,9 +117,14 @@
<field name="context_tz"/>
<field colspan="4" name="signature"/>
</page>
<page string="Security">
<field colspan="4" name="groups_id"/>
<field colspan="4" name="roles_id"/>
<page string="Groups">
<field colspan="4" name="groups_id" select="1"/>
</page>
<page string="Roles">
<field colspan="4" name="roles_id" select="1"/>
</page>
<page string="Rules">
<field colspan="4" name="rules_id" select="1"/>
</page>
</notebook>
</form>

259
bin/addons/base/ir/ir.xml
View File

@ -390,45 +390,7 @@
<field name="view_type">form</field>
</record>
<menuitem action="action_res_groups" id="menu_action_res_groups" parent="base.menu_users"/>
<record id="view_roles_form" model="ir.ui.view">
<field name="name">res.roles.form</field>
<field name="model">res.roles</field>
<field name="type">form</field>
<field name="arch" type="xml">
<form string="Role">
<field colspan="4" name="name" select="1"/>
<field colspan="4" name="parent_id"/>
</form>
</field>
</record>
<record id="view_roles_tree" model="ir.ui.view">
<field name="name">res.roles.tree</field>
<field name="model">res.roles</field>
<field name="type">tree</field>
<field name="field_parent">child_id</field>
<field name="arch" type="xml">
<tree string="Roles">
<field name="name"/>
</tree>
</field>
</record>
<record id="action_res_roles" model="ir.actions.act_window">
<field name="name">Roles Structure</field>
<field name="type">ir.actions.act_window</field>
<field name="res_model">res.roles</field>
<field name="view_type">tree</field>
<field eval="[('parent_id','=',False)]" name="domain"/>
</record>
<menuitem action="action_res_roles" id="menu_action_res_roles" parent="base.menu_users"/>
<record id="action_res_roles_form" model="ir.actions.act_window">
<field name="name">Roles</field>
<field name="type">ir.actions.act_window</field>
<field name="res_model">res.roles</field>
<field name="view_type">form</field>
</record>
<menuitem action="action_res_roles_form" id="menu_action_res_roles_form" parent="menu_action_res_roles"/>
<!-- View -->
<record id="view_view_form" model="ir.ui.view">
@ -653,6 +615,17 @@
<button colspan="2" name="%(act_menu_create)d" string="Create a Menu" type="action"/>
</group>
</page>
<page string="Access">
<field colspan="4" name="access" select="1">
<tree string="Access Rules" editable="top">
<field name="group_id"/>
<field name="perm_read"/>
<field name="perm_write"/>
<field name="perm_create"/>
<field name="perm_unlink"/>
</tree>
</field>
</page>
<page string="Information">
<field colspan="4" name="info" nolabel="1" select="1"/>
</page>
@ -818,14 +791,20 @@ Menu Edition
<field name="model">ir.ui.menu</field>
<field name="type">form</field>
<field name="arch" type="xml">
<form string="Menu">
<field name="complete_name"/>
<field name="name" select="1"/>
<field name="sequence"/>
<field colspan="4" name="parent_id" select="1"/>
<field name="action"/>
<field colspan="4" name="groups_id"/>
<field name="icon"/>
<form string="Menus">
<notebook>
<page string="Menu">
<field name="complete_name"/>
<field name="name" select="1"/>
<field name="sequence"/>
<field colspan="4" name="parent_id" select="1"/>
<field name="action"/>
<field name="icon"/>
</page>
<page string="Groups">
<field colspan="4" name="groups_id"/>
</page>
</notebook>
</form>
</field>
</record>
@ -930,24 +909,138 @@ Cron Jobs
<field name="view_id" ref="ir_access_view_tree"/>
</record>
<record id="property_rule_group" model="ir.rule.group">
<field name="name">Property multi-company</field>
<field model="ir.model" name="model_id" search="[('model', '=', 'ir.property')]"/>
<field eval="True" name="global"/>
</record>
<record id="property_rule_group2" model="ir.rule.group">
<field name="name">Property multi-company 2</field>
<field model="ir.model" name="model_id" search="[('model', '=', 'ir.property')]"/>
<field eval="True" name="global"/>
</record>
<record id="property_rule" model="ir.rule">
<field model="ir.model.fields" name="field_id" search="[('model', '=', 'ir.property'), ('name', '=', 'company_id')]"/>
<field name="operator">child_of</field>
<field name="operand">user.company_id.id</field>
<field name="rule_group" ref="property_rule_group"/>
</record>
<record id="property_rule_bis" model="ir.rule">
<field model="ir.model.fields" name="field_id" search="[('model', '=', 'ir.property'), ('name', '=', 'company_id')]"/>
<field name="operator">=</field>
<field name="operand">False</field>
<field name="rule_group" ref="property_rule_group2"/>
</record>
<!--
================
Security
================
-->
<!--Objects Access-->
<record id="view_model_tree" model="ir.ui.view">
<field name="name">Objects Security Tree</field>
<field name="model">ir.model</field>
<field name="type">tree</field>
</record>
<record model="ir.actions.act_window" id="action_model_view_security">
<field name="name">Define Access</field>
<field name="res_model">ir.model</field>
<field name="view_type">form</field>
<field name="view_mode">form,tree</field>
<field name="view_id" ref="view_model_tree"/>
<field name="context">{'advanced':True}</field>
</record>
<menuitem sequence="1" id="menu_objects_security" parent="base.menu_security" name="Access"/>
<menuitem sequence="1" action="action_model_view_security" id="menu_objects_security_view" parent="base.menu_objects_security" name="Define Access"/>
<menuitem sequence="2" action="ir_access_act" id="menu_ir_access_act" parent="base.menu_objects_security" name="Export/Import Access"/>
<!--Menus-->
<menuitem sequence="2" id="menu_menus_security" parent="base.menu_security" name="Menus"/>
<menuitem sequence="1" action="grant_menu_access" id="menu_grant_menu_access" parent="base.menu_menus_security" name="Define Menus"/>
<!--Roles-->
<record id="view_roles_form" model="ir.ui.view">
<field name="name">res.roles.form</field>
<field name="model">res.roles</field>
<field name="type">form</field>
<field name="arch" type="xml">
<form string="Roles">
<notebook>
<page string="Role">
<field colspan="4" name="name" select="1"/>
<field colspan="4" name="parent_id"/>
</page>
<page string="Users">
<field colspan="4" name="users"/>
</page>
</notebook>
</form>
</field>
</record>
<record id="view_roles_tree" model="ir.ui.view">
<field name="name">res.roles.tree</field>
<field name="model">res.roles</field>
<field name="type">tree</field>
<field name="field_parent">child_id</field>
<field name="arch" type="xml">
<tree string="Roles">
<field name="name"/>
</tree>
</field>
</record>
<record id="action_res_roles" model="ir.actions.act_window">
<field name="name">Roles Structure</field>
<field name="type">ir.actions.act_window</field>
<field name="res_model">res.roles</field>
<field name="view_type">tree</field>
<field eval="[('parent_id','=',False)]" name="domain"/>
</record>
<record id="action_res_roles_form" model="ir.actions.act_window">
<field name="name">Roles</field>
<field name="type">ir.actions.act_window</field>
<field name="res_model">res.roles</field>
<field name="view_type">form</field>
</record>
<menuitem sequence="3" id="menu_action_res_roles" parent="base.menu_security" name="Roles"/>
<menuitem sequence="1" action="action_res_roles_form" id="menu_action_res_roles_form" parent="menu_action_res_roles" name="Define Roles"/>
<!-- Rules -->
<record id="view_rule_group_form" model="ir.ui.view">
<field name="name">Record rules</field>
<field name="model">ir.rule.group</field>
<field name="type">form</field>
<field name="arch" type="xml">
<form string="Record rules">
<field name="model_id"/>
<field name="global"/>
<field colspan="4" name="name"/>
<group col="6" colspan="4" expand="1">
<field colspan="6" name="rules" nolabel="1"/>
<label align="0.0" colspan="6" string="The rule is satisfied if all test are True (AND)"/>
<label align="0.0" colspan="6" string="Multiple rules on same objects are joined using operator OR"/>
</group>
<form string="Rules">
<notebook>
<page string="Rule">
<field name="model_id"/>
<field name="global"/>
<field colspan="4" name="name"/>
<group col="6" colspan="4" expand="1">
<field colspan="6" name="rules" nolabel="1"/>
<label align="0.0" colspan="6" string="The rule is satisfied if all test are True (AND)"/>
<label align="0.0" colspan="6" string="Multiple rules on same objects are joined using operator OR"/>
</group>
</page>
<page string="Groups">
<field colspan="4" name="groups"/>
</page>
<page string="Users">
<field colspan="4" name="users"/>
</page>
</notebook>
</form>
</field>
</record>
<record id="view_rule_group_tree" model="ir.ui.view">
<field name="name">Record rules</field>
<field name="model">ir.rule.group</field>
@ -990,64 +1083,16 @@ Cron Jobs
</tree>
</field>
</record>
<record id="action_rule" model="ir.actions.act_window">
<field name="name">Record Rules</field>
<field name="res_model">ir.rule.group</field>
<field name="view_type">form</field>
<field name="view_id" ref="view_rule_group_tree"/>
</record>
<menuitem action="action_rule" id="menu_action_rule" parent="base.menu_security"/>
<record id="property_rule_group" model="ir.rule.group">
<field name="name">Property multi-company</field>
<field model="ir.model" name="model_id" search="[('model', '=', 'ir.property')]"/>
<field eval="True" name="global"/>
</record>
<record id="property_rule_group2" model="ir.rule.group">
<field name="name">Property multi-company 2</field>
<field model="ir.model" name="model_id" search="[('model', '=', 'ir.property')]"/>
<field eval="True" name="global"/>
</record>
<record id="property_rule" model="ir.rule">
<field model="ir.model.fields" name="field_id" search="[('model', '=', 'ir.property'), ('name', '=', 'company_id')]"/>
<field name="operator">child_of</field>
<field name="operand">user.company_id.id</field>
<field name="rule_group" ref="property_rule_group"/>
</record>
<record id="property_rule_bis" model="ir.rule">
<field model="ir.model.fields" name="field_id" search="[('model', '=', 'ir.property'), ('name', '=', 'company_id')]"/>
<field name="operator">=</field>
<field name="operand">False</field>
<field name="rule_group" ref="property_rule_group2"/>
</record>
<!--
================
Security
================
-->
<record id="view_model_tree" model="ir.ui.view">
<field name="name">Objects Security Tree</field>
<field name="model">ir.model</field>
<field name="type">tree</field>
</record>
<record model="ir.actions.act_window" id="action_model_view_security">
<field name="name">Objects Security</field>
<field name="res_model">ir.model</field>
<field name="view_type">form</field>
<field name="view_mode">form,tree</field>
<field name="view_id" ref="view_model_tree"/>
<field name="context">{'advanced':True}</field>
</record>
<menuitem id="menu_objects_security" parent="base.menu_security" name="Objects"/>
<menuitem sequence="1" action="action_model_view_security" id="menu_objects_security_view" parent="base.menu_objects_security"/>
<menuitem sequence="2" action="ir_access_act" id="menu_ir_access_act" parent="base.menu_objects_security" name="Access Rules to export/import"/>
<menuitem id="menu_menus_security" parent="base.menu_security" name="Menus"/>
<menuitem sequence="1" action="grant_menu_access" id="menu_grant_menu_access" parent="base.menu_menus_security"/>
<menuitem sequence="4" id="menu_rules_security" parent="base.menu_security" name="Rules"/>
<menuitem action="action_rule" id="menu_action_rule" parent="base.menu_rules_security" name="Define Rules"/>
</data>
</terp>

54
bin/addons/base/ir/ir_model.py
View File

@ -51,6 +51,7 @@ class ir_model(osv.osv):
'field_id': fields.one2many('ir.model.fields', 'model_id', 'Fields', required=True),
'type': fields.selection([('system','System'),('base','Base'),('addons','Addons')],'Type'),
'state': fields.selection([('manual','Custom Object'),('base','Base Field')],'Manualy Created',readonly=1),
'access': fields.one2many('ir.model.access', 'model_id', 'Access'),
}
_defaults = {
'model': lambda *a: 'x_',
@ -83,7 +84,6 @@ class ir_model(osv.osv):
x_custom_model._rec_name = x_custom_model._columns.keys()[0]
def unlink(self, cr, user, ids, context=None):
#TODO Advanced
for model in self.browse(cr, user, ids, context):
if model.state <> 'manual':
raise except_orm(_('Error'), _("You can not remove the model '%s' !") %(model.name,))
@ -103,27 +103,28 @@ class ir_model(osv.osv):
return res
def read(self, cr, user, ids, fields=None, context=None, load='_classic_read'):
result = super(osv.osv, self).read(cr, user, ids, fields, context, load)
result = super(osv.osv, self).read(cr, user, ids, fields, context, load)
if context and 'advanced' in context:
for res in result:
rules = self.pool.get('ir.model.access').search(cr, user, [('model_id', '=', res['id'])])
rules_br = self.pool.get('ir.model.access').browse(cr, user, rules)
for rule in rules_br:
# Take into account the last found rule
rules_br_len = len(rules_br) - 1
if rules_br_len>-1:
perm_list = []
if rule.perm_read:
if rules_br[rules_br_len].perm_read:
perm_list.append('r')
if rule.perm_write:
if rules_br[rules_br_len].perm_write:
perm_list.append('w')
if rule.perm_create:
if rules_br[rules_br_len].perm_create:
perm_list.append('c')
if rule.perm_unlink:
if rules_br[rules_br_len].perm_unlink:
perm_list.append('u')
perms = ",".join(perm_list)
res['group_%i'%rule.group_id.id] = perms
res['group_%i'%rules_br[rules_br_len].group_id.id] = perms
return result
def write(self, cr, user, ids, vals, context=None):
vals_new = vals.copy()
if context and 'advanced' in context:
perms_rel = ['create','read','unlink','write']
perms_all = ['c','r','u','w']
@ -142,7 +143,7 @@ class ir_model(osv.osv):
if perm not in perms_all:
model_name = self.pool.get('ir.model').browse(cr, user, [model_id])[0].model
group_name = self.pool.get('res.groups').browse(cr, user, [group_id])[0].name
raise osv.except_osv('Error !', _('There is an invalid rule in "%s" for "Group %s". Valid rules are:\r\tc=create\r\tr=read\r\tu=unlink\r\tw=write\rYou must separate them by a coma, example: r,w')%(model_name, group_name))
raise osv.except_osv('Error !', _('There is an invalid rule in "%s" for "Group %s". Valid rules are:\r\tc=create\r\tr=read\r\tu=unlink (delete)\r\tw=write\rYou must separate them by a coma, example: r,w')%(model_name, group_name))
#Assign rights
req = {}
@ -153,9 +154,10 @@ class ir_model(osv.osv):
sql = ''
rules = self.pool.get('ir.model.access').search(cr, user, [('model_id', '=', model_id),('group_id', '=', group_id)])
if rules:
rule_len = len(rules) - 1
for k in req:
sql += '%s=%s,'%(k,req[k])
cr.execute("update ir_model_access set %s where id=%i"%(sql[:-1], rules[0]))
cr.execute("update ir_model_access set %s where id=%i"%(sql[:-1], rules[rule_len]))
else:
model_name = self.pool.get('ir.model').browse(cr, user, [model_id])[0].name
group_name = self.pool.get('res.groups').browse(cr, user, [group_id])[0].name
@ -164,8 +166,9 @@ class ir_model(osv.osv):
(name, model_id, group_id, perm_create, perm_read, perm_unlink, perm_write) \
values (%s, %i, %i, %s, %s, %s, %s)',
(rule_name, model_id, group_id,req['perm_create'], req['perm_read'], req['perm_unlink'], req['perm_write'],))
vals_new.pop(val)
return super(osv.osv, self).write(cr, user, ids, vals_new, context)
return 1
else:
return super(osv.osv, self).write(cr, user, ids, vals, context)
def fields_get(self, cr, user, fields=None, context=None, read_access=True):
result = super(osv.osv, self).fields_get(cr, user, fields, context)
@ -517,8 +520,8 @@ ir_model_data()
class ir_model_config(osv.osv):
_name = 'ir.model.config'
_columns = {
'password': fields.char('Password', size=64, invisible=True),
'password_check': fields.char(' confirmation', size=64, invisible=True),
'password': fields.char('Password', size=64),
'password_check': fields.char('confirmation', size=64),
}
def action_cancel(self, cr, uid, ids, context={}):
@ -534,15 +537,16 @@ class ir_model_config(osv.osv):
res = self.read(cr,uid,ids)[0]
root = self.pool.get('res.users').browse(cr, uid, [1])[0]
self.unlink(cr, uid, [res['id']])
if res['password']==res['password_check']:
self.pool.get('res.users').write(cr, uid, [root.id], {'password':res['password']})
return {
'view_type': 'form',
"view_mode": 'form',
'res_model': 'ir.module.module.configuration.wizard',
'type': 'ir.actions.act_window',
'target':'new',
}
else:
if res['password']!=res['password_check']:
raise except_orm(_('Error'), _("Password mismatch !"))
elif not res['password']:
raise except_orm(_('Error'), _("Password empty !"))
self.pool.get('res.users').write(cr, uid, [root.id], {'password':res['password']})
return {
'view_type': 'form',
"view_mode": 'form',
'res_model': 'ir.module.module.configuration.wizard',
'type': 'ir.actions.act_window',
'target':'new',
}
ir_model_config()

3
bin/addons/base/res/res_security.xml
View File

@ -9,6 +9,9 @@
<!--
Users Groups
-->
<record model="res.groups" id="group_account_manager">
<field name="name">Account Manager</field>
</record>
<!--
Objects Groups

6
bin/addons/base/res/res_user.py
View File

@ -70,7 +70,8 @@ class roles(osv.osv):
_columns = {
'name': fields.char('Role Name', size=64, required=True),
'parent_id': fields.many2one('res.roles', 'Parent', select=True),
'child_id': fields.one2many('res.roles', 'parent_id', 'Childs')
'child_id': fields.one2many('res.roles', 'parent_id', 'Childs'),
'users': fields.many2many('res.users', 'res_roles_users_rel', 'rid', 'uid', 'Users'),
}
_defaults = {
}
@ -107,6 +108,7 @@ class users(osv.osv):
'menu_id': fields.many2one('ir.actions.actions', 'Menu Action'),
'groups_id': fields.many2many('res.groups', 'res_groups_users_rel', 'uid', 'gid', 'Groups'),
'roles_id': fields.many2many('res.roles', 'res_roles_users_rel', 'uid', 'rid', 'Roles'),
'rules_id': fields.many2many('ir.rule.group', 'user_rule_group_rel', 'rule_group_id', 'user_id', 'Rules'),
'company_id': fields.many2one('res.company', 'Company'),
'context_lang': fields.selection(_lang_get, 'Language', required=True),
'context_tz': fields.selection(_tz_get, 'Timezone', size=64)
@ -233,7 +235,7 @@ class users(osv.osv):
}
users()
class groups2(osv.osv):
class groups2(osv.osv): ##FIXME: Is there a reason to inherit this object ?
_inherit = 'res.groups'
_columns = {
'users': fields.many2many('res.users', 'res_groups_users_rel', 'gid', 'uid', 'Users'),