odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

* Resolved bug in permissions view (Define Access) 

* Actions for demo user
* Added missing mandatory fields to new views
* User security in draft

bzr revid: jean-baptiste.aubort@camptocamp.com-20080730124248-9i13imd1nj2iio7g
This commit is contained in:
Jean-Baptiste Aubort 2008-07-30 14:42:48 +02:00
parent 7787904163
commit 8370ba11fd
6 changed files with 204 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/addons/base/base_demo.xml
View File

@ -6,8 +6,6 @@
<field name="password">demo</field>
<field name="name">Demo User</field>
<field name="signature">Fabien Pinckaers</field>
<field name="action_id" ref="action_menu_admin"/>
<field name="menu_id" ref="action_menu_admin"/>
<field name="address_id" ref="main_address"/>
<field name="company_id" ref="main_company"/>
</record>

215
bin/addons/base/base_security.xml
View File

@ -70,10 +70,6 @@
<field name="name">Account Manager</field>
</record>
<record model="res.groups" id="group_partner_manager">
<field name="name">Partner Manager</field>
</record>
<record model="res.groups" id="group_request">
<field name="name">Request</field>
</record>
@ -312,6 +308,19 @@
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_actions_wizard_group_employee">
<field name="name">ir_actions_wizard group_employee</field>
<field model="ir.model" name="model_id" search="[('model', '=', 'ir.actions.wizard')]"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
@ -345,6 +354,56 @@
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_model_fields_group_employee">
<field name="name">ir_model_fields group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_model_fields"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_module_category_group_employee">
<field name="name">ir_module_category group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_module_category"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_module_module_group_employee">
<field name="name">ir_module_module group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_module_module"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_rule_group_employee">
<field name="name">ir_rule group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_rule"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_rule_group_group_employee">
<field name="name">ir_rule_group group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_rule_group"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_ui_menu_group_employee">
<field name="name">ir_ui_menu group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_ui_menu"/>
@ -380,7 +439,7 @@
<field model="ir.model" name="model_id" ref="model_res_company"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
@ -395,6 +454,36 @@
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_country_group_employee">
<field name="name">res_country group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_country"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_country_state_group_employee">
<field name="name">res_country_state group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_country_state"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_currency_group_employee">
<field name="name">res_currency group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_currency"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_currency_rate_group_employee">
<field name="name">res_currency_rate group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_currency_rate"/>
@ -445,16 +534,6 @@
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_group_partner_manager">
<field name="name">res_partner group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_address_group_employee">
<field name="name">res_partner_address group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_address"/>
@ -465,26 +544,6 @@
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_address_group_partner_manager">
<field name="name">res_partner_address group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_address"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_group_partner_manager">
<field name="name">res_partner_bank group_partner_manager</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_group_employee">
<field name="name">res_partner_bank group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank"/>
@ -495,90 +554,90 @@
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_type_group_partner_manager">
<field name="name">res_partner_bank_type group_partner_manager</field>
<record model="ir.model.access" id="access_res_partner_bank_type_group_employee">
<field name="name">res_partner_bank_type group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank_type"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_type_field_group_partner_manager">
<field name="name">res_partner_bank_type_field group_partner_manager</field>
<record model="ir.model.access" id="access_res_partner_bank_type_field_group_employee">
<field name="name">res_partner_bank_type_field group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank_type_field"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_canal_group_partner_manager">
<field name="name">res_partner_canal group_partner_manager</field>
<record model="ir.model.access" id="access_res_partner_canal_group_employee">
<field name="name">res_partner_canal group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_canal"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_category_group_partner_manager">
<field name="name">res_partner_category group_partner_manager</field>
<record model="ir.model.access" id="access_res_partner_category_group_employee">
<field name="name">res_partner_category group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_category"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_event_group_partner_manager">
<field name="name">res_partner_event group_partner_manager</field>
<record model="ir.model.access" id="access_res_partner_event_group_employee">
<field name="name">res_partner_event group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_event"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_event_type_group_partner_manager">
<field name="name">res_partner_event_type group_partner_manager</field>
<record model="ir.model.access" id="access_res_partner_event_type_group_employee">
<field name="name">res_partner_event_type group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_event_type"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_function_group_partner_manager">
<field name="name">res_partner_function group_partner_manager</field>
<record model="ir.model.access" id="access_res_partner_function_group_employee">
<field name="name">res_partner_function group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_function"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_som_group_partner_manager">
<field name="name">res_partner_som group_partner_manager</field>
<record model="ir.model.access" id="access_res_partner_som_group_employee">
<field name="name">res_partner_som group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_som"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_title_group_partner_manager">
<field name="name">res_partner_title group_partner_manager</field>
<record model="ir.model.access" id="access_res_partner_title_group_employee">
<field name="name">res_partner_title group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_title"/>
<field name="group_id" ref="group_partner_manager"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
@ -592,6 +651,36 @@
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_request_group_employee">
<field name="name">res_request group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_request"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_request_history_group_employee">
<field name="name">res_request_history group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_request_history"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_request_link_group_employee">
<field name="name">res_request_link group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_request_link"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
@ -600,7 +689,7 @@
<field model="ir.model" name="model_id" ref="model_res_users"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>

1
bin/addons/base/ir/ir.xml
View File

@ -623,6 +623,7 @@
<field name="perm_write"/>
<field name="perm_create"/>
<field name="perm_unlink"/>
<field name="name"/>
</tree>
</field>
</page>

59
bin/addons/base/ir/ir_model.py
View File

@ -32,6 +32,8 @@ import ir, re
import netsvc
from osv.orm import except_orm
from pprint import pprint
import time
import tools
import pooler
@ -106,28 +108,33 @@ class ir_model(osv.osv):
result = super(osv.osv, self).read(cr, user, ids, fields, context, load)
if context and 'advanced' in context:
for res in result:
rules = self.pool.get('ir.model.access').search(cr, user, [('model_id', '=', res['id'])])
rules_br = self.pool.get('ir.model.access').browse(cr, user, rules)
# Take into account the last found rule
rules_br_len = len(rules_br) - 1
if rules_br_len>-1:
perm_list = []
if rules_br[rules_br_len].perm_read:
perm_list.append('r')
if rules_br[rules_br_len].perm_write:
perm_list.append('w')
if rules_br[rules_br_len].perm_create:
perm_list.append('c')
if rules_br[rules_br_len].perm_unlink:
perm_list.append('u')
perms = ",".join(perm_list)
res['group_%i'%rules_br[rules_br_len].group_id.id] = perms
if 'access' in res:
rules_br = self.pool.get('ir.model.access').browse(cr, user, res['access'])
else:
rules = self.pool.get('ir.model.access').search(cr, user, [('model_id', '=', res['id'])])
rules_br = self.pool.get('ir.model.access').browse(cr, user, rules)
if len(rules_br)>0:
for rule in rules_br:
perm_list = []
if rule.perm_read:
perm_list.append('r')
if rule.perm_write:
perm_list.append('w')
if rule.perm_create:
perm_list.append('c')
if rule.perm_unlink:
perm_list.append('u')
perms = ",".join(perm_list)
res['group_%i'%rule.group_id.id] = perms
pprint(result)
return result
def write(self, cr, user, ids, vals, context=None):
vals_new = vals.copy()
if context and 'advanced' in context:
perms_rel = ['create','read','unlink','write']
perms_all = ['c','r','u','w']
perms_rel = ['read','write','create','unlink']
perms_all = ['r','w','c','u']
perms = []
for val in vals:
@ -158,6 +165,7 @@ class ir_model(osv.osv):
for k in req:
sql += '%s=%s,'%(k,req[k])
cr.execute("update ir_model_access set %s where id=%i"%(sql[:-1], rules[rule_len]))
print "update ir_model_access set %s where id=%i"%(sql[:-1], rules[rule_len])
else:
model_name = self.pool.get('ir.model').browse(cr, user, [model_id])[0].name
group_name = self.pool.get('res.groups').browse(cr, user, [group_id])[0].name
@ -166,9 +174,9 @@ class ir_model(osv.osv):
(name, model_id, group_id, perm_create, perm_read, perm_unlink, perm_write) \
values (%s, %i, %i, %s, %s, %s, %s)',
(rule_name, model_id, group_id,req['perm_create'], req['perm_read'], req['perm_unlink'], req['perm_write'],))
return 1
else:
return super(osv.osv, self).write(cr, user, ids, vals, context)
#return 1
del vals_new[val]
return super(osv.osv, self).write(cr, user, ids, vals_new, context)
def fields_get(self, cr, user, fields=None, context=None, read_access=True):
result = super(osv.osv, self).fields_get(cr, user, fields, context)
@ -283,12 +291,13 @@ class ir_model_access(osv.osv):
res = False
return res
def check(self, cr, uid, model_name, mode='read',raise_exception=True):
assert mode in ['read','write','create','unlink'], 'Invalid access mode for security'
def check(self, cr, uid, model_name, mode='read',raise_exception=True):
# Users root have all access (Todo: exclude xml-rpc requests)
if uid==1:
return True
assert mode in ['read','write','create','unlink'], 'Invalid access mode for security'
# We check if a specific rule exists
cr.execute('SELECT MAX(CASE WHEN perm_'+mode+' THEN 1 else 0 END) '
'from ir_model_access a join ir_model m on (m.id=a.model_id) '
@ -326,6 +335,10 @@ class ir_model_access(osv.osv):
res = super(ir_model_access, self).unlink(cr, uid, *args, **argv)
self.check()
return res
def read(self, cr, uid, *args, **argv):
res = super(ir_model_access, self).read(cr, uid, *args, **argv)
self.check()
return res
ir_model_access()
class ir_model_data(osv.osv):

4
bin/addons/base/res/res_security.xml
View File

@ -13,6 +13,10 @@
<field name="name">Account Manager</field>
</record>
<record model="res.groups" id="group_partner_manager">
<field name="name">Partner Manager</field>
</record>
<!--
Objects Groups
-->

22
bin/addons/base/res/res_user.py
View File

@ -113,15 +113,6 @@ class users(osv.osv):
'context_lang': fields.selection(_lang_get, 'Language', required=True),
'context_tz': fields.selection(_tz_get, 'Timezone', size=64)
}
def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
result = super(users, self).read(cr, uid, ids, fields, context, load)
canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', raise_exception=False)
if not canwrite:
for r in result:
if 'password' in r:
r['password'] = '********'
return result
_sql_constraints = [
('login_key', 'UNIQUE (login)', 'You can not have two users with the same login !')
]
@ -153,7 +144,7 @@ class users(osv.osv):
if (ids == [uid]):
ok = True
for k in values.keys():
if k not in ('password','signature','action_id', 'context_lang', 'context_tz'):
if k not in ('password', 'signature', 'action_id', 'context_lang', 'context_tz'):
ok=False
if ok:
uid = 1
@ -163,9 +154,18 @@ class users(osv.osv):
self.pool.get('ir.rule').domain_get()
return res
def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
result = super(users, self).read(cr, uid, ids, fields, context, load)
canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', raise_exception=False)
if not canwrite:
for r in result:
if 'password' in r:
r['password'] = '********'
return result
def unlink(self, cr, uid, ids):
if 1 in ids:
raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the root user as it is used internally for resources created by Tiny ERP (updates, module installation, ...)'))
raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the root user as it is used internally for resources created by Open ERP (updates, module installation, ...)'))
return super(users, self).unlink(cr, uid, ids)
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=80):