Improved Security
bzr revid: fp@tinyerp.com-20080903181103-bqd5cey4r48bmjyf
This commit is contained in:
Fabien Pinckaers
parent
ca44da0b2c
commit
90b59fe85a
|
|
@ -273,28 +273,13 @@ def load_module_graph(cr, graph, status=None, **kwargs):
|
|||
cr.execute('update ir_module_module set demo=%s where name=%s', (True, package.name))
|
||||
package_todo.append(package.name)
|
||||
cr.execute("update ir_module_module set state='installed' where state in ('to upgrade', 'to install') and name=%s", (package.name,))
|
||||
|
||||
# check if all model of the module have at least a access rule.
|
||||
# TODO: improve this query which is very slow !!!
|
||||
cr.execute(""" SELECT name
|
||||
FROM ir_model m
|
||||
WHERE EXISTS (SELECT 1
|
||||
FROM ir_model_data
|
||||
WHERE module = %s
|
||||
AND model = m.name
|
||||
)
|
||||
AND NOT EXISTS (SELECT 1
|
||||
FROM ir_model_access
|
||||
WHERE model_id = m.id
|
||||
)
|
||||
""", (m,))
|
||||
|
||||
for (model,) in cr.fetchall():
|
||||
logger.notifyChannel('init', netsvc.LOG_WARNING, 'addon:%s:object %s has no access rules!' % (m,model,))
|
||||
|
||||
cr.commit()
|
||||
statusi+=1
|
||||
|
||||
cr.execute("""select model,name from ir_model where id not in (select model_id from ir_model_access)""")
|
||||
for (model,name) in cr.fetchall():
|
||||
logger.notifyChannel('init', netsvc.LOG_WARNING, 'addon:object %s (%s) has no access rules!' % (model,name))
|
||||
|
||||
pool = pooler.get_pool(cr.dbname)
|
||||
cr.execute('select * from ir_model where state=%s', ('manual',))
|
||||
for model in cr.dictfetchall():
|
||||
|
|
|
|||
|
|
@ -6,11 +6,11 @@
|
|||
Users Groups
|
||||
-->
|
||||
<record model="res.groups" id="group_system">
|
||||
<field name="name">System</field>
|
||||
<field name="name">Administrator / Configuration</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_erp_manager">
|
||||
<field name="name">ERP Manager</field>
|
||||
<field name="name">Administrator / Access Rights</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_user">
|
||||
|
|
@ -21,20 +21,12 @@
|
|||
<field name="name">Account Manager</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_request">
|
||||
<field name="name">Request</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_cron">
|
||||
<field name="name">Cron Jobs</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_extended">
|
||||
<field name="name">Extended View</field>
|
||||
<field name="name">Useability / Extended View</field>
|
||||
</record>
|
||||
|
||||
<record model="res.groups" id="group_no_one">
|
||||
<field name="name">No One</field>
|
||||
<field name="name">Useability / No One</field>
|
||||
</record>
|
||||
|
||||
<!--
|
||||
|
|
|
|||
|
|
@ -48,9 +48,6 @@
|
|||
</form>
|
||||
</field>
|
||||
</page>
|
||||
<page string="Menus">
|
||||
<field colspan="4" name="menu_access"/>
|
||||
</page>
|
||||
<page string="Rules">
|
||||
<field colspan="4" name="rule_groups" nolabel="1">
|
||||
<tree string="Rules">
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
|
||||
access_ir_attachment_group_system,ir_attachment group_system,model_ir_attachment,group_system,1,0,0,0
|
||||
access_ir_cron_group_cron,ir_cron group_cron,model_ir_cron,group_cron,1,1,1,1
|
||||
access_ir_cron_group_cron,ir_cron group_cron,model_ir_cron,group_system,1,1,1,1
|
||||
access_ir_default_group_system,ir_default group_system,model_ir_default,group_system,1,0,0,0
|
||||
access_ir_exports_group_system,ir_exports group_system,model_ir_exports,group_system,1,0,0,0
|
||||
access_ir_exports_line_group_system,ir_exports_line group_system,model_ir_exports_line,group_system,1,0,0,0
|
||||
|
|
@ -36,7 +36,7 @@ access_res_company_group_user,res_company group_user,model_res_company,group_use
|
|||
access_res_country_group_user,res_country group_user,model_res_country,group_user,1,0,0,0
|
||||
access_res_country_state_group_user,res_country_state group_user,model_res_country_state,group_user,1,0,0,0
|
||||
access_res_currency_group_user,res_currency group_user,model_res_currency,group_user,1,0,0,0
|
||||
access_res_currency_rate_group_account_manager,res_currency_rate group_account_manager,model_res_currency_rate,group_account_manager,1,1,1,1
|
||||
access_res_currency_rate_group_user,res_currency_rate group_user,model_res_currency_rate,group_user,1,1,1,1
|
||||
access_res_currency_rate_group_user,res_currency_rate group_user,model_res_currency_rate,group_user,1,0,0,0
|
||||
access_res_groups_group_erp_manager,res_groups group_erp_manager,model_res_groups,group_erp_manager,1,1,1,1
|
||||
access_res_groups_group_user,res_groups group_user,model_res_groups,group_user,1,0,0,0
|
||||
|
|
@ -65,8 +65,7 @@ access_res_partner_som_group_user,res_partner_som group_user,model_res_partner_s
|
|||
access_res_partner_som_group_partner_manager,res_partner_som group_partner_manager,model_res_partner_som,group_partner_manager,0,0,0,1
|
||||
access_res_partner_title_group_user,res_partner_title group_user,model_res_partner_title,group_user,1,1,1,0
|
||||
access_res_partner_title_group_partner_manager,res_partner_title group_partner_manager,model_res_partner_title,group_partner_manager,0,0,0,1
|
||||
access_res_request_group_user,res_request group_user,model_res_request,group_user,1,0,0,0
|
||||
access_res_request_group_request,res_request group_request,model_res_request,group_request,1,1,1,1
|
||||
access_res_request_group_user,res_request group_user,model_res_request,group_user,1,1,1,1
|
||||
access_res_request_history_group_user,res_request_history group_user,model_res_request_history,group_user,1,0,0,0
|
||||
access_res_request_link_group_user,res_request_link group_user,model_res_request_link,group_user,1,0,0,0
|
||||
access_res_users_group_user,res_users group_user,model_res_users,group_user,1,1,0,0
|
||||
|
|
|
|||
|
|
|
@ -113,9 +113,9 @@ class ir_model_grid(osv.osv):
|
|||
|
||||
def unlink(self, *args, **argv):
|
||||
raise osv.except_osv('Error !', 'You cannot add an entry to this view !')
|
||||
|
||||
|
||||
def read(self, cr, uid, ids, fields=None, context=None, load='_classic_read'):
|
||||
result = super(osv.osv, self).read(cr, uid, ids, fields, context, load)
|
||||
result = super(osv.osv, self).read(cr, uid, ids, fields, context, load)
|
||||
allgr = self.pool.get('res.groups').search(cr, uid, [], context=context)
|
||||
acc_obj = self.pool.get('ir.model.access')
|
||||
for res in result:
|
||||
|
|
@ -134,7 +134,10 @@ class ir_model_grid(osv.osv):
|
|||
if rule.perm_unlink:
|
||||
perm_list.append('u')
|
||||
perms = ",".join(perm_list)
|
||||
res['group_%i'%rule.group_id.id] = perms
|
||||
if rule.group_id:
|
||||
res['group_%d'%rule.group_id.id] = perms
|
||||
else:
|
||||
res['group_0'] = perms
|
||||
return result
|
||||
|
||||
#
|
||||
|
|
@ -151,7 +154,7 @@ class ir_model_grid(osv.osv):
|
|||
for val in vals:
|
||||
if not val[:6]=='group_':
|
||||
continue
|
||||
group_id = int(val[6:])
|
||||
group_id = int(val[6:]) or False
|
||||
rules = acc_obj.search(cr, uid, [('model_id', '=', model_id),('group_id', '=', group_id)])
|
||||
if not rules:
|
||||
rules = [acc_obj.create(cr, uid, {
|
||||
|
|
@ -167,8 +170,9 @@ class ir_model_grid(osv.osv):
|
|||
result = super(ir_model_grid, self).fields_get(cr, uid, fields, context)
|
||||
groups = self.pool.get('res.groups').search(cr, uid, [])
|
||||
groups_br = self.pool.get('res.groups').browse(cr, uid, groups)
|
||||
result['group_0'] = {'string': 'All Users','type': 'char','size': 7}
|
||||
for group in groups_br:
|
||||
result['group_%i'%group.id] = {'string': '%s'%group.name,'type': 'char','size': 7}
|
||||
result['group_%d'%group.id] = {'string': '%s'%group.name,'type': 'char','size': 7}
|
||||
return result
|
||||
|
||||
def fields_view_get(self, cr, uid, view_id=None, view_type='form', context={}, toolbar=False):
|
||||
|
|
@ -179,9 +183,11 @@ class ir_model_grid(osv.osv):
|
|||
xml = '''<?xml version="1.0"?>
|
||||
<%s editable="bottom">
|
||||
<field name="name" select="1" readonly="1"/>
|
||||
<field name="model" select="1" readonly="1"/>''' % (view_type,)
|
||||
<field name="model" select="1" readonly="1"/>
|
||||
<field name="group_0"/>
|
||||
''' % (view_type,)
|
||||
for group in groups_br:
|
||||
xml += '''<field name="group_%i" sum="%s"/>''' % (group.id, group.name)
|
||||
xml += '''<field name="group_%d"/>''' % (group.id, )
|
||||
xml += '''</%s>''' % (view_type,)
|
||||
result['arch'] = xml
|
||||
result['fields'] = self.fields_get(cr, uid, cols, context)
|
||||
|
|
|
|||
|
|
@ -1,9 +1,10 @@
|
|||
<?xml version="1.0" encoding="utf-8"?><terp><data noupdate="1">
|
||||
<record model="res.groups" id="group_account_manager">
|
||||
<field name="name">Account Manager</field>
|
||||
</record>
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<terp>
|
||||
<data noupdate="1">
|
||||
|
||||
<record model="res.groups" id="group_partner_manager">
|
||||
<field name="name">Partner Manager</field>
|
||||
</record>
|
||||
</data></terp>
|
||||
|
||||
</data>
|
||||
</terp>
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ import pytz
|
|||
|
||||
class groups(osv.osv):
|
||||
_name = "res.groups"
|
||||
_order = 'name'
|
||||
_columns = {
|
||||
'name': fields.char('Group Name', size=64, required=True),
|
||||
'model_access': fields.one2many('ir.model.access', 'group_id', 'Access Controls'),
|
||||
|
|
|
|||
Loading…
Reference in New Issue