document: ACL setup, based on ir.rules
bzr revid: p_christ@hol.gr-20101027102428-pyanpwxzhta3zqy3
This commit is contained in:
parent
4dae4d0dbf
commit
9624ef2907
|
@ -16,13 +16,13 @@
|
|||
|
||||
<record model="document.directory" id="dir_root">
|
||||
<field name="name">Documents</field>
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
<field name="user_id" eval="False"/>
|
||||
<field name="storage_id" ref="storage_default"/>
|
||||
<field name="ressource_id">0</field>
|
||||
</record>
|
||||
|
||||
<record model="document.directory" id="dir_my_folder">
|
||||
<field name="name">My Folder</field>
|
||||
<field name="name">Admin Folder</field>
|
||||
<field name="parent_id" ref="dir_root"/>
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
<field name="ressource_id">0</field>
|
||||
|
@ -37,7 +37,7 @@
|
|||
<field name="ressource_id">0</field>
|
||||
|
||||
<field name="ressource_type_id" search="[('model','=','res.partner.category')]" />
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
<field name="user_id" eval="False"/>
|
||||
</record>
|
||||
|
||||
<record model="document.directory" id="dir_partner">
|
||||
|
@ -46,7 +46,7 @@
|
|||
<field name="domain">[('category_id','in',[active_id])]</field>
|
||||
<field name="ressource_type_id" search="[('model','=','res.partner')]" />
|
||||
<field name="ressource_parent_type_id" search="[('model','=','res.partner.category')]" />
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
<field name="user_id" eval="False"/>
|
||||
<field name="ressource_id">0</field>
|
||||
|
||||
</record>
|
||||
|
@ -55,14 +55,14 @@
|
|||
<field name="name">Personal Folders</field>
|
||||
<field name="parent_id" ref="dir_root"/>
|
||||
<field name="type">ressource</field>
|
||||
<field name="user_id" eval="False"/>
|
||||
<field name="ressource_type_id" ref="base.model_res_users" />
|
||||
<field name="ressource_id">0</field>
|
||||
|
||||
</record>
|
||||
|
||||
<record model="document.directory" id="dir_product">
|
||||
<field name="name">Products</field>
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
<field name="user_id" eval="False"/>
|
||||
<field name="parent_id" ref="dir_root"/>
|
||||
<field name="ressource_id">0</field>
|
||||
|
||||
|
@ -70,7 +70,7 @@
|
|||
|
||||
<record model="document.directory" id="dir_sale_order">
|
||||
<field name="name">Sales Order</field>
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
<field name="user_id" eval="False"/>
|
||||
<field name="parent_id" ref="dir_root"/>
|
||||
<field name="ressource_id">0</field>
|
||||
|
||||
|
@ -78,7 +78,7 @@
|
|||
|
||||
<record model="document.directory" id="dir_sale_order_all">
|
||||
<field name="name">All Sales Order</field>
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
<field name="user_id" eval="False"/>
|
||||
<field name="parent_id" ref="dir_sale_order"/>
|
||||
<field name="ressource_id">0</field>
|
||||
|
||||
|
@ -86,7 +86,7 @@
|
|||
|
||||
<record model="document.directory" id="dir_sale_order_quote">
|
||||
<field name="name">Quotations</field>
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
<field name="user_id" eval="False"/>
|
||||
<field name="parent_id" ref="dir_sale_order"/>
|
||||
<field name="ressource_id">0</field>
|
||||
|
||||
|
@ -94,7 +94,7 @@
|
|||
|
||||
<record model="document.directory" id="dir_project">
|
||||
<field name="name">Projects</field>
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
<field name="user_id" eval="False"/>
|
||||
<field name="parent_id" ref="dir_root"/>
|
||||
<field name="ressource_id">0</field>
|
||||
|
||||
|
|
|
@ -14,6 +14,28 @@
|
|||
<field name="groups_id" eval="[(6,0,[ref('base.group_system')])]"/>
|
||||
</record>
|
||||
|
||||
|
||||
<record id="ir_rule_readpublicdirectories0" model="ir.rule">
|
||||
<field name="model_id" ref="document.model_document_directory"/>
|
||||
<field name="domain_force">['|',('user_id', '=', False), ('user_id', '=', user.id), '|', ('group_ids','=',False), ('group_ids','in',user.groups_id), '|', ('company_id','=',False), ('company_id','child_of',[user.company_id.id])]</field>
|
||||
<field name="name">Read public directories</field>
|
||||
<field eval="0" name="global"/>
|
||||
<field eval="[(6,0,[ref('base.group_user')])]" name="groups"/>
|
||||
<field eval="0" name="perm_unlink"/>
|
||||
<field eval="0" name="perm_write"/>
|
||||
<field eval="1" name="perm_read"/>
|
||||
<field eval="0" name="perm_create"/>
|
||||
</record>
|
||||
|
||||
<record id="ir_rule_documentmodifyowndirectories0" model="ir.rule">
|
||||
<field name="model_id" ref="document.model_document_directory"/>
|
||||
<field name="domain_force">[('user_id', '=', user.id), '|', ('group_ids','=',False), ('group_ids','in',user.groups_id), '|', ('company_id','=',False), ('company_id','child_of',[user.company_id.id]) ]</field>
|
||||
<field name="name">Document modify own directories</field>
|
||||
<field eval="0" name="global"/>
|
||||
<field eval="[(6,0,[ref('base.group_document_user')])]" name="groups"/>
|
||||
<field eval="1" name="perm_unlink"/>
|
||||
<field eval="1" name="perm_write"/>
|
||||
<field eval="0" name="perm_read"/>
|
||||
<field eval="1" name="perm_create"/>
|
||||
</record>
|
||||
</data>
|
||||
</openerp>
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
|
||||
"access_document_directory_all","document.directory all","model_document_directory",,1,0,0,0
|
||||
"access_document_directory_group_document_manager","document.directory document manager","model_document_directory","base.group_system",1,1,1,1
|
||||
"access_document_directory_group_knowledge","document.directory modify","model_document_directory","base.group_document_user",1,1,1,1
|
||||
"access_document_directory_group_system","document.directory group system","model_document_directory","base.group_system",1,1,1,1
|
||||
"access_document_directory_content_all","document.directory.content all","model_document_directory_content",,1,0,0,0
|
||||
"access_document_directory_content_group_document_manager","document.directory.content document manager","model_document_directory_content","base.group_system",1,1,1,1
|
||||
|
|
|
|
@ -0,0 +1,30 @@
|
|||
-
|
||||
In order to check the permissions setup and functionality of the
|
||||
document module:
|
||||
-
|
||||
I create a testing user for the documents
|
||||
-
|
||||
I assign some ... group to the testing user
|
||||
-
|
||||
I create a "group testing" user, which also belongs to the same ... group
|
||||
-
|
||||
I create a "blocked" user.
|
||||
-
|
||||
I create (as root) a testing folder in the document hierarchy, and
|
||||
assign ownership to the testing user, groups to the ... group.
|
||||
-
|
||||
I create a "private" folder inside the testing folder.
|
||||
-
|
||||
I try to read the testing folder as the testing user
|
||||
-
|
||||
I try to read the folder as the group user, it should fail.
|
||||
-
|
||||
I try to read the folder as the blocked user.
|
||||
-
|
||||
I create a "group" folder, with the ... group.
|
||||
-
|
||||
I try to read the "group" folder as the testing user
|
||||
-
|
||||
I try to read the "group" folder as the group user
|
||||
-
|
||||
I try to read the "group" folder as the blocked user
|
Loading…
Reference in New Issue