[IMP] website_sale: access rights
bzr revid: chm@openerp.com-20131115152716-86wb7yxq2s4hr633
This commit is contained in:
Christophe Matthieu
parent
e7117a5799
commit
b958ece1df
|
|
@ -136,6 +136,12 @@ class website(osv.osv):
|
|||
|
||||
is_public_user = request.uid == self.get_public_user(cr, uid, context).id
|
||||
|
||||
try:
|
||||
self.pool.get("ir.ui.view").check_access_rights(request.cr, request.uid, 'write')
|
||||
editable = True
|
||||
except:
|
||||
editable = False
|
||||
|
||||
# Select current language
|
||||
if hasattr(request, 'route_lang'):
|
||||
lang = request.route_lang
|
||||
|
|
@ -152,7 +158,8 @@ class website(osv.osv):
|
|||
'multilang': request.multilang,
|
||||
'is_public_user': is_public_user,
|
||||
'is_master_lang': is_master_lang,
|
||||
'editable': not is_public_user,
|
||||
'has_access_write': True,
|
||||
'editable': editable,
|
||||
'translatable': not is_public_user and not is_master_lang and request.multilang,
|
||||
})
|
||||
|
||||
|
|
|
|||
|
|
@ -107,7 +107,7 @@
|
|||
|
||||
<t t-raw="head or ''"/>
|
||||
</head>
|
||||
<body>
|
||||
<body t-att-class="has_access_write and 'has_access_write' or ''">
|
||||
<div id="wrapwrap">
|
||||
<header>
|
||||
<div class="navbar navbar-default navbar-static-top">
|
||||
|
|
@ -265,7 +265,7 @@
|
|||
</template>
|
||||
|
||||
<template id="publish_management">
|
||||
<div t-if="editable" t-ignore="true" class="pull-right hidden-xs" t-att-style="style or ''">
|
||||
<div t-if="has_access_write" t-ignore="true" class="pull-right hidden-xs" t-att-style="style or ''">
|
||||
<div t-attf-class="btn-group dropdown js_publish_management #{object.id and object.website_published and 'css_publish' or 'css_unpublish'}" t-att-data-id="object.id" t-att-data-object="object._name" t-att-data-controller="publish_controller">
|
||||
<a t-attf-class="btn btn-sm btn-#{object.id and object.website_published and 'success' or 'default'}" t-att-id="'dopprod-%s' % object.id" role="button" data-toggle="dropdown">Options <span class="caret"></span></a>
|
||||
<ul class="dropdown-menu" role="menu" t-att-aria-labelledby="'dopprod-%s' % object.id">
|
||||
|
|
@ -284,7 +284,7 @@
|
|||
</template>
|
||||
|
||||
<template id="publish_short">
|
||||
<t t-if="editable" t-ignore="true">
|
||||
<t t-if="has_access_write" t-ignore="true">
|
||||
<a href="#" t-att-data-id="object.id" t-att-data-object="object._name"
|
||||
t-att-data-publish="object.id and object.website_published and 'on' or 'off'"
|
||||
class="pull-right js_publish">
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
<field name="name">event: Public</field>
|
||||
<field name="model_id" ref="event.model_event_event"/>
|
||||
<field name="domain_force">[('website_published', '=', True)]</field>
|
||||
<field name="groups" eval="[(4, ref('base.group_public')), (4, ref('base.group_portal'))]"/>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
|
|
@ -14,15 +15,7 @@
|
|||
<field name="name">event ticket: Public</field>
|
||||
<field name="model_id" ref="event_sale.model_event_event_ticket"/>
|
||||
<field name="domain_force">[('event_id.website_published', '=', True)]</field>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
<field name="perm_unlink" eval="False"/>
|
||||
</record>
|
||||
<record id="event_product_product_public" model="ir.rule">
|
||||
<field name="name">Product linked to event: Public</field>
|
||||
<field name="model_id" ref="product.model_product_product"/>
|
||||
<field name="domain_force">[('event_ticket_ids.event_id.website_published', '=', True)]</field>
|
||||
<field name="groups" eval="[(4, ref('base.group_public')), (4, ref('base.group_portal'))]"/>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
|
|
@ -32,6 +25,7 @@
|
|||
<field name="name">Product template linked to event: Public</field>
|
||||
<field name="model_id" ref="product.model_product_template"/>
|
||||
<field name="domain_force">[('product_variant_ids.event_ticket_ids.event_id.website_published', '=', True)]</field>
|
||||
<field name="groups" eval="[(4, ref('base.group_public')), (4, ref('base.group_portal'))]"/>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@
|
|||
<data>
|
||||
<record id="membership_product_product_public" model="ir.rule">
|
||||
<field name="name">Product membership: Public</field>
|
||||
<field name="model_id" ref="product.model_product_product"/>
|
||||
<field name="domain_force">[('website_published', '=', True), ('membership', '=', True)]</field>
|
||||
<field name="groups" eval="[(4, ref('base.group_public'))]"/>
|
||||
<field name="model_id" ref="product.model_product_template"/>
|
||||
<field name="domain_force">[('website_published', '=', True), ('product_variant_ids.membership', '=', True)]</field>
|
||||
<field name="groups" eval="[(4, ref('base.group_public')), (4, ref('base.group_portal'))]"/>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
|
|
@ -15,7 +15,7 @@
|
|||
<field name="name">Membership line: Public</field>
|
||||
<field name="model_id" ref="membership.model_membership_membership_line"/>
|
||||
<field name="domain_force">[('partner.website_published', '=', True)]</field>
|
||||
<field name="groups" eval="[(4, ref('base.group_public'))]"/>
|
||||
<field name="groups" eval="[(4, ref('base.group_public')), (4, ref('base.group_portal'))]"/>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
|
|
|
|||
|
|
@ -324,11 +324,6 @@ class Ecommerce(http.Controller):
|
|||
|
||||
domain = [("sale_ok", "=", True)]
|
||||
|
||||
try:
|
||||
product_obj.check_access_rights(request.cr, request.uid, 'write')
|
||||
except:
|
||||
domain += [('website_published', '=', True)]
|
||||
|
||||
# remove product_product_consultant from ecommerce editable mode, this product never be publish
|
||||
ref = request.registry.get('ir.model.data').get_object_reference(request.cr, SUPERUSER_ID, 'product', 'product_product_consultant')
|
||||
domain += [("id", "!=", ref[1])]
|
||||
|
|
@ -365,7 +360,14 @@ class Ecommerce(http.Controller):
|
|||
style_ids = style_obj.search(request.cr, request.uid, [(1, '=', 1)], context=request.context)
|
||||
styles = style_obj.browse(request.cr, request.uid, style_ids, context=request.context)
|
||||
|
||||
try:
|
||||
product_obj.check_access_rights(request.cr, request.uid, 'write')
|
||||
has_access_write = True
|
||||
except:
|
||||
has_access_write = False
|
||||
|
||||
values = {
|
||||
'has_access_write': has_access_write,
|
||||
'Ecommerce': self,
|
||||
'product_ids': product_ids,
|
||||
'product_ids_for_holes': fill_hole,
|
||||
|
|
@ -397,7 +399,14 @@ class Ecommerce(http.Controller):
|
|||
|
||||
request.context['pricelist'] = self.get_pricelist()
|
||||
|
||||
try:
|
||||
request.registry.get('product.template').check_access_rights(request.cr, request.uid, 'write')
|
||||
has_access_write = True
|
||||
except:
|
||||
has_access_write = False
|
||||
|
||||
values = {
|
||||
'has_access_write': has_access_write,
|
||||
'Ecommerce': self,
|
||||
'category': category,
|
||||
'category_list': category_list,
|
||||
|
|
|
|||
|
|
@ -5,15 +5,7 @@
|
|||
<field name="name">Public product template</field>
|
||||
<field name="model_id" ref="product.model_product_template"/>
|
||||
<field name="domain_force">[('website_published', '=', True), ("sale_ok", "=", True)]</field>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
<field name="perm_unlink" eval="False"/>
|
||||
</record>
|
||||
<record id="product_product_public" model="ir.rule">
|
||||
<field name="name">Public product</field>
|
||||
<field name="model_id" ref="product.model_product_product"/>
|
||||
<field name="domain_force">[('website_published', '=', True), ("sale_ok", "=", True)]</field>
|
||||
<field name="groups" eval="[(4, ref('base.group_public')), (4, ref('base.group_portal'))]"/>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
|
|
@ -24,6 +16,7 @@
|
|||
<field name="name">Public Personal Orders</field>
|
||||
<field ref="model_sale_order" name="model_id"/>
|
||||
<field name="domain_force">[('state','=','draft'), ('website_session_id','!=',False), ('website_session_id','=',session.get('website_session_id'))]</field>
|
||||
<field name="groups" eval="[(4, ref('base.group_public')), (4, ref('base.group_portal'))]"/>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
|
|
@ -33,6 +26,7 @@
|
|||
<field name="name">Public Personal Order lines</field>
|
||||
<field ref="model_sale_order_line" name="model_id"/>
|
||||
<field name="domain_force">[('state','=','draft'), ('order_id.website_session_id','!=',False), ('order_id.website_session_id','=',session.get('website_session_id'))]</field>
|
||||
<field name="groups" eval="[(4, ref('base.group_public')), (4, ref('base.group_portal'))]"/>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
|
|
@ -43,6 +37,7 @@
|
|||
<field name="name">Public product pricelist</field>
|
||||
<field name="model_id" ref="product.model_product_pricelist"/>
|
||||
<field name="domain_force">[('id','=',session.get('ecommerce_pricelist'))]</field>
|
||||
<field name="groups" eval="[(4, ref('base.group_public')), (4, ref('base.group_portal'))]"/>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
|
|
|
|||
|
|
@ -89,13 +89,13 @@
|
|||
<div class="oe_structure"/>
|
||||
<div class="container oe_website_sale">
|
||||
<div class="row">
|
||||
<div class="col-sm-6 pagination hidden-xs" style="padding-left: 15px;">
|
||||
<div class="col-sm-4 pagination hidden-xs" style="padding-left: 15px;">
|
||||
<form t-if="editable" t-keep-query="category,search,facettes"
|
||||
method="POST" t-action="/shop/add_product">
|
||||
<button class="btn btn-primary">New Product</button>
|
||||
</form>
|
||||
</div>
|
||||
<div class="col-sm-6 products_pager">
|
||||
<div class="col-sm-8 products_pager">
|
||||
<t t-call="website.pager">
|
||||
<t t-set="classname">pull-right</t>
|
||||
<t t-set="style">padding-left: 5px;</t>
|
||||
|
|
@ -124,7 +124,7 @@
|
|||
|
||||
<div class="oe_product_cart" t-att-data-publish="product.website_published and 'on' or 'off'">
|
||||
|
||||
<div class="css_options" t-ignore="true" t-if="editable">
|
||||
<div class="css_options" t-ignore="true" t-if="has_access_write">
|
||||
<div t-attf-class="dropdown js_options" t-att-data-id="product.id">
|
||||
<a class="btn btn-default" t-att-id="'dopprod-%s' % product.id" role="button" data-toggle="dropdown">Options <span class="caret"></span></a>
|
||||
<ul class="dropdown-menu" role="menu" t-att-aria-labelledby="'dopprod-%s' % product.id">
|
||||
|
|
|
|||
Loading…
Reference in New Issue