ir.attachment: revise the access control code, let it be overriden

There was a fundamental problem when a user, through the 'document' module
would try to write into his personal folder; the res.users model won't be
writable by normal users. So, have all this code in a _single_ function,
which will be redefined by document.

Also follow the v6 API for access control, don't just lookup at ir.model.access.

Conflicts:

	bin/addons/base/ir/ir_attachment.py

bzr revid: p_christ@hol.gr-20101123154212-pphsnyp2rsmbjf72
This commit is contained in:
P. Christeas 2010-11-23 17:42:12 +02:00
parent a62f0bede4
commit c5b99753ea
1 changed files with 22 additions and 10 deletions

View File

@ -24,16 +24,29 @@ from osv.orm import except_orm
import tools
class ir_attachment(osv.osv):
def check(self, cr, uid, ids, mode, context=None):
def check(self, cr, uid, ids, mode, context=None, values=None):
"""Restricts the access to an ir.attachment, according to referred model
In the 'document' module, it is overriden to relax this hard rule, since
more complex ones apply there.
"""
if not ids:
return
ima = self.pool.get('ir.model.access')
if isinstance(ids, (int, long)):
ids = [ids]
cr.execute('select distinct res_model from ir_attachment where id IN %s', (tuple(ids),))
for obj in cr.fetchall():
if obj[0]:
ima.check(cr, uid, obj[0], mode, context=context)
res_ids = {}
if ids:
if isinstance(ids, (int, long)):
ids = [ids]
cr.execute('SELECT DISTINCT res_model, res_id FROM ir_attachment WHERE id = ANY (%s)', (ids,), self._debug)
for rmod, rid in cr.fetchall():
if not (rmod and rid):
continue
res_ids.setdefault(rmod,[]).append(rid)
if values:
if 'res_model' in values and 'res_id' in values:
res_ids.setdefault(values['res_model'],[]).append(values['res_id'])
for model, mids in res_ids.items():
self.pool.get(model).check_access_rule(cr, uid, mids, mode, context=context)
def search(self, cr, uid, args, offset=0, limit=None, order=None,
context=None, count=False):
@ -64,7 +77,7 @@ class ir_attachment(osv.osv):
return super(ir_attachment, self).read(cr, uid, ids, fields_to_read, context, load)
def write(self, cr, uid, ids, vals, context=None):
self.check(cr, uid, ids, 'write', context=context)
self.check(cr, uid, ids, 'write', context=context, values=vals)
return super(ir_attachment, self).write(cr, uid, ids, vals, context)
def copy(self, cr, uid, id, default=None, context=None):
@ -76,8 +89,7 @@ class ir_attachment(osv.osv):
return super(ir_attachment, self).unlink(cr, uid, ids, context)
def create(self, cr, uid, values, context=None):
if 'res_model' in values and values['res_model'] != '':
self.pool.get('ir.model.access').check(cr, uid, values['res_model'], 'create', context=context)
self.check(cr, uid, [], mode='create', context=context, values=values)
return super(ir_attachment, self).create(cr, uid, values, context)
def action_get(self, cr, uid, context=None):