odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

* Better views for: acces, menus, roles and rules 

* Base security
* Res security
* Only root can change root password

bzr revid: jean-baptiste.aubort@camptocamp.com-20080812124747-99ulh5h5lb1i3cew
This commit is contained in:
Jean-Baptiste Aubort 2008-08-12 14:47:47 +02:00
parent 2316891751
commit d76bc2e311
8 changed files with 374 additions and 334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

327
bin/addons/base/base_security.xml
View File

@ -34,10 +34,10 @@
-->
<record model="res.users" id="base.user_root">
<field name="signature">Root</field>
<field name="action_id" ref="action_menu_admin"/>
<field name="menu_id" ref="action_menu_admin"/>
<field name="address_id" ref="main_address"/>
<field name="company_id" ref="main_company"/>
<field name="action_id" ref="action_menu_admin"/>
<field name="menu_id" ref="action_menu_admin"/>
</record>
<!--
@ -299,34 +299,9 @@
<!--
Access
-->
<record model="ir.model.access" id="access_ir_actions_employee">
<field name="name">ir.actions.actions Employee</field>
<field model="ir.model" name="model_id" search="[('model', '=', 'ir.actions.actions')]"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_actions_wizard_group_employee">
<field name="name">ir_actions_wizard group_employee</field>
<field model="ir.model" name="model_id" search="[('model', '=', 'ir.actions.wizard')]"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_act_window_group_employee">
<field name="name">ir_act_window group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_act_window"/>
<field name="model_id" model="ir.model" ref="model_ir_act_window"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
@ -336,7 +311,7 @@
<record model="ir.model.access" id="access_ir_act_window_view_group_employee">
<field name="name">ir_act_window_view group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_act_window_view"/>
<field name="model_id" model="ir.model" ref="model_ir_act_window_view"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
@ -346,7 +321,7 @@
<record model="ir.model.access" id="access_ir_model_data_group_employee">
<field name="name">ir_model_data group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_model_data"/>
<field name="model_id" model="ir.model" ref="model_ir_model_data"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
@ -356,7 +331,7 @@
<record model="ir.model.access" id="access_ir_model_fields_group_employee">
<field name="name">ir_model_fields group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_model_fields"/>
<field name="model_id" model="ir.model" ref="model_ir_model_fields"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
@ -366,7 +341,7 @@
<record model="ir.model.access" id="access_ir_module_category_group_employee">
<field name="name">ir_module_category group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_module_category"/>
<field name="model_id" model="ir.model" ref="model_ir_module_category"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
@ -376,7 +351,7 @@
<record model="ir.model.access" id="access_ir_module_module_group_employee">
<field name="name">ir_module_module group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_module_module"/>
<field name="model_id" model="ir.model" ref="model_ir_module_module"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
@ -384,9 +359,19 @@
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_property_group_employee">
<field name="name">ir_property group_employee</field>
<field name="model_id" model="ir.model" ref="model_ir_property"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_ir_rule_group_employee">
<field name="name">ir_rule group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_rule"/>
<field name="model_id" model="ir.model" ref="model_ir_rule"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
@ -396,7 +381,7 @@
<record model="ir.model.access" id="access_ir_rule_group_group_employee">
<field name="name">ir_rule_group group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_rule_group"/>
<field name="model_id" model="ir.model" ref="model_ir_rule_group"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
@ -406,7 +391,7 @@
<record model="ir.model.access" id="access_ir_ui_menu_group_employee">
<field name="name">ir_ui_menu group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_ui_menu"/>
<field name="model_id" model="ir.model" ref="model_ir_ui_menu"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
@ -416,7 +401,7 @@
<record model="ir.model.access" id="access_ir_ui_view_group_employee">
<field name="name">ir_ui_view group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_ui_view"/>
<field name="model_id" model="ir.model" ref="model_ir_ui_view"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
@ -426,7 +411,7 @@
<record model="ir.model.access" id="access_ir_ui_view_sc_group_employee">
<field name="name">ir_ui_view_sc group_employee</field>
<field model="ir.model" name="model_id" ref="model_ir_ui_view_sc"/>
<field name="model_id" model="ir.model" ref="model_ir_ui_view_sc"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
@ -434,275 +419,25 @@
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_company_group_employee">
<field name="name">res_company group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_company"/>
<record model="ir.model.access" id="access_ir_values_group_employee">
<field name="name">ir_values group_employee</field>
<field name="model_id" model="ir.model" ref="model_ir_values"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_company_group_erp_manager">
<field name="name">res_company group_erp_manager</field>
<field model="ir.model" name="model_id" ref="model_res_company"/>
<record model="ir.model.access" id="access_ir_values_group_erp_manager">
<field name="name">ir_values group_erp_manager</field>
<field name="model_id" model="ir.model" ref="model_ir_values"/>
<field name="group_id" ref="group_erp_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_country_group_employee">
<field name="name">res_country group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_country"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_country_state_group_employee">
<field name="name">res_country_state group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_country_state"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_currency_group_employee">
<field name="name">res_currency group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_currency"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_currency_rate_group_employee">
<field name="name">res_currency_rate group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_currency_rate"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_currency_rate_group_account_manager">
<field name="name">res_currency_rate group_account_manager</field>
<field model="ir.model" name="model_id" ref="model_res_currency_rate"/>
<field name="group_id" ref="group_account_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_groups_group_erp_manager">
<field name="name">res_groups group_erp_manager</field>
<field model="ir.model" name="model_id" ref="model_res_groups"/>
<field name="group_id" ref="group_erp_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_lang_group_employee">
<field name="name">res_lang group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_lang"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_partner_group_employee">
<field name="name">res_partner group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_address_group_employee">
<field name="name">res_partner_address group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_address"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_group_employee">
<field name="name">res_partner_bank group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_type_group_employee">
<field name="name">res_partner_bank_type group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank_type"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_type_field_group_employee">
<field name="name">res_partner_bank_type_field group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_bank_type_field"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_canal_group_employee">
<field name="name">res_partner_canal group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_canal"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_category_group_employee">
<field name="name">res_partner_category group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_category"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_event_group_employee">
<field name="name">res_partner_event group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_event"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_event_type_group_employee">
<field name="name">res_partner_event_type group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_event_type"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_function_group_employee">
<field name="name">res_partner_function group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_function"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_som_group_employee">
<field name="name">res_partner_som group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_som"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_title_group_employee">
<field name="name">res_partner_title group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_partner_title"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_request_group_request">
<field name="name">res_request group_request</field>
<field model="ir.model" name="model_id" ref="model_res_request"/>
<field name="group_id" ref="group_request"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_request_group_employee">
<field name="name">res_request group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_request"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_request_history_group_employee">
<field name="name">res_request_history group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_request_history"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_request_link_group_employee">
<field name="name">res_request_link group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_request_link"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_users_group_employee">
<field name="name">res_users group_employee</field>
<field model="ir.model" name="model_id" ref="model_res_users"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_read" eval="0"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_users_group_erp_manager">
<field name="name">res_users group_erp_manager</field>
<field model="ir.model" name="model_id" ref="model_res_users"/>
<field name="group_id" ref="group_erp_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
</data>
</terp>

16
bin/addons/base/base_update.xml
View File

@ -61,14 +61,14 @@
<page string="Menus">
<field colspan="4" name="menu_access"/>
</page>
<page string="Roles">
<field colspan="4" name="roles">
<tree string="Roles">
<field name="name"/>
<field name="parent_id"/>
</tree>
</field>
</page>
<!--<page string="Roles">-->
<!-- <field colspan="4" name="roles">-->
<!-- <tree string="Roles">-->
<!-- <field name="name"/>-->
<!-- <field name="parent_id"/>-->
<!-- </tree>-->
<!-- </field>-->
<!--</page>-->
<page string="Rules">
<field colspan="4" name="rule_groups">
<tree string="Rules">

24
bin/addons/base/ir/ir.xml
View File

@ -643,7 +643,7 @@
<tree string="Model Description">
<field name="name"/>
<field name="model"/>
<field name="type"/>
<!--<field name="type"/>-->
</tree>
</field>
</record>
@ -947,7 +947,7 @@ Cron Jobs
</record>
<record model="ir.actions.act_window" id="action_model_view_security">
<field name="name">Define Access</field>
<field name="name">Access Structure</field>
<field name="res_model">ir.model</field>
<field name="view_type">form</field>
<field name="view_mode">form,tree</field>
@ -956,12 +956,12 @@ Cron Jobs
</record>
<menuitem sequence="1" id="menu_objects_security" parent="base.menu_security" name="Access"/>
<menuitem sequence="1" action="action_model_view_security" id="menu_objects_security_view" parent="base.menu_objects_security" name="Define Access"/>
<menuitem sequence="1" action="action_model_view_security" id="menu_objects_security_view" parent="base.menu_objects_security" name="Access Structure"/>
<menuitem sequence="2" action="ir_access_act" id="menu_ir_access_act" parent="base.menu_objects_security" name="Export/Import Access"/>
<!--Menus-->
<menuitem sequence="2" id="menu_menus_security" parent="base.menu_security" name="Menus"/>
<menuitem sequence="1" action="grant_menu_access" id="menu_grant_menu_access" parent="base.menu_menus_security" name="Define Menus"/>
<!--<menuitem sequence="2" id="menu_menus_security" parent="base.menu_security" name="Menus"/>-->
<menuitem sequence="2" action="grant_menu_access" id="menu_grant_menu_access" parent="base.menu_security" name="Menus Structure"/>
<!--Roles-->
<record id="view_roles_form" model="ir.ui.view">
@ -978,9 +978,9 @@ Cron Jobs
<page string="Users">
<field colspan="4" name="users"/>
</page>
<page string="Groups">
<field colspan="4" name="groups"/>
</page>
<!--<page string="Groups">-->
<!-- <field colspan="4" name="groups"/>-->
<!--</page>-->
</notebook>
</form>
</field>
@ -1013,8 +1013,8 @@ Cron Jobs
<field name="view_type">form</field>
</record>
<menuitem sequence="3" id="menu_action_res_roles" parent="base.menu_security" name="Roles"/>
<menuitem sequence="1" action="action_res_roles_form" id="menu_action_res_roles_form" parent="menu_action_res_roles" name="Define Roles"/>
<!--<menuitem sequence="3" id="menu_action_res_roles" parent="base.menu_security" name="Roles"/>-->
<menuitem sequence="3" action="action_res_roles_form" id="menu_action_res_roles_form" parent="base.menu_security" name="Roles Structure"/>
<!-- Rules -->
<record id="view_rule_group_form" model="ir.ui.view">
@ -1095,8 +1095,8 @@ Cron Jobs
<field name="view_id" ref="view_rule_group_tree"/>
</record>
<menuitem sequence="4" id="menu_rules_security" parent="base.menu_security" name="Rules"/>
<menuitem action="action_rule" id="menu_action_rule" parent="base.menu_rules_security" name="Define Rules"/>
<!--<menuitem sequence="4" id="menu_rules_security" parent="base.menu_security" name="Rules"/>-->
<menuitem sequence="4" action="action_rule" id="menu_action_rule" parent="base.menu_security" name="Rules Structure"/>
</data>
</terp>

24
bin/addons/base/ir/ir_model.py
View File

@ -1,6 +1,7 @@
##############################################################################
#
# Copyright (c) 2004-2008 TINY SPRL. (http://tiny.be) All Rights Reserved.
# Copyright (c) 2008 Camptocamp SA
#
# $Id$
#
@ -60,11 +61,6 @@ class ir_model(osv.osv):
'state': lambda self,cr,uid,ctx={}: (ctx and ctx.get('manual',False)) and 'manual' or 'base',
}
#FIXME: We'll be back soon
#_constraints = [
# (_check_model_name, 'The model name must start with x_ and not contain any special character !', ['model']),
#]
def _check_model_name(self, cr, uid, ids):
for model in self.browse(cr, uid, ids):
if model.state=='manual':
@ -73,6 +69,11 @@ class ir_model(osv.osv):
if not re.match('^[a-z_A-Z0-9]+$',model.model):
return False
return True
#FIXME: We'll be back soon
#_constraints = [
# (_check_model_name, 'The model name must start with x_ and not contain any special character !', ['model']),
#]
def instanciate(self, cr, user, model, context={}):
class x_custom_model(osv.osv):
@ -193,7 +194,7 @@ class ir_model(osv.osv):
groups_br = self.pool.get('res.groups').browse(cr, uid, groups)
cols = ['model', 'type']
xml = '''<?xml version="1.0"?><tree editable="top"><field name="model" readonly="1"/><field name="type" readonly="1"/>'''
xml = '''<?xml version="1.0"?><tree editable="top"><field name="model" readonly="1"/>'''
for group in groups_br:
xml += '''<field name="group_%i" sum="%s"/>''' % (group.id, group.name)
xml += '''</tree>'''
@ -280,7 +281,7 @@ class ir_model_access(osv.osv):
res = False
grouparr = group.split('.')
if grouparr:
cr.execute("select * from res_groups_users_rel where uid=" + str(uid) + " and gid in(select res_id from ir_model_data where module='%s' and name='%s')", (grouparr[0], grouparr[1],))
cr.execute("select * from res_groups_users_rel where uid=" + str(uid) + " and gid in(select res_id from ir_model_data where module=%s and name=%s)", (grouparr[0], grouparr[1],))
r = cr.fetchall()
if not r:
res = False
@ -290,6 +291,15 @@ class ir_model_access(osv.osv):
res = False
return res
def check_groups_by_id(self, cr, uid, group_id):
cr.execute("select * from res_groups_users_rel where uid=%i and gid=%i", (uid, group_id,))
r = cr.fetchall()
if not r:
res = False
else:
res = True
return res
def check(self, cr, uid, model_name, mode='read',raise_exception=True):
# Users root have all access (Todo: exclude xml-rpc requests)
if uid==1:

279
bin/addons/base/res/res_security.xml
View File

@ -102,6 +102,285 @@
<!--
Access
-->
<record model="ir.model.access" id="access_res_company_group_employee">
<field name="name">res_company group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_company"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_company_group_erp_manager">
<field name="name">res_company group_erp_manager</field>
<field name="model_id" model="ir.model" ref="model_res_company"/>
<field name="group_id" ref="group_erp_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_country_group_employee">
<field name="name">res_country group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_country"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_country_state_group_employee">
<field name="name">res_country_state group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_country_state"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_currency_group_employee">
<field name="name">res_currency group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_currency"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_currency_rate_group_employee">
<field name="name">res_currency_rate group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_currency_rate"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_currency_rate_group_account_manager">
<field name="name">res_currency_rate group_account_manager</field>
<field name="model_id" model="ir.model" ref="model_res_currency_rate"/>
<field name="group_id" ref="group_account_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_groups_group_employee">
<field name="name">res_groups group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_groups"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_groups_group_erp_manager">
<field name="name">res_groups group_erp_manager</field>
<field name="model_id" model="ir.model" ref="model_res_groups"/>
<field name="group_id" ref="group_erp_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_lang_group_employee">
<field name="name">res_lang group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_lang"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_partner_group_employee">
<field name="name">res_partner group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_address_group_employee">
<field name="name">res_partner_address group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner_address"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_group_employee">
<field name="name">res_partner_bank group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner_bank"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_type_group_employee">
<field name="name">res_partner_bank_type group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner_bank_type"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_bank_type_field_group_employee">
<field name="name">res_partner_bank_type_field group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner_bank_type_field"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_canal_group_employee">
<field name="name">res_partner_canal group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner_canal"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_category_group_employee">
<field name="name">res_partner_category group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner_category"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_event_group_employee">
<field name="name">res_partner_event group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner_event"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_event_type_group_employee">
<field name="name">res_partner_event_type group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner_event_type"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_function_group_employee">
<field name="name">res_partner_function group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner_function"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_som_group_employee">
<field name="name">res_partner_som group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner_som"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_partner_title_group_employee">
<field name="name">res_partner_title group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_partner_title"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_request_group_request">
<field name="name">res_request group_request</field>
<field name="model_id" model="ir.model" ref="model_res_request"/>
<field name="group_id" ref="group_request"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
<record model="ir.model.access" id="access_res_request_group_employee">
<field name="name">res_request group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_request"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_request_history_group_employee">
<field name="name">res_request_history group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_request_history"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_request_link_group_employee">
<field name="name">res_request_link group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_request_link"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_users_group_employee">
<field name="name">res_users group_employee</field>
<field name="model_id" model="ir.model" ref="model_res_users"/>
<field name="group_id" ref="group_employee"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
</record>
<record model="ir.model.access" id="access_res_users_group_erp_manager">
<field name="name">res_users group_erp_manager</field>
<field name="model_id" model="ir.model" ref="model_res_users"/>
<field name="group_id" ref="group_erp_manager"/>
<field name="perm_read" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_unlink" eval="1"/>
</record>
</data>
</terp>

17
bin/addons/base/res/res_user.py
View File

@ -1,6 +1,7 @@
##############################################################################
#
# Copyright (c) 2004-2008 TINY SPRL. (http://tiny.be) All Rights Reserved.
# Copyright (c) 2008 Camptocamp SA
#
# $Id$
#
@ -73,7 +74,7 @@ class roles(osv.osv):
'parent_id': fields.many2one('res.roles', 'Parent', select=True),
'child_id': fields.one2many('res.roles', 'parent_id', 'Childs'),
'users': fields.many2many('res.users', 'res_roles_users_rel', 'rid', 'uid', 'Users'),
'groups': fields.many2many('res.groups', 'res_roles_groups_rel', 'rid', 'gid', 'Groups'),
#'groups': fields.many2many('res.groups', 'res_roles_groups_rel', 'rid', 'gid', 'Groups'),
}
_defaults = {
}
@ -156,17 +157,23 @@ class users(osv.osv):
self.pool.get('ir.rule').domain_get()
else:
raise except_orm(_('AccessError'), 'You can not write in this document (res.users)')
#Only root can change root password
user_obj_towrite=self.pool.get('res.users').read(cr, uid, uid)
if user_obj_towrite['login']=='root' and uid!=1:
raise osv.except_osv('UserError', 'Only admin user can change admin password')
return res
def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
result = super(users, self).read(cr, uid, ids, fields, context, load)
#def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
#result = super(users, self).read(cr, uid, ids, fields, context, load)
#print result
#canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', raise_exception=False)
#if not canwrite and ids!=[uid]:
# for r in result:
# if 'password' in r:
# r['password'] = '********'
# result=r
return result
#return result
def unlink(self, cr, uid, ids):
if 1 in ids:
@ -244,7 +251,7 @@ class groups2(osv.osv): ##FIXME: Is there a reason to inherit this object ?
_inherit = 'res.groups'
_columns = {
'users': fields.many2many('res.users', 'res_groups_users_rel', 'gid', 'uid', 'Users'),
'roles': fields.many2many('res.roles', 'res_roles_groups_rel', 'gid', 'rid', 'Roles'),
#'roles': fields.many2many('res.roles', 'res_roles_groups_rel', 'gid', 'rid', 'Roles'),
}
groups2()

1
bin/addons/board Symbolic link
View File

@ -0,0 +1 @@
../../../openobject-addons/board

20
bin/osv/orm.py
View File

@ -2,6 +2,7 @@
##############################################################################
#
# Copyright (c) 2004-2008 Tiny SPRL (http://tiny.be) All Rights Reserved.
# Copyright (c) 2008 Camptocamp SA
#
# $Id$
#
@ -823,30 +824,37 @@ class orm_template(object):
if not context:
context={}
fields_def = self.__view_look_dom(cr, user, node, context=context)
buttons = xpath.Evaluate('//button', node)
if buttons:
for button in buttons:
if button.getAttribute('type') == 'object':
continue
ok = True
serv = netsvc.LocalService('object_proxy')
user_roles = serv.execute_cr(cr, user, 'res.users', 'read', [user], ['roles_id'])[0]['roles_id']
cr.execute("select role_id from wkf_transition where signal='%s'" % button.getAttribute('name'))
roles = cr.fetchall()
for role in roles:
if role[0]:
# Check if group is in role
#cr.execute("select gid from res_roles_groups_rel where rid=%i", (role[0],))
#groups = cr.fetchall()
#if len(groups)>0:
# for group in groups:
# ok = self.pool.get('ir.model.access').check_groups_by_id(cr, user, group[0])
#else:
ok = ok and serv.execute_cr(cr, user, 'res.roles', 'check', user_roles, role[0])
if not ok:
button.setAttribute('readonly', '1')
else:
button.setAttribute('readonly', '0')
print ok
arch = node.toxml(encoding="utf-8").replace('\t', '')
fields = self.fields_get(cr, user, fields_def.keys(), context)
for field in fields_def:
fields[field].update(fields_def[field])