[IMP] orm: expose ir.model.access check shortcuts.
bzr revid: vmt@openerp.com-20110928130107-5y5di6nx0al3q8mh
This commit is contained in:
parent
b41131cdc6
commit
ebd8ca5df5
|
@ -1531,8 +1531,8 @@ class BaseModel(object):
|
|||
""" Set invisible to true if the user is not in the specified groups. """
|
||||
if node.get('groups'):
|
||||
groups = node.get('groups').split(',')
|
||||
access_pool = self.pool.get('ir.model.access')
|
||||
can_see = any(access_pool.check_groups(cr, user, group) for group in groups)
|
||||
ir_model_access = self.pool.get('ir.model.access')
|
||||
can_see = any(ir_model_access.check_groups(cr, user, group) for group in groups)
|
||||
if not can_see:
|
||||
node.set('invisible', '1')
|
||||
modifiers['invisible'] = True
|
||||
|
@ -2210,7 +2210,7 @@ class BaseModel(object):
|
|||
def read_string(self, cr, uid, id, langs, fields=None, context=None):
|
||||
res = {}
|
||||
res2 = {}
|
||||
self.pool.get('ir.model.access').check(cr, uid, 'ir.translation', 'read')
|
||||
self.pool.get('ir.translation').check_read(cr, uid)
|
||||
if not fields:
|
||||
fields = self._columns.keys() + self._inherit_fields.keys()
|
||||
#FIXME: collect all calls to _get_source into one SQL call.
|
||||
|
@ -2234,7 +2234,7 @@ class BaseModel(object):
|
|||
return res
|
||||
|
||||
def write_string(self, cr, uid, id, langs, vals, context=None):
|
||||
self.pool.get('ir.model.access').check(cr, uid, 'ir.translation', 'write')
|
||||
self.pool.get('ir.translation').check_write(cr, uid)
|
||||
#FIXME: try to only call the translation in one SQL
|
||||
for lang in langs:
|
||||
for field in vals:
|
||||
|
@ -2315,7 +2315,7 @@ class BaseModel(object):
|
|||
|
||||
"""
|
||||
context = context or {}
|
||||
self.pool.get('ir.model.access').check(cr, uid, self._name, 'read')
|
||||
self.check_read(cr, uid)
|
||||
if not fields:
|
||||
fields = self._columns.keys()
|
||||
|
||||
|
@ -3122,9 +3122,8 @@ class BaseModel(object):
|
|||
if context is None:
|
||||
context = {}
|
||||
|
||||
ira = self.pool.get('ir.model.access')
|
||||
write_access = ira.check(cr, user, self._name, 'write', False) or \
|
||||
ira.check(cr, user, self._name, 'create', False)
|
||||
write_access = self.check_write(cr, user, False) or \
|
||||
self.check_create(cr, user, False)
|
||||
|
||||
res = {}
|
||||
|
||||
|
@ -3187,7 +3186,7 @@ class BaseModel(object):
|
|||
|
||||
if not context:
|
||||
context = {}
|
||||
self.pool.get('ir.model.access').check(cr, user, self._name, 'read')
|
||||
self.check_read(cr, user)
|
||||
if not fields:
|
||||
fields = list(set(self._columns.keys() + self._inherit_fields.keys()))
|
||||
if isinstance(ids, (int, long)):
|
||||
|
@ -3431,6 +3430,23 @@ class BaseModel(object):
|
|||
# mention the first one only to keep the error message readable
|
||||
raise except_orm('ConcurrencyException', _('A document was modified since you last viewed it (%s:%d)') % (self._description, res[0]))
|
||||
|
||||
def check_access_rights(self, cr, uid, operation, raise_exception=True): # no context on purpose.
|
||||
"""Verifies that the operation given by ``operation`` is allowed for the user
|
||||
according to the access rights."""
|
||||
return self.pool.get('ir.model.access').check(cr, uid, self._name, operation, raise_exception)
|
||||
|
||||
def check_create(self, cr, uid, raise_exception=True):
|
||||
return self.check_access_rights(cr, uid, 'create', raise_exception)
|
||||
|
||||
def check_read(self, cr, uid, raise_exception=True):
|
||||
return self.check_access_rights(cr, uid, 'read', raise_exception)
|
||||
|
||||
def check_unlink(self, cr, uid, raise_exception=True):
|
||||
return self.check_access_rights(cr, uid, 'unlink', raise_exception)
|
||||
|
||||
def check_write(self, cr, uid, raise_exception=True):
|
||||
return self.check_access_rights(cr, uid, 'write', raise_exception)
|
||||
|
||||
def check_access_rule(self, cr, uid, ids, operation, context=None):
|
||||
"""Verifies that the operation given by ``operation`` is allowed for the user
|
||||
according to ir.rules.
|
||||
|
@ -3492,7 +3508,7 @@ class BaseModel(object):
|
|||
|
||||
self._check_concurrency(cr, ids, context)
|
||||
|
||||
self.pool.get('ir.model.access').check(cr, uid, self._name, 'unlink')
|
||||
self.check_unlink(cr, uid)
|
||||
|
||||
properties = self.pool.get('ir.property')
|
||||
domain = [('res_id', '=', False),
|
||||
|
@ -3629,7 +3645,7 @@ class BaseModel(object):
|
|||
ids = [ids]
|
||||
|
||||
self._check_concurrency(cr, ids, context)
|
||||
self.pool.get('ir.model.access').check(cr, user, self._name, 'write')
|
||||
self.check_write(cr, user)
|
||||
|
||||
result = self._store_get_values(cr, user, ids, vals.keys(), context) or []
|
||||
|
||||
|
@ -3842,7 +3858,7 @@ class BaseModel(object):
|
|||
if self.is_transient():
|
||||
self._transient_vacuum(cr, user)
|
||||
|
||||
self.pool.get('ir.model.access').check(cr, user, self._name, 'create')
|
||||
self.check_create(cr, user)
|
||||
|
||||
vals = self._add_missing_default_values(cr, user, vals, context)
|
||||
|
||||
|
@ -4325,7 +4341,7 @@ class BaseModel(object):
|
|||
"""
|
||||
if context is None:
|
||||
context = {}
|
||||
self.pool.get('ir.model.access').check(cr, access_rights_uid or user, self._name, 'read')
|
||||
self.check_read(cr, access_rights_uid or user)
|
||||
|
||||
# For transient models, restrict acces to the current user, except for the super-user
|
||||
if self.is_transient() and self._log_access and user != SUPERUSER_ID:
|
||||
|
@ -4710,4 +4726,4 @@ class AbstractModel(BaseModel):
|
|||
_register = False # not visible in ORM registry, meant to be python-inherited only
|
||||
|
||||
|
||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
Loading…
Reference in New Issue