[IMP] orm: expose ir.model.access check shortcuts.

bzr revid: vmt@openerp.com-20110928130107-5y5di6nx0al3q8mh
2011-09-28 15:01:07 +02:00 · 2011-09-28 15:01:07 +02:00 · ebd8ca5df5
parent b41131cdc6
commit ebd8ca5df5
1 changed files with 30 additions and 14 deletions
--- a/openerp/osv/orm.py
+++ b/openerp/osv/orm.py
@ -1531,8 +1531,8 @@ class BaseModel(object):
            """ Set invisible to true if the user is not in the specified groups. """
            if node.get('groups'):
                groups = node.get('groups').split(',')
-                access_pool = self.pool.get('ir.model.access')
-                can_see = any(access_pool.check_groups(cr, user, group) for group in groups)
+                ir_model_access = self.pool.get('ir.model.access')
+                can_see = any(ir_model_access.check_groups(cr, user, group) for group in groups)
                if not can_see:
                    node.set('invisible', '1')
                    modifiers['invisible'] = True
@ -2210,7 +2210,7 @@ class BaseModel(object):
    def read_string(self, cr, uid, id, langs, fields=None, context=None):
        res = {}
        res2 = {}
-        self.pool.get('ir.model.access').check(cr, uid, 'ir.translation', 'read')
+        self.pool.get('ir.translation').check_read(cr, uid)
        if not fields:
            fields = self._columns.keys() + self._inherit_fields.keys()
        #FIXME: collect all calls to _get_source into one SQL call.
@ -2234,7 +2234,7 @@ class BaseModel(object):
        return res

    def write_string(self, cr, uid, id, langs, vals, context=None):
-        self.pool.get('ir.model.access').check(cr, uid, 'ir.translation', 'write')
+        self.pool.get('ir.translation').check_write(cr, uid)
        #FIXME: try to only call the translation in one SQL
        for lang in langs:
            for field in vals:
@ -2315,7 +2315,7 @@ class BaseModel(object):

        """
        context = context or {}
-        self.pool.get('ir.model.access').check(cr, uid, self._name, 'read')
+        self.check_read(cr, uid)
        if not fields:
            fields = self._columns.keys()

@ -3122,9 +3122,8 @@ class BaseModel(object):
        if context is None:
            context = {}

-        ira = self.pool.get('ir.model.access')
-        write_access = ira.check(cr, user, self._name, 'write', False) or \
-                       ira.check(cr, user, self._name, 'create', False)
+        write_access = self.check_write(cr, user, False) or \
+            self.check_create(cr, user, False)

        res = {}

@ -3187,7 +3186,7 @@ class BaseModel(object):

        if not context:
            context = {}
-        self.pool.get('ir.model.access').check(cr, user, self._name, 'read')
+        self.check_read(cr, user)
        if not fields:
            fields = list(set(self._columns.keys() + self._inherit_fields.keys()))
        if isinstance(ids, (int, long)):
@ -3431,6 +3430,23 @@ class BaseModel(object):
                # mention the first one only to keep the error message readable
                raise except_orm('ConcurrencyException', _('A document was modified since you last viewed it (%s:%d)') % (self._description, res[0]))

+    def check_access_rights(self, cr, uid, operation, raise_exception=True): # no context on purpose.
+        """Verifies that the operation given by ``operation`` is allowed for the user
+           according to the access rights."""
+        return self.pool.get('ir.model.access').check(cr, uid, self._name, operation, raise_exception)
+
+    def check_create(self, cr, uid, raise_exception=True):
+        return self.check_access_rights(cr, uid, 'create', raise_exception)
+
+    def check_read(self, cr, uid, raise_exception=True):
+        return self.check_access_rights(cr, uid, 'read', raise_exception)
+
+    def check_unlink(self, cr, uid, raise_exception=True):
+        return self.check_access_rights(cr, uid, 'unlink', raise_exception)
+
+    def check_write(self, cr, uid, raise_exception=True):
+        return self.check_access_rights(cr, uid, 'write', raise_exception)
+
    def check_access_rule(self, cr, uid, ids, operation, context=None):
        """Verifies that the operation given by ``operation`` is allowed for the user
           according to ir.rules.
@ -3492,7 +3508,7 @@ class BaseModel(object):

        self._check_concurrency(cr, ids, context)

-        self.pool.get('ir.model.access').check(cr, uid, self._name, 'unlink')
+        self.check_unlink(cr, uid)

        properties = self.pool.get('ir.property')
        domain = [('res_id', '=', False),
@ -3629,7 +3645,7 @@ class BaseModel(object):
            ids = [ids]

        self._check_concurrency(cr, ids, context)
-        self.pool.get('ir.model.access').check(cr, user, self._name, 'write')
+        self.check_write(cr, user)

        result = self._store_get_values(cr, user, ids, vals.keys(), context) or []

@ -3842,7 +3858,7 @@ class BaseModel(object):
        if self.is_transient():
            self._transient_vacuum(cr, user)

-        self.pool.get('ir.model.access').check(cr, user, self._name, 'create')
+        self.check_create(cr, user)

        vals = self._add_missing_default_values(cr, user, vals, context)

@ -4325,7 +4341,7 @@ class BaseModel(object):
        """
        if context is None:
            context = {}
-        self.pool.get('ir.model.access').check(cr, access_rights_uid or user, self._name, 'read')
+        self.check_read(cr, access_rights_uid or user)

        # For transient models, restrict acces to the current user, except for the super-user
        if self.is_transient() and self._log_access and user != SUPERUSER_ID:
@ -4710,4 +4726,4 @@ class AbstractModel(BaseModel):
    _register = False # not visible in ORM registry, meant to be python-inherited only


-# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
+# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: