[FIX] {account, sale_stock}: res_config: set_default as SUPERUSER_ID. check user group to avoid passthrough access rights security
bzr revid: dle@openerp.com-20131129154714-pogix71b73nz11qp
This commit is contained in:
parent
556c7f03f0
commit
fc4eca01e7
|
@ -25,6 +25,7 @@ from dateutil.relativedelta import relativedelta
|
|||
from operator import itemgetter
|
||||
import time
|
||||
|
||||
import openerp
|
||||
from openerp import SUPERUSER_ID
|
||||
from openerp import pooler, tools
|
||||
from openerp.osv import fields, osv
|
||||
|
@ -3447,6 +3448,8 @@ class wizard_multi_charts_accounts(osv.osv_memory):
|
|||
all the provided information to create the accounts, the banks, the journals, the taxes, the tax codes, the
|
||||
accounting properties... accordingly for the chosen company.
|
||||
'''
|
||||
if uid != SUPERUSER_ID and not self.pool['res.users'].has_group(cr, uid, 'base.group_erp_manager'):
|
||||
raise openerp.exceptions.AccessError(_("Only administrators can change the settings"))
|
||||
obj_data = self.pool.get('ir.model.data')
|
||||
ir_values_obj = self.pool.get('ir.values')
|
||||
obj_wizard = self.browse(cr, uid, ids[0])
|
||||
|
@ -3463,7 +3466,7 @@ class wizard_multi_charts_accounts(osv.osv_memory):
|
|||
self.pool.get(tmp2[0]).write(cr, uid, tmp2[1], {
|
||||
'currency_id': obj_wizard.currency_id.id
|
||||
})
|
||||
except ValueError, e:
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
# If the floats for sale/purchase rates have been filled, create templates from them
|
||||
|
|
|
@ -22,13 +22,12 @@
|
|||
import time
|
||||
import datetime
|
||||
from dateutil.relativedelta import relativedelta
|
||||
from operator import itemgetter
|
||||
from os.path import join as opj
|
||||
|
||||
import openerp
|
||||
from openerp import SUPERUSER_ID
|
||||
from openerp.tools import DEFAULT_SERVER_DATE_FORMAT as DF
|
||||
from openerp.tools.translate import _
|
||||
from openerp.osv import fields, osv
|
||||
from openerp import tools
|
||||
|
||||
class account_config_settings(osv.osv_memory):
|
||||
_name = 'account.config.settings'
|
||||
|
@ -276,11 +275,13 @@ class account_config_settings(osv.osv_memory):
|
|||
|
||||
def set_default_taxes(self, cr, uid, ids, context=None):
|
||||
""" set default sale and purchase taxes for products """
|
||||
if uid != SUPERUSER_ID and not self.pool['res.users'].has_group(cr, uid, 'base.group_erp_manager'):
|
||||
raise openerp.exceptions.AccessError(_("Only administrators can change the settings"))
|
||||
ir_values = self.pool.get('ir.values')
|
||||
config = self.browse(cr, uid, ids[0], context)
|
||||
ir_values.set_default(cr, uid, 'product.product', 'taxes_id',
|
||||
ir_values.set_default(cr, SUPERUSER_ID, 'product.product', 'taxes_id',
|
||||
config.default_sale_tax and [config.default_sale_tax.id] or False, company_id=config.company_id.id)
|
||||
ir_values.set_default(cr, uid, 'product.product', 'supplier_taxes_id',
|
||||
ir_values.set_default(cr, SUPERUSER_ID, 'product.product', 'supplier_taxes_id',
|
||||
config.default_purchase_tax and [config.default_purchase_tax.id] or False, company_id=config.company_id.id)
|
||||
|
||||
def set_chart_of_accounts(self, cr, uid, ids, context=None):
|
||||
|
|
|
@ -19,8 +19,9 @@
|
|||
#
|
||||
##############################################################################
|
||||
|
||||
import openerp
|
||||
from openerp import SUPERUSER_ID
|
||||
from openerp.osv import fields, osv
|
||||
from openerp import pooler
|
||||
from openerp.tools.translate import _
|
||||
|
||||
class sale_configuration(osv.osv_memory):
|
||||
|
@ -76,12 +77,13 @@ class sale_configuration(osv.osv_memory):
|
|||
}
|
||||
|
||||
def set_sale_defaults(self, cr, uid, ids, context=None):
|
||||
if uid != SUPERUSER_ID and not self.pool['res.users'].has_group(cr, uid, 'base.group_erp_manager'):
|
||||
raise openerp.exceptions.AccessError(_("Only administrators can change the settings"))
|
||||
ir_values = self.pool.get('ir.values')
|
||||
ir_model_data = self.pool.get('ir.model.data')
|
||||
wizard = self.browse(cr, uid, ids)[0]
|
||||
|
||||
default_picking_policy = 'one' if wizard.default_picking_policy else 'direct'
|
||||
ir_values.set_default(cr, uid, 'sale.order', 'picking_policy', default_picking_policy)
|
||||
ir_values.set_default(cr, SUPERUSER_ID, 'sale.order', 'picking_policy', default_picking_policy)
|
||||
res = super(sale_configuration, self).set_sale_defaults(cr, uid, ids, context)
|
||||
return res
|
||||
|
||||
|
|
Loading…
Reference in New Issue