[FIX] {account, sale_stock}: res_config: set_default as SUPERUSER_ID. check user group to avoid passthrough access rights security
bzr revid: dle@openerp.com-20131129154714-pogix71b73nz11qp
This commit is contained in:
parent
556c7f03f0
commit
fc4eca01e7
|
@ -25,6 +25,7 @@ from dateutil.relativedelta import relativedelta
|
||||||
from operator import itemgetter
|
from operator import itemgetter
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
import openerp
|
||||||
from openerp import SUPERUSER_ID
|
from openerp import SUPERUSER_ID
|
||||||
from openerp import pooler, tools
|
from openerp import pooler, tools
|
||||||
from openerp.osv import fields, osv
|
from openerp.osv import fields, osv
|
||||||
|
@ -3447,6 +3448,8 @@ class wizard_multi_charts_accounts(osv.osv_memory):
|
||||||
all the provided information to create the accounts, the banks, the journals, the taxes, the tax codes, the
|
all the provided information to create the accounts, the banks, the journals, the taxes, the tax codes, the
|
||||||
accounting properties... accordingly for the chosen company.
|
accounting properties... accordingly for the chosen company.
|
||||||
'''
|
'''
|
||||||
|
if uid != SUPERUSER_ID and not self.pool['res.users'].has_group(cr, uid, 'base.group_erp_manager'):
|
||||||
|
raise openerp.exceptions.AccessError(_("Only administrators can change the settings"))
|
||||||
obj_data = self.pool.get('ir.model.data')
|
obj_data = self.pool.get('ir.model.data')
|
||||||
ir_values_obj = self.pool.get('ir.values')
|
ir_values_obj = self.pool.get('ir.values')
|
||||||
obj_wizard = self.browse(cr, uid, ids[0])
|
obj_wizard = self.browse(cr, uid, ids[0])
|
||||||
|
@ -3463,7 +3466,7 @@ class wizard_multi_charts_accounts(osv.osv_memory):
|
||||||
self.pool.get(tmp2[0]).write(cr, uid, tmp2[1], {
|
self.pool.get(tmp2[0]).write(cr, uid, tmp2[1], {
|
||||||
'currency_id': obj_wizard.currency_id.id
|
'currency_id': obj_wizard.currency_id.id
|
||||||
})
|
})
|
||||||
except ValueError, e:
|
except ValueError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
# If the floats for sale/purchase rates have been filled, create templates from them
|
# If the floats for sale/purchase rates have been filled, create templates from them
|
||||||
|
|
|
@ -22,13 +22,12 @@
|
||||||
import time
|
import time
|
||||||
import datetime
|
import datetime
|
||||||
from dateutil.relativedelta import relativedelta
|
from dateutil.relativedelta import relativedelta
|
||||||
from operator import itemgetter
|
|
||||||
from os.path import join as opj
|
|
||||||
|
|
||||||
|
import openerp
|
||||||
|
from openerp import SUPERUSER_ID
|
||||||
from openerp.tools import DEFAULT_SERVER_DATE_FORMAT as DF
|
from openerp.tools import DEFAULT_SERVER_DATE_FORMAT as DF
|
||||||
from openerp.tools.translate import _
|
from openerp.tools.translate import _
|
||||||
from openerp.osv import fields, osv
|
from openerp.osv import fields, osv
|
||||||
from openerp import tools
|
|
||||||
|
|
||||||
class account_config_settings(osv.osv_memory):
|
class account_config_settings(osv.osv_memory):
|
||||||
_name = 'account.config.settings'
|
_name = 'account.config.settings'
|
||||||
|
@ -276,11 +275,13 @@ class account_config_settings(osv.osv_memory):
|
||||||
|
|
||||||
def set_default_taxes(self, cr, uid, ids, context=None):
|
def set_default_taxes(self, cr, uid, ids, context=None):
|
||||||
""" set default sale and purchase taxes for products """
|
""" set default sale and purchase taxes for products """
|
||||||
|
if uid != SUPERUSER_ID and not self.pool['res.users'].has_group(cr, uid, 'base.group_erp_manager'):
|
||||||
|
raise openerp.exceptions.AccessError(_("Only administrators can change the settings"))
|
||||||
ir_values = self.pool.get('ir.values')
|
ir_values = self.pool.get('ir.values')
|
||||||
config = self.browse(cr, uid, ids[0], context)
|
config = self.browse(cr, uid, ids[0], context)
|
||||||
ir_values.set_default(cr, uid, 'product.product', 'taxes_id',
|
ir_values.set_default(cr, SUPERUSER_ID, 'product.product', 'taxes_id',
|
||||||
config.default_sale_tax and [config.default_sale_tax.id] or False, company_id=config.company_id.id)
|
config.default_sale_tax and [config.default_sale_tax.id] or False, company_id=config.company_id.id)
|
||||||
ir_values.set_default(cr, uid, 'product.product', 'supplier_taxes_id',
|
ir_values.set_default(cr, SUPERUSER_ID, 'product.product', 'supplier_taxes_id',
|
||||||
config.default_purchase_tax and [config.default_purchase_tax.id] or False, company_id=config.company_id.id)
|
config.default_purchase_tax and [config.default_purchase_tax.id] or False, company_id=config.company_id.id)
|
||||||
|
|
||||||
def set_chart_of_accounts(self, cr, uid, ids, context=None):
|
def set_chart_of_accounts(self, cr, uid, ids, context=None):
|
||||||
|
|
|
@ -19,8 +19,9 @@
|
||||||
#
|
#
|
||||||
##############################################################################
|
##############################################################################
|
||||||
|
|
||||||
|
import openerp
|
||||||
|
from openerp import SUPERUSER_ID
|
||||||
from openerp.osv import fields, osv
|
from openerp.osv import fields, osv
|
||||||
from openerp import pooler
|
|
||||||
from openerp.tools.translate import _
|
from openerp.tools.translate import _
|
||||||
|
|
||||||
class sale_configuration(osv.osv_memory):
|
class sale_configuration(osv.osv_memory):
|
||||||
|
@ -76,12 +77,13 @@ class sale_configuration(osv.osv_memory):
|
||||||
}
|
}
|
||||||
|
|
||||||
def set_sale_defaults(self, cr, uid, ids, context=None):
|
def set_sale_defaults(self, cr, uid, ids, context=None):
|
||||||
|
if uid != SUPERUSER_ID and not self.pool['res.users'].has_group(cr, uid, 'base.group_erp_manager'):
|
||||||
|
raise openerp.exceptions.AccessError(_("Only administrators can change the settings"))
|
||||||
ir_values = self.pool.get('ir.values')
|
ir_values = self.pool.get('ir.values')
|
||||||
ir_model_data = self.pool.get('ir.model.data')
|
|
||||||
wizard = self.browse(cr, uid, ids)[0]
|
wizard = self.browse(cr, uid, ids)[0]
|
||||||
|
|
||||||
default_picking_policy = 'one' if wizard.default_picking_policy else 'direct'
|
default_picking_policy = 'one' if wizard.default_picking_policy else 'direct'
|
||||||
ir_values.set_default(cr, uid, 'sale.order', 'picking_policy', default_picking_policy)
|
ir_values.set_default(cr, SUPERUSER_ID, 'sale.order', 'picking_policy', default_picking_policy)
|
||||||
res = super(sale_configuration, self).set_sale_defaults(cr, uid, ids, context)
|
res = super(sale_configuration, self).set_sale_defaults(cr, uid, ids, context)
|
||||||
return res
|
return res
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue