* fix error with access rights
* some refactor bzr revid: christophe@tinyerp.com-20080922111318-y6hx790y5kqvsoyv
This commit is contained in:
Christophe Simonis
parent
9cdba9adce
commit
180b5be158
|
|
@ -272,27 +272,17 @@ class ir_model_access(osv.osv):
|
||||||
def check_groups(self, cr, uid, group):
|
def check_groups(self, cr, uid, group):
|
||||||
res = False
|
res = False
|
||||||
grouparr = group.split('.')
|
grouparr = group.split('.')
|
||||||
if grouparr:
|
if not grouparr:
|
||||||
cr.execute("select * from res_groups_users_rel where uid=" + str(uid) + " and gid in(select res_id from ir_model_data where module=%s and name=%s)", (grouparr[0], grouparr[1],))
|
return False
|
||||||
r = cr.fetchall()
|
|
||||||
if not r:
|
cr.execute("select 1 from res_groups_users_rel where uid=%d and gid in(select res_id from ir_model_data where module=%s and name=%s)", (uid, grouparr[0], grouparr[1],))
|
||||||
res = False
|
return bool(cr.fetchone())
|
||||||
else:
|
|
||||||
res = True
|
|
||||||
else:
|
|
||||||
res = False
|
|
||||||
return res
|
|
||||||
|
|
||||||
def check_groups_by_id(self, cr, uid, group_id):
|
def check_groups_by_id(self, cr, uid, group_id):
|
||||||
cr.execute("select * from res_groups_users_rel where uid=%i and gid=%i", (uid, group_id,))
|
cr.execute("select 1 from res_groups_users_rel where uid=%i and gid=%i", (uid, group_id,))
|
||||||
r = cr.fetchall()
|
return bool(cr.fetchone())
|
||||||
if not r:
|
|
||||||
res = False
|
|
||||||
else:
|
|
||||||
res = True
|
|
||||||
return res
|
|
||||||
|
|
||||||
def check(self, cr, uid, model_name, mode='read',raise_exception=True):
|
def check(self, cr, uid, model_name, mode='read', raise_exception=True):
|
||||||
# Users root have all access (Todo: exclude xml-rpc requests)
|
# Users root have all access (Todo: exclude xml-rpc requests)
|
||||||
if uid==1:
|
if uid==1:
|
||||||
return True
|
return True
|
||||||
|
|
@ -300,22 +290,36 @@ class ir_model_access(osv.osv):
|
||||||
assert mode in ['read','write','create','unlink'], 'Invalid access mode'
|
assert mode in ['read','write','create','unlink'], 'Invalid access mode'
|
||||||
|
|
||||||
# We check if a specific rule exists
|
# We check if a specific rule exists
|
||||||
cr.execute('SELECT MAX(CASE WHEN perm_'+mode+' THEN 1 else 0 END) '
|
cr.execute('SELECT MAX(CASE WHEN perm_' + mode + ' THEN 1 ELSE 0 END) '
|
||||||
'from ir_model_access a join ir_model m on (m.id=a.model_id) '
|
' FROM ir_model_access a '
|
||||||
'join res_groups_users_rel gu on (gu.gid = a.group_id) '
|
' JOIN ir_model m ON (m.id = a.model_id) '
|
||||||
'where m.model=%s and gu.uid=%s', (model_name, uid,))
|
' JOIN res_groups_users_rel gu ON (gu.gid = a.group_id) '
|
||||||
r = cr.fetchall()
|
' WHERE m.model = %s '
|
||||||
|
' AND gu.uid = %s '
|
||||||
|
, (model_name, uid,)
|
||||||
|
)
|
||||||
|
r = cr.fetchone()[0]
|
||||||
|
|
||||||
if not r[0][0]:
|
if r is None:
|
||||||
if raise_exception:
|
# there is no specific rule. We check the generic rule
|
||||||
msgs = {
|
cr.execute('SELECT MAX(CASE WHEN perm_' + mode + ' THEN 1 ELSE 0 END) '
|
||||||
'read': _('You can not read this document! (%s)'),
|
' FROM ir_model_access a '
|
||||||
'write': _('You can not write in this document! (%s)'),
|
' JOIN ir_model m ON (m.id = a.model_id) '
|
||||||
'create': _('You can not create this kind of document! (%s)'),
|
' WHERE a.group_id IS NULL '
|
||||||
'unlink': _('You can not delete this document! (%s)'),
|
' AND m.model = %s '
|
||||||
}
|
, (model_name,)
|
||||||
raise except_orm(_('AccessError'), msgs[mode] % model_name )
|
)
|
||||||
return r[0][0]
|
r = cr.fetchone()[0]
|
||||||
|
|
||||||
|
if not r and raise_exception:
|
||||||
|
msgs = {
|
||||||
|
'read': _('You can not read this document! (%s)'),
|
||||||
|
'write': _('You can not write in this document! (%s)'),
|
||||||
|
'create': _('You can not create this kind of document! (%s)'),
|
||||||
|
'unlink': _('You can not delete this document! (%s)'),
|
||||||
|
}
|
||||||
|
raise except_orm(_('AccessError'), msgs[mode] % model_name )
|
||||||
|
return r
|
||||||
|
|
||||||
check = tools.cache()(check)
|
check = tools.cache()(check)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -189,7 +189,7 @@ class users(osv.osv):
|
||||||
default.update({'login': login+' (copy)'})
|
default.update({'login': login+' (copy)'})
|
||||||
return super(users, self).copy(cr, uid, id, default, context)
|
return super(users, self).copy(cr, uid, id, default, context)
|
||||||
|
|
||||||
def context_get(self, cr, uid, context={}):
|
def context_get(self, cr, uid, context=None):
|
||||||
user = self.browse(cr, uid, uid, context)
|
user = self.browse(cr, uid, uid, context)
|
||||||
result = {}
|
result = {}
|
||||||
for k in self._columns.keys():
|
for k in self._columns.keys():
|
||||||
|
|
@ -276,3 +276,6 @@ class res_config_view(osv.osv_memory):
|
||||||
}
|
}
|
||||||
|
|
||||||
res_config_view()
|
res_config_view()
|
||||||
|
|
||||||
|
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue