From 73d02476672c7f09a02ee82bf21851a668bfa449 Mon Sep 17 00:00:00 2001 From: bch <> Date: Thu, 24 May 2007 11:23:49 +0000 Subject: [PATCH] New ir.model.access check logic. Simpler way to define acces without border effect. bzr revid: bch-4e1ec3738ad0c4cb830a89cb35b5177398bdcbe7 --- bin/addons/base/ir/ir_model.py | 32 +++++++++----------------------- doc/migrate/4.0.0-4.1.0/pre.py | 10 ++++++++++ 2 files changed, 19 insertions(+), 23 deletions(-) diff --git a/bin/addons/base/ir/ir_model.py b/bin/addons/base/ir/ir_model.py index ec718924cab..65407175ea9 100644 --- a/bin/addons/base/ir/ir_model.py +++ b/bin/addons/base/ir/ir_model.py @@ -90,31 +90,17 @@ class ir_model_access(osv.osv): assert mode in ['read','write','create','unlink'], 'Invalid access mode for security' if uid==1: return True + cr.execute('select bool_or(perm_'+mode+') from ir_model_access a join ir_model m on (a.model_id=m.id) join res_groups_users_rel gu on (gu.gid = a.group_id) where m.model= %s and gu.uid= %s',(model_name,uid,)) + r= cr.fetchall() + if r[0][0] == None: + cr.execute(' select bool_or(perm_'+mode+') from ir_model_access a join ir_model m on (a.model_id=m.id) where a.group_id is null and m.model=%s',(model_name,)) + r= cr.fetchall() + if r[0][0] == None : return True - # fetch the list of rules for this "permission type" on this model - cr.execute('select group_id, perm_'+mode+' from ir_model_access a left join ir_model m on (a.model_id=m.id) where m.model=%s', (model_name,)) - - # if no rule is found, grant the access - if not cr.rowcount: - return True - - # if group None, ok for this user - ids = filter(lambda x: x[1], cr.fetchall()) - for i in ids: - if not i: - return True - - # compute the list of groups which have the right we are looking for - ids = map(lambda x: str(x[0]), ids) - if not ids: + if not r[0][0]: raise osv.except_osv('Access denied !', 'You can not %s this resource !' % mode) - ids_str = ','.join(ids) - - # check if the user is part of one of those groups - cr.execute('select count(*) from res_groups_users_rel where uid=%d and gid in ('+ids_str+')', (uid,)) - if cr.fetchone()[0]: - return True - raise osv.except_osv('Access denied !', 'You can not %s this resource !' % mode) + return True + check = tools.cache()(check) # diff --git a/doc/migrate/4.0.0-4.1.0/pre.py b/doc/migrate/4.0.0-4.1.0/pre.py index ad674d0bd68..a73a152a171 100644 --- a/doc/migrate/4.0.0-4.1.0/pre.py +++ b/doc/migrate/4.0.0-4.1.0/pre.py @@ -117,4 +117,14 @@ cr.commit() cr.execute("UPDATE ir_act_window SET name = ''") + +# ------------------------------------------------------------------------ # +# Create a "allow none" default access to keep the behaviour of the system # +# ------------------------------------------------------------------------ # + +cr.execute('SELECT model_id FROM ir_model_access') +res= cr.fetchall() +for r in res: + cr.execute("INSERT into ir_model_access (name,model_id,group_id) VALUES ('Auto-generated access by migration',%d,%s)",(r[0],None)) +cr.commit() cr.close