New ir.model.access check logic. Simpler way to define acces without border effect.
bzr revid: bch-4e1ec3738ad0c4cb830a89cb35b5177398bdcbe7
This commit is contained in:
parent
a2f13d606f
commit
73d0247667
|
@ -90,31 +90,17 @@ class ir_model_access(osv.osv):
|
||||||
assert mode in ['read','write','create','unlink'], 'Invalid access mode for security'
|
assert mode in ['read','write','create','unlink'], 'Invalid access mode for security'
|
||||||
if uid==1:
|
if uid==1:
|
||||||
return True
|
return True
|
||||||
|
cr.execute('select bool_or(perm_'+mode+') from ir_model_access a join ir_model m on (a.model_id=m.id) join res_groups_users_rel gu on (gu.gid = a.group_id) where m.model= %s and gu.uid= %s',(model_name,uid,))
|
||||||
|
r= cr.fetchall()
|
||||||
|
if r[0][0] == None:
|
||||||
|
cr.execute(' select bool_or(perm_'+mode+') from ir_model_access a join ir_model m on (a.model_id=m.id) where a.group_id is null and m.model=%s',(model_name,))
|
||||||
|
r= cr.fetchall()
|
||||||
|
if r[0][0] == None : return True
|
||||||
|
|
||||||
# fetch the list of rules for this "permission type" on this model
|
if not r[0][0]:
|
||||||
cr.execute('select group_id, perm_'+mode+' from ir_model_access a left join ir_model m on (a.model_id=m.id) where m.model=%s', (model_name,))
|
|
||||||
|
|
||||||
# if no rule is found, grant the access
|
|
||||||
if not cr.rowcount:
|
|
||||||
return True
|
|
||||||
|
|
||||||
# if group None, ok for this user
|
|
||||||
ids = filter(lambda x: x[1], cr.fetchall())
|
|
||||||
for i in ids:
|
|
||||||
if not i:
|
|
||||||
return True
|
|
||||||
|
|
||||||
# compute the list of groups which have the right we are looking for
|
|
||||||
ids = map(lambda x: str(x[0]), ids)
|
|
||||||
if not ids:
|
|
||||||
raise osv.except_osv('Access denied !', 'You can not %s this resource !' % mode)
|
raise osv.except_osv('Access denied !', 'You can not %s this resource !' % mode)
|
||||||
ids_str = ','.join(ids)
|
return True
|
||||||
|
|
||||||
# check if the user is part of one of those groups
|
|
||||||
cr.execute('select count(*) from res_groups_users_rel where uid=%d and gid in ('+ids_str+')', (uid,))
|
|
||||||
if cr.fetchone()[0]:
|
|
||||||
return True
|
|
||||||
raise osv.except_osv('Access denied !', 'You can not %s this resource !' % mode)
|
|
||||||
check = tools.cache()(check)
|
check = tools.cache()(check)
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
|
@ -117,4 +117,14 @@ cr.commit()
|
||||||
|
|
||||||
cr.execute("UPDATE ir_act_window SET name = ''")
|
cr.execute("UPDATE ir_act_window SET name = ''")
|
||||||
|
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------ #
|
||||||
|
# Create a "allow none" default access to keep the behaviour of the system #
|
||||||
|
# ------------------------------------------------------------------------ #
|
||||||
|
|
||||||
|
cr.execute('SELECT model_id FROM ir_model_access')
|
||||||
|
res= cr.fetchall()
|
||||||
|
for r in res:
|
||||||
|
cr.execute("INSERT into ir_model_access (name,model_id,group_id) VALUES ('Auto-generated access by migration',%d,%s)",(r[0],None))
|
||||||
|
cr.commit()
|
||||||
cr.close
|
cr.close
|
||||||
|
|
Loading…
Reference in New Issue