[IMP] ir.config.parameters: support group-based access control
This commit is contained in:
parent
fd8ae038d8
commit
f337bcaa1d
|
@ -57,7 +57,7 @@ class base_gengo_translations(osv.osv_memory):
|
|||
def init(self, cr):
|
||||
icp = self.pool['ir.config_parameter']
|
||||
if not icp.get_param(cr, SUPERUSER_ID, self.GENGO_KEY, default=None):
|
||||
icp.set_param(cr, SUPERUSER_ID, self.GENGO_KEY, str(uuid.uuid4()))
|
||||
icp.set_param(cr, SUPERUSER_ID, self.GENGO_KEY, str(uuid.uuid4()), groups=['base.group_website_designer', 'base.group_website_publisher'])
|
||||
|
||||
def get_gengo_key(self, cr):
|
||||
icp = self.pool['ir.config_parameter']
|
||||
|
|
|
@ -174,10 +174,10 @@ class google_service(osv.osv_memory):
|
|||
return self.pool.get('ir.config_parameter').get_param(cr, uid, 'web.base.url', default='http://www.openerp.com?NoBaseUrl', context=context)
|
||||
|
||||
def get_client_id(self, cr, uid, service, context=None):
|
||||
return self.pool.get('ir.config_parameter').get_param(cr, uid, 'google_%s_client_id' % (service,), default=False, context=context)
|
||||
return self.pool.get('ir.config_parameter').get_param(cr, SUPERUSER_ID, 'google_%s_client_id' % (service,), default=False, context=context)
|
||||
|
||||
def get_client_secret(self, cr, uid, service, context=None):
|
||||
return self.pool.get('ir.config_parameter').get_param(cr, uid, 'google_%s_client_secret' % (service,), default=False, context=context)
|
||||
return self.pool.get('ir.config_parameter').get_param(cr, SUPERUSER_ID, 'google_%s_client_secret' % (service,), default=False, context=context)
|
||||
|
||||
def get_uri_oauth(self, a=''): # a = optional action
|
||||
return "https://accounts.google.com/o/oauth2/%s" % (a,)
|
||||
|
|
|
@ -13,8 +13,8 @@ class calendar_config_settings(osv.TransientModel):
|
|||
def set_calset(self,cr,uid,ids,context=None) :
|
||||
params = self.pool['ir.config_parameter']
|
||||
myself = self.browse(cr,uid,ids[0],context=context)
|
||||
params.set_param(cr, uid, 'google_calendar_client_id', myself.cal_client_id or '', context=None)
|
||||
params.set_param(cr, uid, 'google_calendar_client_secret', myself.cal_client_secret or '', context=None)
|
||||
params.set_param(cr, uid, 'google_calendar_client_id', myself.cal_client_id or '', groups=['base.group_system'], context=None)
|
||||
params.set_param(cr, uid, 'google_calendar_client_secret', myself.cal_client_secret or '', groups=['base.group_system'], context=None)
|
||||
|
||||
|
||||
def get_default_all(self,cr,uid,ids,context=None):
|
||||
|
|
|
@ -240,7 +240,7 @@ class base_config_settings(osv.TransientModel):
|
|||
}
|
||||
_defaults = {
|
||||
'google_drive_uri': lambda s, cr, uid, c: s.pool['google.service']._get_google_token_uri(cr, uid, 'drive', scope=s.pool['google.drive.config'].get_google_scope(), context=c),
|
||||
'google_drive_authorization_code': lambda s, cr, uid, c: s.pool['ir.config_parameter'].get_param(cr, uid, 'google_drive_authorization_code', context=c),
|
||||
'google_drive_authorization_code': lambda s, cr, uid, c: s.pool['ir.config_parameter'].get_param(cr, SUPERUSER_ID, 'google_drive_authorization_code', context=c),
|
||||
}
|
||||
|
||||
def set_google_authorization_code(self, cr, uid, ids, context=None):
|
||||
|
@ -249,5 +249,5 @@ class base_config_settings(osv.TransientModel):
|
|||
auth_code = config.google_drive_authorization_code
|
||||
if auth_code and auth_code != ir_config_param.get_param(cr, uid, 'google_drive_authorization_code', context=context):
|
||||
refresh_token = self.pool['google.service'].generate_refresh_token(cr, uid, 'drive', config.google_drive_authorization_code, context=context)
|
||||
ir_config_param.set_param(cr, uid, 'google_drive_authorization_code', auth_code)
|
||||
ir_config_param.set_param(cr, uid, 'google_drive_refresh_token', refresh_token)
|
||||
ir_config_param.set_param(cr, uid, 'google_drive_authorization_code', auth_code, groups=['base.group_system'])
|
||||
ir_config_param.set_param(cr, uid, 'google_drive_refresh_token', refresh_token, groups=['base.group_system'])
|
||||
|
|
|
@ -5,11 +5,13 @@
|
|||
<record id="config_google_drive_client_id" model="ir.config_parameter">
|
||||
<field name="key">google_drive_client_id</field>
|
||||
<field name="value">598905559630.apps.googleusercontent.com</field>
|
||||
<field name="group_ids" eval="[(4, ref('base.group_user'))]" />
|
||||
</record>
|
||||
|
||||
<record id="config_google_drive_client_secret" model="ir.config_parameter">
|
||||
<field name="key">google_drive_client_secret</field>
|
||||
<field name="value">vTmou73c-njP-1qCxm7qx7QE</field>
|
||||
<field name="group_ids" eval="[(4, ref('base.group_system'))]" />
|
||||
</record>
|
||||
|
||||
</data>
|
||||
|
|
|
@ -29,7 +29,7 @@ def get_sys_logs(self, cr, uid):
|
|||
pool = openerp.registry(cr.dbname)
|
||||
|
||||
dbuuid = pool.get('ir.config_parameter').get_param(cr, uid, 'database.uuid')
|
||||
db_create_date = pool.get('ir.config_parameter').get_param(cr, uid, 'database.create_date')
|
||||
db_create_date = pool.get('ir.config_parameter').get_param(cr, SUPERUSER_ID, 'database.create_date')
|
||||
limit_date = datetime.datetime.now()
|
||||
limit_date = limit_date - datetime.timedelta(15)
|
||||
limit_date_str = limit_date.strftime(misc.DEFAULT_SERVER_DATETIME_FORMAT)
|
||||
|
|
|
@ -52,7 +52,7 @@ class web_linkedin_settings(osv.osv_memory):
|
|||
|
||||
def set_linkedin(self, cr, uid, ids, context=None):
|
||||
key = self.browse(cr, uid, ids[0], context)["api_key"] or ""
|
||||
self.pool.get("ir.config_parameter").set_param(cr, uid, "web.linkedin.apikey", key)
|
||||
self.pool.get("ir.config_parameter").set_param(cr, uid, "web.linkedin.apikey", key, groups=['base.group_users'])
|
||||
|
||||
class web_linkedin_fields(osv.Model):
|
||||
_inherit = 'res.partner'
|
||||
|
|
|
@ -33,11 +33,12 @@ from openerp.tools import misc, config
|
|||
A dictionary holding some configuration parameters to be initialized when the database is created.
|
||||
"""
|
||||
_default_parameters = {
|
||||
"database.uuid": lambda: str(uuid.uuid1()),
|
||||
"database.create_date": lambda: datetime.datetime.now().strftime(misc.DEFAULT_SERVER_DATETIME_FORMAT),
|
||||
"web.base.url": lambda: "http://localhost:%s" % config.get('xmlrpc_port'),
|
||||
"database.uuid": lambda: (str(uuid.uuid1()), []),
|
||||
"database.create_date": lambda: (datetime.datetime.now().strftime(misc.DEFAULT_SERVER_DATETIME_FORMAT), ['base.group_user']),
|
||||
"web.base.url": lambda: ("http://localhost:%s" % config.get('xmlrpc_port'), []),
|
||||
}
|
||||
|
||||
|
||||
class ir_config_parameter(osv.osv):
|
||||
"""Per-database storage of configuration key-value pairs."""
|
||||
|
||||
|
@ -47,6 +48,7 @@ class ir_config_parameter(osv.osv):
|
|||
_columns = {
|
||||
'key': fields.char('Key', required=True, select=1),
|
||||
'value': fields.text('Value', required=True),
|
||||
'group_ids': fields.many2many('res.groups', 'ir_config_parameter_groups_rel', 'icp_id', 'group_id', string='Groups'),
|
||||
}
|
||||
|
||||
_sql_constraints = [
|
||||
|
@ -62,7 +64,9 @@ class ir_config_parameter(osv.osv):
|
|||
# force=True skips search and always performs the 'if' body (because ids=False)
|
||||
ids = not force and self.search(cr, SUPERUSER_ID, [('key','=',key)])
|
||||
if not ids:
|
||||
self.set_param(cr, SUPERUSER_ID, key, func())
|
||||
value, groups = func()
|
||||
self.set_param(cr, SUPERUSER_ID, key, value, groups=groups)
|
||||
|
||||
|
||||
def get_param(self, cr, uid, key, default=False, context=None):
|
||||
"""Retrieve the value for a given key.
|
||||
|
@ -78,24 +82,36 @@ class ir_config_parameter(osv.osv):
|
|||
param = self.browse(cr, uid, ids[0], context=context)
|
||||
value = param.value
|
||||
return value
|
||||
|
||||
def set_param(self, cr, uid, key, value, context=None):
|
||||
|
||||
def set_param(self, cr, uid, key, value, groups=[], context=None):
|
||||
"""Sets the value of a parameter.
|
||||
|
||||
|
||||
:param string key: The key of the parameter value to set.
|
||||
:param string value: The value to set.
|
||||
:param list of string groups: List of group (xml_id allowed) to read this key.
|
||||
:return: the previous value of the parameter or False if it did
|
||||
not exist.
|
||||
:rtype: string
|
||||
"""
|
||||
ids = self.search(cr, uid, [('key','=',key)], context=context)
|
||||
|
||||
gids = []
|
||||
for group_xml in groups:
|
||||
res_id = self.pool['ir.model.data'].xmlid_to_res_id(cr, uid, group_xml)
|
||||
if res_id:
|
||||
gids.append((4, res_id))
|
||||
|
||||
vals = {'value': value}
|
||||
if gids:
|
||||
vals.update(group_ids=gids)
|
||||
if ids:
|
||||
param = self.browse(cr, uid, ids[0], context=context)
|
||||
old = param.value
|
||||
self.write(cr, uid, ids, {'value': value}, context=context)
|
||||
self.write(cr, uid, ids, vals, context=context)
|
||||
return old
|
||||
else:
|
||||
self.create(cr, uid, {'key': key, 'value': value}, context=context)
|
||||
vals.update(key=key)
|
||||
self.create(cr, uid, vals, context=context)
|
||||
return False
|
||||
|
||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
<tree string="System Parameters">
|
||||
<field name="key"/>
|
||||
<field name="value"/>
|
||||
<field name="group_ids"/>
|
||||
</tree>
|
||||
</field>
|
||||
</record>
|
||||
|
@ -27,6 +28,7 @@
|
|||
<group>
|
||||
<field name="key"/>
|
||||
<field name="value"/>
|
||||
<field name="group_ids" widget="many2many_tags"/>
|
||||
</group>
|
||||
</sheet>
|
||||
</form>
|
||||
|
|
|
@ -98,6 +98,16 @@
|
|||
<field name="domain_force">['|','|',('company_id.child_ids','child_of',[user.company_id.id]),('company_id','child_of',[user.company_id.id]),('company_id','=',False)]</field>
|
||||
</record>
|
||||
|
||||
<record id="ir_config_parameter_rule" model="ir.rule">
|
||||
<field name="name">ICP read rule</field>
|
||||
<field name="model_id" ref="model_ir_config_parameter"/>
|
||||
<field name="domain_force">['|',('group_ids','in', [g.id for g in user.groups_id]), ('group_ids','=',False)]</field>
|
||||
<field name="perm_read" eval="True"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_unlink" eval="False"/>
|
||||
</record>
|
||||
|
||||
<record id="res_currency_rule" model="ir.rule">
|
||||
<field name="name">multi-company currency rule</field>
|
||||
<field name="model_id" ref="model_res_currency"/>
|
||||
|
|
Loading…
Reference in New Issue