odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[IMP] ir.config.parameters: support group-based access control

This commit is contained in:
Jeremy Kersten 2014-06-23 16:52:40 +02:00
parent fd8ae038d8
commit f337bcaa1d
10 changed files with 49 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
addons/base_gengo/wizard/base_gengo_translations.py
View File

@ -57,7 +57,7 @@ class base_gengo_translations(osv.osv_memory):
def init(self, cr):
icp = self.pool['ir.config_parameter']
if not icp.get_param(cr, SUPERUSER_ID, self.GENGO_KEY, default=None):
icp.set_param(cr, SUPERUSER_ID, self.GENGO_KEY, str(uuid.uuid4()))
icp.set_param(cr, SUPERUSER_ID, self.GENGO_KEY, str(uuid.uuid4()), groups=['base.group_website_designer', 'base.group_website_publisher'])
def get_gengo_key(self, cr):
icp = self.pool['ir.config_parameter']

4
addons/google_account/google_account.py
View File

@ -174,10 +174,10 @@ class google_service(osv.osv_memory):
return self.pool.get('ir.config_parameter').get_param(cr, uid, 'web.base.url', default='http://www.openerp.com?NoBaseUrl', context=context)
def get_client_id(self, cr, uid, service, context=None):
return self.pool.get('ir.config_parameter').get_param(cr, uid, 'google_%s_client_id' % (service,), default=False, context=context)
return self.pool.get('ir.config_parameter').get_param(cr, SUPERUSER_ID, 'google_%s_client_id' % (service,), default=False, context=context)
def get_client_secret(self, cr, uid, service, context=None):
return self.pool.get('ir.config_parameter').get_param(cr, uid, 'google_%s_client_secret' % (service,), default=False, context=context)
return self.pool.get('ir.config_parameter').get_param(cr, SUPERUSER_ID, 'google_%s_client_secret' % (service,), default=False, context=context)
def get_uri_oauth(self, a=''): # a = optional action
return "https://accounts.google.com/o/oauth2/%s" % (a,)

4
addons/google_calendar/res_config.py
View File

@ -13,8 +13,8 @@ class calendar_config_settings(osv.TransientModel):
def set_calset(self,cr,uid,ids,context=None) :
params = self.pool['ir.config_parameter']
myself = self.browse(cr,uid,ids[0],context=context)
params.set_param(cr, uid, 'google_calendar_client_id', myself.cal_client_id or '', context=None)
params.set_param(cr, uid, 'google_calendar_client_secret', myself.cal_client_secret or '', context=None)
params.set_param(cr, uid, 'google_calendar_client_id', myself.cal_client_id or '', groups=['base.group_system'], context=None)
params.set_param(cr, uid, 'google_calendar_client_secret', myself.cal_client_secret or '', groups=['base.group_system'], context=None)
def get_default_all(self,cr,uid,ids,context=None):

6
addons/google_drive/google_drive.py
View File

@ -240,7 +240,7 @@ class base_config_settings(osv.TransientModel):
}
_defaults = {
'google_drive_uri': lambda s, cr, uid, c: s.pool['google.service']._get_google_token_uri(cr, uid, 'drive', scope=s.pool['google.drive.config'].get_google_scope(), context=c),
'google_drive_authorization_code': lambda s, cr, uid, c: s.pool['ir.config_parameter'].get_param(cr, uid, 'google_drive_authorization_code', context=c),
'google_drive_authorization_code': lambda s, cr, uid, c: s.pool['ir.config_parameter'].get_param(cr, SUPERUSER_ID, 'google_drive_authorization_code', context=c),
}
def set_google_authorization_code(self, cr, uid, ids, context=None):
@ -249,5 +249,5 @@ class base_config_settings(osv.TransientModel):
auth_code = config.google_drive_authorization_code
if auth_code and auth_code != ir_config_param.get_param(cr, uid, 'google_drive_authorization_code', context=context):
refresh_token = self.pool['google.service'].generate_refresh_token(cr, uid, 'drive', config.google_drive_authorization_code, context=context)
ir_config_param.set_param(cr, uid, 'google_drive_authorization_code', auth_code)
ir_config_param.set_param(cr, uid, 'google_drive_refresh_token', refresh_token)
ir_config_param.set_param(cr, uid, 'google_drive_authorization_code', auth_code, groups=['base.group_system'])
ir_config_param.set_param(cr, uid, 'google_drive_refresh_token', refresh_token, groups=['base.group_system'])

2
addons/google_drive/google_drive_data.xml
View File

@ -5,11 +5,13 @@
<record id="config_google_drive_client_id" model="ir.config_parameter">
<field name="key">google_drive_client_id</field>
<field name="value">598905559630.apps.googleusercontent.com</field>
<field name="group_ids" eval="[(4, ref('base.group_user'))]" />
</record>
<record id="config_google_drive_client_secret" model="ir.config_parameter">
<field name="key">google_drive_client_secret</field>
<field name="value">vTmou73c-njP-1qCxm7qx7QE</field>
<field name="group_ids" eval="[(4, ref('base.group_system'))]" />
</record>
</data>

2
addons/mail/update.py
View File

@ -29,7 +29,7 @@ def get_sys_logs(self, cr, uid):
pool = openerp.registry(cr.dbname)
dbuuid = pool.get('ir.config_parameter').get_param(cr, uid, 'database.uuid')
db_create_date = pool.get('ir.config_parameter').get_param(cr, uid, 'database.create_date')
db_create_date = pool.get('ir.config_parameter').get_param(cr, SUPERUSER_ID, 'database.create_date')
limit_date = datetime.datetime.now()
limit_date = limit_date - datetime.timedelta(15)
limit_date_str = limit_date.strftime(misc.DEFAULT_SERVER_DATETIME_FORMAT)

2
addons/web_linkedin/web_linkedin.py
View File

@ -52,7 +52,7 @@ class web_linkedin_settings(osv.osv_memory):
def set_linkedin(self, cr, uid, ids, context=None):
key = self.browse(cr, uid, ids[0], context)["api_key"] or ""
self.pool.get("ir.config_parameter").set_param(cr, uid, "web.linkedin.apikey", key)
self.pool.get("ir.config_parameter").set_param(cr, uid, "web.linkedin.apikey", key, groups=['base.group_users'])
class web_linkedin_fields(osv.Model):
_inherit = 'res.partner'

34
openerp/addons/base/ir/ir_config_parameter.py
View File

@ -33,11 +33,12 @@ from openerp.tools import misc, config
A dictionary holding some configuration parameters to be initialized when the database is created.
"""
_default_parameters = {
"database.uuid": lambda: str(uuid.uuid1()),
"database.create_date": lambda: datetime.datetime.now().strftime(misc.DEFAULT_SERVER_DATETIME_FORMAT),
"web.base.url": lambda: "http://localhost:%s" % config.get('xmlrpc_port'),
"database.uuid": lambda: (str(uuid.uuid1()), []),
"database.create_date": lambda: (datetime.datetime.now().strftime(misc.DEFAULT_SERVER_DATETIME_FORMAT), ['base.group_user']),
"web.base.url": lambda: ("http://localhost:%s" % config.get('xmlrpc_port'), []),
}
class ir_config_parameter(osv.osv):
"""Per-database storage of configuration key-value pairs."""
@ -47,6 +48,7 @@ class ir_config_parameter(osv.osv):
_columns = {
'key': fields.char('Key', required=True, select=1),
'value': fields.text('Value', required=True),
'group_ids': fields.many2many('res.groups', 'ir_config_parameter_groups_rel', 'icp_id', 'group_id', string='Groups'),
}
_sql_constraints = [
@ -62,7 +64,9 @@ class ir_config_parameter(osv.osv):
# force=True skips search and always performs the 'if' body (because ids=False)
ids = not force and self.search(cr, SUPERUSER_ID, [('key','=',key)])
if not ids:
self.set_param(cr, SUPERUSER_ID, key, func())
value, groups = func()
self.set_param(cr, SUPERUSER_ID, key, value, groups=groups)
def get_param(self, cr, uid, key, default=False, context=None):
"""Retrieve the value for a given key.
@ -78,24 +82,36 @@ class ir_config_parameter(osv.osv):
param = self.browse(cr, uid, ids[0], context=context)
value = param.value
return value
def set_param(self, cr, uid, key, value, context=None):
def set_param(self, cr, uid, key, value, groups=[], context=None):
"""Sets the value of a parameter.
:param string key: The key of the parameter value to set.
:param string value: The value to set.
:param list of string groups: List of group (xml_id allowed) to read this key.
:return: the previous value of the parameter or False if it did
not exist.
:rtype: string
"""
ids = self.search(cr, uid, [('key','=',key)], context=context)
gids = []
for group_xml in groups:
res_id = self.pool['ir.model.data'].xmlid_to_res_id(cr, uid, group_xml)
if res_id:
gids.append((4, res_id))
vals = {'value': value}
if gids:
vals.update(group_ids=gids)
if ids:
param = self.browse(cr, uid, ids[0], context=context)
old = param.value
self.write(cr, uid, ids, {'value': value}, context=context)
self.write(cr, uid, ids, vals, context=context)
return old
else:
self.create(cr, uid, {'key': key, 'value': value}, context=context)
vals.update(key=key)
self.create(cr, uid, vals, context=context)
return False
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:

2
openerp/addons/base/ir/ir_config_parameter_view.xml
View File

@ -16,6 +16,7 @@
<tree string="System Parameters">
<field name="key"/>
<field name="value"/>
<field name="group_ids"/>
</tree>
</field>
</record>
@ -27,6 +28,7 @@
<group>
<field name="key"/>
<field name="value"/>
<field name="group_ids" widget="many2many_tags"/>
</group>
</sheet>
</form>

10
openerp/addons/base/security/base_security.xml
View File

@ -98,6 +98,16 @@
<field name="domain_force">['|','|',('company_id.child_ids','child_of',[user.company_id.id]),('company_id','child_of',[user.company_id.id]),('company_id','=',False)]</field>
</record>
<record id="ir_config_parameter_rule" model="ir.rule">
<field name="name">ICP read rule</field>
<field name="model_id" ref="model_ir_config_parameter"/>
<field name="domain_force">['|',('group_ids','in', [g.id for g in user.groups_id]), ('group_ids','=',False)]</field>
<field name="perm_read" eval="True"/>
<field name="perm_create" eval="False"/>
<field name="perm_write" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<record id="res_currency_rule" model="ir.rule">
<field name="name">multi-company currency rule</field>
<field name="model_id" ref="model_res_currency"/>