Odoo Server (MOVED TO GITHUB)

Merge lp:~openerp-dev/openobject-server/6.0-opw-574351-nep into lp:openobject-server/6.0

  1. 6.0-opw-574351-nep
  2. Merge into 6.0
Proposed by Nehal Panchal (OpenERP)
Status: Rejected
Rejected by: Naresh(OpenERP)
Proposed branch: lp:~openerp-dev/openobject-server/6.0-opw-574351-nep
Merge into: lp:openobject-server/6.0
Diff against target: 430 lines (+195/-156)
3 files modified
bin/addons/base/ir/ir_values.py (+187/-154)
bin/addons/base/security/base_security.xml (+7/-0)
bin/addons/base/security/ir.model.access.csv (+1/-2)
To merge this branch: bzr merge lp:~openerp-dev/openobject-server/6.0-opw-574351-nep
Reviewer Review Type Date Requested Status
Naresh(OpenERP) (community) Disapprove
Review via email: mp+105194@code.launchpad.net

Description of the change

Hello,

Non-admin user cannot set default value with "only for you" option.

This fixes the issue.

Thanks.

To post a comment you must log in.
Revision history for this message
Naresh(OpenERP) (nch-openerp) wrote :

Hello

The changes are huge and very risky to be merged to stable version. This may cause regression and effect the existing customers. I would reject this merge proposal.

Thanks,

review: Disapprove

Unmerged revisions

3618. By Nehal Panchal (OpenERP)

[FIX] base : Non-admin user cannot set default value with 'only for you' option

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'bin/addons/base/ir/ir_values.py'
--- bin/addons/base/ir/ir_values.py 2012-02-09 08:53:51 +0000
+++ bin/addons/base/ir/ir_values.py 2012-05-09 12:18:18 +0000
@@ -27,20 +27,28 @@
27EXCLUDED_FIELDS = set((27EXCLUDED_FIELDS = set((
28 'report_sxw_content', 'report_rml_content', 'report_sxw', 'report_rml',28 'report_sxw_content', 'report_rml_content', 'report_sxw', 'report_rml',
29 'report_sxw_content_data', 'report_rml_content_data', 'search_view', ))29 'report_sxw_content_data', 'report_rml_content_data', 'search_view', ))
30
31ACTION_SLOTS = [
32 "client_action_multi", # sidebar wizard action
33 "client_print_multi", # sidebar report printing button
34 "client_action_relate", # sidebar related link
35 "tree_but_open", # double-click on item in tree view
36 "tree_but_action", # deprecated: same as tree_but_open
37 ]
3038
31class ir_values(osv.osv):39class ir_values(osv.osv):
32 _name = 'ir.values'40 _name = 'ir.values'
3341
34 def _value_unpickle(self, cursor, user, ids, name, arg, context=None):42 def _value_unpickle(self, cursor, user, ids, name, arg, context=None):
35 res = {}43 res = {}
36 for report in self.browse(cursor, user, ids, context=context):44 for record in self.browse(cursor, user, ids, context=context):
37 value = report[name[:-9]]45 value = record[name[:-9]]
38 if not report.object and value:46 if record.key == 'default' and value:
39 try:47 try:
40 value = str(pickle.loads(value))48 value = str(pickle.loads(value))
41 except:49 except Exception:
42 pass50 pass
43 res[report.id] = value51 res[record.id] = value
44 return res52 return res
4553
46 def _value_pickle(self, cursor, user, id, name, value, arg, context=None):54 def _value_pickle(self, cursor, user, id, name, value, arg, context=None):
@@ -49,18 +57,19 @@
49 ctx = context.copy()57 ctx = context.copy()
50 if self.CONCURRENCY_CHECK_FIELD in ctx:58 if self.CONCURRENCY_CHECK_FIELD in ctx:
51 del ctx[self.CONCURRENCY_CHECK_FIELD]59 del ctx[self.CONCURRENCY_CHECK_FIELD]
52 if not self.browse(cursor, user, id, context=context).object:60 record = self.browse(cursor, user, id, context=context)
61 if record.key == 'default':
53 value = pickle.dumps(value)62 value = pickle.dumps(value)
54 self.write(cursor, user, id, {name[:-9]: value}, context=ctx)63 self.write(cursor, user, id, {name[:-9]: value}, context=ctx)
5564
56 def onchange_object_id(self, cr, uid, ids, object_id, context={}):65 def onchange_object_id(self, cr, uid, ids, object_id, context=None):
57 if not object_id: return {}66 if not object_id: return {}
58 act = self.pool.get('ir.model').browse(cr, uid, object_id, context=context)67 act = self.pool.get('ir.model').browse(cr, uid, object_id, context=context)
59 return {68 return {
60 'value': {'model': act.model}69 'value': {'model': act.model}
61 }70 }
6271
63 def onchange_action_id(self, cr, uid, ids, action_id, context={}):72 def onchange_action_id(self, cr, uid, ids, action_id, context=None):
64 if not action_id: return {}73 if not action_id: return {}
65 act = self.pool.get('ir.actions.actions').browse(cr, uid, action_id, context=context)74 act = self.pool.get('ir.actions.actions').browse(cr, uid, action_id, context=context)
66 return {75 return {
@@ -68,29 +77,44 @@
68 }77 }
6978
70 _columns = {79 _columns = {
71 'name': fields.char('Name', size=128),80 'name': fields.char('Name', size=128, required=True),
72 'model_id': fields.many2one('ir.model', 'Object', size=128,81 'model': fields.char('Model Name', size=128, select=True, required=True,
73 help="This field is not used, it only helps you to select a good model."),82 help="Model to which this entry applies"),
74 'model': fields.char('Object Name', size=128, select=True),83 'model_id': fields.many2one('ir.model', 'Model (change only)', size=128,
75 'action_id': fields.many2one('ir.actions.actions', 'Action',84 help="Model to which this entry applies - "
76 help="This field is not used, it only helps you to select the right action."),85 "helper field for setting a model, will "
77 'value': fields.text('Value'),86 "automatically set the correct model name"),
87 'action_id': fields.many2one('ir.actions.actions', 'Action (change only)',
88 help="Action bound to this entry - "
89 "helper field for binding an action, will "
90 "automatically set the correct reference"),
91 'value': fields.text('Value', help="Default value (pickled) or reference to an action"),
78 'value_unpickle': fields.function(_value_unpickle, fnct_inv=_value_pickle,92 'value_unpickle': fields.function(_value_unpickle, fnct_inv=_value_pickle,
79 method=True, type='text', string='Value'),93 type='text',
80 'object': fields.boolean('Is Object'),94 string='Default value or action reference'),
81 'key': fields.selection([('action','Action'),('default','Default')], 'Type', size=128, select=True),95 'key': fields.selection([('action','Action'),('default','Default')],
82 'key2' : fields.char('Event Type',help="The kind of action or button in the client side that will trigger the action.", size=128, select=True),96 'Type', size=128, select=True, required=True,
83 'meta': fields.text('Meta Datas'),97 help="- Action: an action attached to one slot of the given model\n"
84 'meta_unpickle': fields.function(_value_unpickle, fnct_inv=_value_pickle,98 "- Default: a default value for a model field"),
85 method=True, type='text', string='Metadata'),99 'key2' : fields.char('Qualifier', size=128, select=True,
86 'res_id': fields.integer('Object ID', help="Keep 0 if the action must appear on all resources.", select=True),100 help="For actions, one of the possible action slots: \n"
87 'user_id': fields.many2one('res.users', 'User', ondelete='cascade', select=True),101 " - client_action_multi\n"
88 'company_id': fields.many2one('res.company', 'Company', select=True)102 " - client_print_multi\n"
103 " - client_action_relate\n"
104 " - tree_but_open\n"
105 "For defaults, an optional condition"
106 ,),
107 'res_id': fields.integer('Record ID', select=True,
108 help="Database identifier of the record to which this applies. "
109 "0 = for all records"),
110 'user_id': fields.many2one('res.users', 'User', ondelete='cascade', select=True,
111 help="If set, action binding only applies for this user."),
112 'company_id': fields.many2one('res.company', 'Company', ondelete='cascade', select=True,
113 help="If set, action binding only applies for this company")
89 }114 }
90 _defaults = {115 _defaults = {
91 'key': lambda *a: 'action',116 'key': 'action',
92 'key2': lambda *a: 'tree_but_open',117 'key2': 'tree_but_open',
93 'company_id': lambda *a: False
94 }118 }
95119
96 def _auto_init(self, cr, context=None):120 def _auto_init(self, cr, context=None):
@@ -99,137 +123,146 @@
99 if not cr.fetchone():123 if not cr.fetchone():
100 cr.execute('CREATE INDEX ir_values_key_model_key2_res_id_user_id_idx ON ir_values (key, model, key2, res_id, user_id)')124 cr.execute('CREATE INDEX ir_values_key_model_key2_res_id_user_id_idx ON ir_values (key, model, key2, res_id, user_id)')
101125
102 def set(self, cr, uid, key, key2, name, models, value, replace=True, isobject=False, meta=False, preserve_user=False, company=False):126 def set_default(self, cr, uid, model, field_name, value, for_all_users=True, company_id=False, condition=False):
103 if isinstance(value, unicode):127 if isinstance(value, unicode):
104 value = value.encode('utf8')128 value = value.encode('utf8')
105 if not isobject:129 if company_id is True:
106 value = pickle.dumps(value)130 user = self.pool.get('res.users').browse(cr, uid, uid)
107 if meta:131 company_id = user.company_id.id
108 meta = pickle.dumps(meta)132 search_criteria = [
109 assert isinstance(models, (list, tuple)), models133 ('key', '=', 'default'),
110 assert not company or isinstance(company, int), "Parameter 'company' must be an integer (company ID)!"134 ('key2', '=', condition and condition[:200]),
111 if company and company is True:135 ('model', '=', model),
112 current_user_obj = self.pool.get('res.users').browse(cr, uid, uid, context={})136 ('name', '=', field_name),
113 company = current_user_obj.company_id.id137 ('user_id', '=', False if for_all_users else uid),
114 138 ('company_id','=', company_id)
115 ids_res = []139 ]
116 for model in models:140 self.unlink(cr, uid, self.search(cr, uid, search_criteria))
141 return self.create(cr, uid, {
142 'name': field_name,
143 'value': pickle.dumps(value),
144 'model': model,
145 'key': 'default',
146 'key2': condition and condition[:200],
147 'user_id': False if for_all_users else uid,
148 'company_id': company_id,
149 })
150
151 def get_defaults(self, cr, uid, model, condition=False):
152 query = """SELECT v.id, v.name, v.value FROM ir_values v
153 LEFT JOIN res_users u ON (v.user_id = u.id)
154 WHERE v.key = %%s AND v.model = %%s
155 AND (v.user_id = %%s OR v.user_id IS NULL)
156 AND (v.company_id IS NULL OR
157 v.company_id =
158 (SELECT company_id from res_users where id = %%s)
159 )
160 %s
161 ORDER BY v.user_id, u.company_id"""
162 query = query % ('AND v.key2 = %s' if condition else '')
163 params = ('default', model, uid, uid)
164 if condition:
165 params += (condition[:200],)
166 cr.execute(query, params)
167 defaults = {}
168 for row in cr.dictfetchall():
169 defaults.setdefault(row['name'],
170 (row['id'], row['name'], pickle.loads(row['value'].encode('utf-8'))))
171 return defaults.values()
172
173 def set_action(self, cr, uid, name, action_slot, model, action, res_id=False):
174 assert isinstance(action, basestring) and ',' in action, \
175 'Action definition must be an action reference, e.g. "ir.actions.act_window,42"'
176 assert action_slot in ACTION_SLOTS, \
177 'Action slot (%s) must be one of: %r' % (action_slot, ACTION_SLOTS)
178 search_criteria = [
179 ('key', '=', 'action'),
180 ('key2', '=', action_slot),
181 ('model', '=', model),
182 ('res_id', '=', res_id or 0), # int field -> NULL == 0
183 ('value', '=', action),
184 ]
185 self.unlink(cr, uid, self.search(cr, uid, search_criteria))
186 return self.create(cr, uid, {
187 'key': 'action',
188 'key2': action_slot,
189 'model': model,
190 'res_id': res_id,
191 'name': name,
192 'value': action,
193 })
194
195 def get_actions(self, cr, uid, action_slot, model, res_id=False, context=None):
196 assert action_slot in ACTION_SLOTS, 'Illegal action slot value: %s' % action_slot
197 query = """SELECT v.id, v.name, v.value FROM ir_values v
198 WHERE v.key = %s AND v.key2 = %s
199 AND v.model = %s
200 AND (v.res_id = %s
201 OR v.res_id IS NULL
202 OR v.res_id = 0)
203 ORDER BY v.id"""
204 cr.execute(query, ('action', action_slot, model, res_id or None))
205 results = {}
206 for action in cr.dictfetchall():
207 action_model,id = action['value'].split(',')
208 fields = [
209 field
210 for field in self.pool.get(action_model)._all_columns
211 if field not in EXCLUDED_FIELDS]
212 try:
213 action_def = self.pool.get(action_model).read(cr, uid, int(id), fields, context)
214 if action_def:
215 if action_model in ('ir.actions.report.xml','ir.actions.act_window',
216 'ir.actions.wizard'):
217 groups = action_def.get('groups_id')
218 if groups:
219 cr.execute('SELECT 1 FROM res_groups_users_rel WHERE gid IN %s AND uid=%s',
220 (tuple(groups), uid))
221 if not cr.fetchone():
222 if action['name'] == 'Menuitem':
223 raise osv.except_osv('Error !',
224 'You do not have the permission to perform this operation !!!')
225 continue
226 results[action['name']] = (action['id'], action['name'], action_def)
227 except except_orm, e:
228 continue
229 return results.values()
230
231 def _map_legacy_model_list(self, model_list, map_fn, merge_results=False):
232 assert isinstance(model_list, (list, tuple)), \
233 "model_list should be in the form [model,..] or [(model,res_id), ..]"
234 results = []
235 for model in model_list:
236 res_id = False
117 if isinstance(model, (list, tuple)):237 if isinstance(model, (list, tuple)):
118 model,res_id = model238 model, res_id = model
239 result = map_fn(model, res_id)
240 if merge_results:
241 results.extend(result)
119 else:242 else:
120 res_id=False243 results.append(result)
121 if replace:244 return results
122 search_criteria = [
123 ('key', '=', key),
124 ('key2', '=', key2),
125 ('model', '=', model),
126 ('res_id', '=', res_id),
127 ('user_id', '=', preserve_user and uid),
128 ('company_id' ,'=', company)
129
130 ]
131 if key in ('meta', 'default'):
132 search_criteria.append(('name', '=', name))
133 else:
134 search_criteria.append(('value', '=', value))
135245
136 self.unlink(cr, uid, self.search(cr, uid, search_criteria))246 def set(self, cr, uid, key, key2, name, models, value, replace=True, isobject=False, meta=False, preserve_user=False, company=False):
137 vals = {247 assert key in ['default', 'action'], "ir.values entry keys must be in ['default','action']"
138 'name': name,248 if key == 'default':
139 'value': value,249 def do_set(model,res_id):
140 'model': model,250 return self.set_default(cr, uid, model, field_name=name, value=value,
141 'object': isobject,251 for_all_users=(not preserve_user), company_id=company,
142 'key': key,252 condition=key2)
143 'key2': key2 and key2[:200],253 elif key == 'action':
144 'meta': meta,254 def do_set(model,res_id):
145 'user_id': preserve_user and uid,255 return self.set_action(cr, uid, name, action_slot=key2, model=model, action=value, res_id=res_id)
146 'company_id':company256 return self._map_legacy_model_list(models, do_set)
147 }
148 if res_id:
149 vals['res_id'] = res_id
150 ids_res.append(self.create(cr, uid, vals))
151 return ids_res
152257
153 def get(self, cr, uid, key, key2, models, meta=False, context={}, res_id_req=False, without_user=True, key2_req=True):258 def get(self, cr, uid, key, key2, models, meta=False, context={}, res_id_req=False, without_user=True, key2_req=True):
154 result = []259 assert key in ['default', 'action'], "ir.values entry keys must be in ['default','action']"
155 for m in models:260 if key == 'default':
156 if isinstance(m, (list, tuple)):261 def do_get(model,res_id):
157 m, res_id = m262 return self.get_defaults(cr, uid, model, condition=key2)
158 else:263 elif key == 'action':
159 res_id=False264 def do_get(model,res_id):
160265 return self.get_actions(cr, uid, action_slot=key2, model=model, res_id=res_id, context=context)
161 where = ['key=%s','model=%s']266 return self._map_legacy_model_list(models, do_get, merge_results=True)
162 params = [key, str(m)]267
163 if key2:
164 where.append('key2=%s')
165 params.append(key2[:200])
166 elif key2_req and not meta:
167 where.append('key2 is null')
168 if res_id_req and (models[-1][0]==m):
169 if res_id:
170 where.append('res_id=%s')
171 params.append(res_id)
172 else:
173 where.append('(res_id is NULL)')
174 elif res_id:
175 if (models[-1][0]==m):
176 where.append('(res_id=%s or (res_id is null))')
177 params.append(res_id)
178 else:
179 where.append('res_id=%s')
180 params.append(res_id)
181
182 order = 'id, company_id'
183 where.append('''(user_id=%s or (user_id IS NULL))
184 and (company_id is null or
185 company_id = (SELECT company_id FROM res_users WHERE id = %s)) order by '''+ order)
186 params += [uid, uid]
187 clause = ' and '.join(where)
188 cr.execute('select id,name,value,object,meta, key from ir_values where ' + clause, params)
189 result = cr.fetchall()
190 if result:
191 break
192
193 if not result:
194 return []
195
196 def _result_get(x, keys):
197 if x[1] in keys:
198 return False
199 keys.append(x[1])
200 if x[3]:
201 model,id = x[2].split(',')
202 # FIXME: It might be a good idea to opt-in that kind of stuff
203 # FIXME: instead of arbitrarily removing random fields
204 fields = [
205 field
206 for field in self.pool.get(model).fields_get_keys(cr, uid)
207 if field not in EXCLUDED_FIELDS]
208
209 try:
210 datas = self.pool.get(model).read(cr, uid, [int(id)], fields, context)
211 except except_orm, e:
212 return False
213 datas = datas and datas[0]
214 if not datas:
215 return False
216 else:
217 datas = pickle.loads(x[2].encode('utf-8'))
218 if meta:
219 return (x[0], x[1], datas, pickle.loads(x[4]))
220 return (x[0], x[1], datas)
221 keys = []
222 res = filter(None, map(lambda x: _result_get(x, keys), result))
223 res2 = res[:]
224 for r in res:
225 if isinstance(r[2], dict) and r[2].get('type') in ('ir.actions.report.xml','ir.actions.act_window','ir.actions.wizard'):
226 groups = r[2].get('groups_id')
227 if groups:
228 cr.execute('SELECT COUNT(1) FROM res_groups_users_rel WHERE gid IN %s AND uid=%s',(tuple(groups), uid))
229 cnt = cr.fetchone()[0]
230 if not cnt:
231 res2.remove(r)
232 if r[1] == 'Menuitem' and not res2:
233 raise osv.except_osv('Error !','You do not have the permission to perform this operation !!!')
234 return res2
235ir_values()268ir_values()
236269
=== modified file 'bin/addons/base/security/base_security.xml'
--- bin/addons/base/security/base_security.xml 2011-03-03 15:59:18 +0000
+++ bin/addons/base/security/base_security.xml 2012-05-09 12:18:18 +0000
@@ -62,6 +62,13 @@
62 <field name="global" eval="True"/>62 <field name="global" eval="True"/>
63 <field name="domain_force">[('company_id','child_of',[user.company_id.id])]</field>63 <field name="domain_force">[('company_id','child_of',[user.company_id.id])]</field>
64 </record>64 </record>
65
66 <record model="ir.rule" id="ir_values_default_rule">
67 <field name="name">Defaults: alter personal values only</field>
68 <field name="model_id" ref="model_ir_values"/>
69 <field name="domain_force">[('key','=','default'),('user_id','=',user.id)]</field>
70 <field name="perm_read" eval="False"/>
71 </record>
6572
66 </data>73 </data>
67</openerp>74</openerp>
6875
=== modified file 'bin/addons/base/security/ir.model.access.csv'
--- bin/addons/base/security/ir.model.access.csv 2011-02-23 15:58:33 +0000
+++ bin/addons/base/security/ir.model.access.csv 2012-05-09 12:18:18 +0000
@@ -38,8 +38,7 @@
38"access_ir_ui_view_custom_group_user","ir_ui_view_custom_group_user","model_ir_ui_view_custom",,1,0,0,038"access_ir_ui_view_custom_group_user","ir_ui_view_custom_group_user","model_ir_ui_view_custom",,1,0,0,0
39"access_ir_ui_view_custom_group_system","ir_ui_view_custom_group_system","model_ir_ui_view_custom","group_system",1,1,1,139"access_ir_ui_view_custom_group_system","ir_ui_view_custom_group_system","model_ir_ui_view_custom","group_system",1,1,1,1
40"access_ir_ui_view_sc_group_user","ir_ui_view_sc group_user","model_ir_ui_view_sc",,1,1,1,140"access_ir_ui_view_sc_group_user","ir_ui_view_sc group_user","model_ir_ui_view_sc",,1,1,1,1
41"access_ir_values_group_erp_manager","ir_values group_erp_manager","model_ir_values","group_erp_manager",1,1,1,141"access_ir_values_group_all","ir_values group_all","model_ir_values",,1,1,1,1
42"access_ir_values_group_all","ir_values group_all","model_ir_values",,1,0,1,0
43"access_res_company_group_erp_manager","res_company group_erp_manager","model_res_company","group_erp_manager",1,1,1,142"access_res_company_group_erp_manager","res_company group_erp_manager","model_res_company","group_erp_manager",1,1,1,1
44"access_res_company_group_user","res_company group_user","model_res_company",,1,0,0,043"access_res_company_group_user","res_company group_user","model_res_company",,1,0,0,0
45"access_res_country_group_all","res_country group_user_all","model_res_country",,1,0,0,044"access_res_country_group_all","res_country group_user_all","model_res_country",,1,0,0,0