Merge lp:~openerp-dev/openobject-server/6.0-opw-574351-nep into lp:openobject-server/6.0
- 6.0-opw-574351-nep
- Merge into 6.0
Proposed by
Nehal Panchal (OpenERP)
Status: | Rejected |
---|---|
Rejected by: | Naresh(OpenERP) |
Proposed branch: | lp:~openerp-dev/openobject-server/6.0-opw-574351-nep |
Merge into: | lp:openobject-server/6.0 |
Diff against target: |
430 lines (+195/-156) 3 files modified
bin/addons/base/ir/ir_values.py (+187/-154) bin/addons/base/security/base_security.xml (+7/-0) bin/addons/base/security/ir.model.access.csv (+1/-2) |
To merge this branch: | bzr merge lp:~openerp-dev/openobject-server/6.0-opw-574351-nep |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Naresh(OpenERP) (community) | Disapprove | ||
Review via email: mp+105194@code.launchpad.net |
Commit message
Description of the change
Hello,
Non-admin user cannot set default value with "only for you" option.
This fixes the issue.
Thanks.
To post a comment you must log in.
Unmerged revisions
- 3618. By Nehal Panchal (OpenERP)
-
[FIX] base : Non-admin user cannot set default value with 'only for you' option
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'bin/addons/base/ir/ir_values.py' | |||
2 | --- bin/addons/base/ir/ir_values.py 2012-02-09 08:53:51 +0000 | |||
3 | +++ bin/addons/base/ir/ir_values.py 2012-05-09 12:18:18 +0000 | |||
4 | @@ -27,20 +27,28 @@ | |||
5 | 27 | EXCLUDED_FIELDS = set(( | 27 | EXCLUDED_FIELDS = set(( |
6 | 28 | 'report_sxw_content', 'report_rml_content', 'report_sxw', 'report_rml', | 28 | 'report_sxw_content', 'report_rml_content', 'report_sxw', 'report_rml', |
7 | 29 | 'report_sxw_content_data', 'report_rml_content_data', 'search_view', )) | 29 | 'report_sxw_content_data', 'report_rml_content_data', 'search_view', )) |
8 | 30 | |||
9 | 31 | ACTION_SLOTS = [ | ||
10 | 32 | "client_action_multi", # sidebar wizard action | ||
11 | 33 | "client_print_multi", # sidebar report printing button | ||
12 | 34 | "client_action_relate", # sidebar related link | ||
13 | 35 | "tree_but_open", # double-click on item in tree view | ||
14 | 36 | "tree_but_action", # deprecated: same as tree_but_open | ||
15 | 37 | ] | ||
16 | 30 | 38 | ||
17 | 31 | class ir_values(osv.osv): | 39 | class ir_values(osv.osv): |
18 | 32 | _name = 'ir.values' | 40 | _name = 'ir.values' |
19 | 33 | 41 | ||
20 | 34 | def _value_unpickle(self, cursor, user, ids, name, arg, context=None): | 42 | def _value_unpickle(self, cursor, user, ids, name, arg, context=None): |
21 | 35 | res = {} | 43 | res = {} |
25 | 36 | for report in self.browse(cursor, user, ids, context=context): | 44 | for record in self.browse(cursor, user, ids, context=context): |
26 | 37 | value = report[name[:-9]] | 45 | value = record[name[:-9]] |
27 | 38 | if not report.object and value: | 46 | if record.key == 'default' and value: |
28 | 39 | try: | 47 | try: |
29 | 40 | value = str(pickle.loads(value)) | 48 | value = str(pickle.loads(value)) |
31 | 41 | except: | 49 | except Exception: |
32 | 42 | pass | 50 | pass |
34 | 43 | res[report.id] = value | 51 | res[record.id] = value |
35 | 44 | return res | 52 | return res |
36 | 45 | 53 | ||
37 | 46 | def _value_pickle(self, cursor, user, id, name, value, arg, context=None): | 54 | def _value_pickle(self, cursor, user, id, name, value, arg, context=None): |
38 | @@ -49,18 +57,19 @@ | |||
39 | 49 | ctx = context.copy() | 57 | ctx = context.copy() |
40 | 50 | if self.CONCURRENCY_CHECK_FIELD in ctx: | 58 | if self.CONCURRENCY_CHECK_FIELD in ctx: |
41 | 51 | del ctx[self.CONCURRENCY_CHECK_FIELD] | 59 | del ctx[self.CONCURRENCY_CHECK_FIELD] |
43 | 52 | if not self.browse(cursor, user, id, context=context).object: | 60 | record = self.browse(cursor, user, id, context=context) |
44 | 61 | if record.key == 'default': | ||
45 | 53 | value = pickle.dumps(value) | 62 | value = pickle.dumps(value) |
46 | 54 | self.write(cursor, user, id, {name[:-9]: value}, context=ctx) | 63 | self.write(cursor, user, id, {name[:-9]: value}, context=ctx) |
47 | 55 | 64 | ||
49 | 56 | def onchange_object_id(self, cr, uid, ids, object_id, context={}): | 65 | def onchange_object_id(self, cr, uid, ids, object_id, context=None): |
50 | 57 | if not object_id: return {} | 66 | if not object_id: return {} |
51 | 58 | act = self.pool.get('ir.model').browse(cr, uid, object_id, context=context) | 67 | act = self.pool.get('ir.model').browse(cr, uid, object_id, context=context) |
52 | 59 | return { | 68 | return { |
53 | 60 | 'value': {'model': act.model} | 69 | 'value': {'model': act.model} |
54 | 61 | } | 70 | } |
55 | 62 | 71 | ||
57 | 63 | def onchange_action_id(self, cr, uid, ids, action_id, context={}): | 72 | def onchange_action_id(self, cr, uid, ids, action_id, context=None): |
58 | 64 | if not action_id: return {} | 73 | if not action_id: return {} |
59 | 65 | act = self.pool.get('ir.actions.actions').browse(cr, uid, action_id, context=context) | 74 | act = self.pool.get('ir.actions.actions').browse(cr, uid, action_id, context=context) |
60 | 66 | return { | 75 | return { |
61 | @@ -68,29 +77,44 @@ | |||
62 | 68 | } | 77 | } |
63 | 69 | 78 | ||
64 | 70 | _columns = { | 79 | _columns = { |
72 | 71 | 'name': fields.char('Name', size=128), | 80 | 'name': fields.char('Name', size=128, required=True), |
73 | 72 | 'model_id': fields.many2one('ir.model', 'Object', size=128, | 81 | 'model': fields.char('Model Name', size=128, select=True, required=True, |
74 | 73 | help="This field is not used, it only helps you to select a good model."), | 82 | help="Model to which this entry applies"), |
75 | 74 | 'model': fields.char('Object Name', size=128, select=True), | 83 | 'model_id': fields.many2one('ir.model', 'Model (change only)', size=128, |
76 | 75 | 'action_id': fields.many2one('ir.actions.actions', 'Action', | 84 | help="Model to which this entry applies - " |
77 | 76 | help="This field is not used, it only helps you to select the right action."), | 85 | "helper field for setting a model, will " |
78 | 77 | 'value': fields.text('Value'), | 86 | "automatically set the correct model name"), |
79 | 87 | 'action_id': fields.many2one('ir.actions.actions', 'Action (change only)', | ||
80 | 88 | help="Action bound to this entry - " | ||
81 | 89 | "helper field for binding an action, will " | ||
82 | 90 | "automatically set the correct reference"), | ||
83 | 91 | 'value': fields.text('Value', help="Default value (pickled) or reference to an action"), | ||
84 | 78 | 'value_unpickle': fields.function(_value_unpickle, fnct_inv=_value_pickle, | 92 | 'value_unpickle': fields.function(_value_unpickle, fnct_inv=_value_pickle, |
95 | 79 | method=True, type='text', string='Value'), | 93 | type='text', |
96 | 80 | 'object': fields.boolean('Is Object'), | 94 | string='Default value or action reference'), |
97 | 81 | 'key': fields.selection([('action','Action'),('default','Default')], 'Type', size=128, select=True), | 95 | 'key': fields.selection([('action','Action'),('default','Default')], |
98 | 82 | 'key2' : fields.char('Event Type',help="The kind of action or button in the client side that will trigger the action.", size=128, select=True), | 96 | 'Type', size=128, select=True, required=True, |
99 | 83 | 'meta': fields.text('Meta Datas'), | 97 | help="- Action: an action attached to one slot of the given model\n" |
100 | 84 | 'meta_unpickle': fields.function(_value_unpickle, fnct_inv=_value_pickle, | 98 | "- Default: a default value for a model field"), |
101 | 85 | method=True, type='text', string='Metadata'), | 99 | 'key2' : fields.char('Qualifier', size=128, select=True, |
102 | 86 | 'res_id': fields.integer('Object ID', help="Keep 0 if the action must appear on all resources.", select=True), | 100 | help="For actions, one of the possible action slots: \n" |
103 | 87 | 'user_id': fields.many2one('res.users', 'User', ondelete='cascade', select=True), | 101 | " - client_action_multi\n" |
104 | 88 | 'company_id': fields.many2one('res.company', 'Company', select=True) | 102 | " - client_print_multi\n" |
105 | 103 | " - client_action_relate\n" | ||
106 | 104 | " - tree_but_open\n" | ||
107 | 105 | "For defaults, an optional condition" | ||
108 | 106 | ,), | ||
109 | 107 | 'res_id': fields.integer('Record ID', select=True, | ||
110 | 108 | help="Database identifier of the record to which this applies. " | ||
111 | 109 | "0 = for all records"), | ||
112 | 110 | 'user_id': fields.many2one('res.users', 'User', ondelete='cascade', select=True, | ||
113 | 111 | help="If set, action binding only applies for this user."), | ||
114 | 112 | 'company_id': fields.many2one('res.company', 'Company', ondelete='cascade', select=True, | ||
115 | 113 | help="If set, action binding only applies for this company") | ||
116 | 89 | } | 114 | } |
117 | 90 | _defaults = { | 115 | _defaults = { |
121 | 91 | 'key': lambda *a: 'action', | 116 | 'key': 'action', |
122 | 92 | 'key2': lambda *a: 'tree_but_open', | 117 | 'key2': 'tree_but_open', |
120 | 93 | 'company_id': lambda *a: False | ||
123 | 94 | } | 118 | } |
124 | 95 | 119 | ||
125 | 96 | def _auto_init(self, cr, context=None): | 120 | def _auto_init(self, cr, context=None): |
126 | @@ -99,137 +123,146 @@ | |||
127 | 99 | if not cr.fetchone(): | 123 | if not cr.fetchone(): |
128 | 100 | cr.execute('CREATE INDEX ir_values_key_model_key2_res_id_user_id_idx ON ir_values (key, model, key2, res_id, user_id)') | 124 | cr.execute('CREATE INDEX ir_values_key_model_key2_res_id_user_id_idx ON ir_values (key, model, key2, res_id, user_id)') |
129 | 101 | 125 | ||
131 | 102 | def set(self, cr, uid, key, key2, name, models, value, replace=True, isobject=False, meta=False, preserve_user=False, company=False): | 126 | def set_default(self, cr, uid, model, field_name, value, for_all_users=True, company_id=False, condition=False): |
132 | 103 | if isinstance(value, unicode): | 127 | if isinstance(value, unicode): |
133 | 104 | value = value.encode('utf8') | 128 | value = value.encode('utf8') |
146 | 105 | if not isobject: | 129 | if company_id is True: |
147 | 106 | value = pickle.dumps(value) | 130 | user = self.pool.get('res.users').browse(cr, uid, uid) |
148 | 107 | if meta: | 131 | company_id = user.company_id.id |
149 | 108 | meta = pickle.dumps(meta) | 132 | search_criteria = [ |
150 | 109 | assert isinstance(models, (list, tuple)), models | 133 | ('key', '=', 'default'), |
151 | 110 | assert not company or isinstance(company, int), "Parameter 'company' must be an integer (company ID)!" | 134 | ('key2', '=', condition and condition[:200]), |
152 | 111 | if company and company is True: | 135 | ('model', '=', model), |
153 | 112 | current_user_obj = self.pool.get('res.users').browse(cr, uid, uid, context={}) | 136 | ('name', '=', field_name), |
154 | 113 | company = current_user_obj.company_id.id | 137 | ('user_id', '=', False if for_all_users else uid), |
155 | 114 | 138 | ('company_id','=', company_id) | |
156 | 115 | ids_res = [] | 139 | ] |
157 | 116 | for model in models: | 140 | self.unlink(cr, uid, self.search(cr, uid, search_criteria)) |
158 | 141 | return self.create(cr, uid, { | ||
159 | 142 | 'name': field_name, | ||
160 | 143 | 'value': pickle.dumps(value), | ||
161 | 144 | 'model': model, | ||
162 | 145 | 'key': 'default', | ||
163 | 146 | 'key2': condition and condition[:200], | ||
164 | 147 | 'user_id': False if for_all_users else uid, | ||
165 | 148 | 'company_id': company_id, | ||
166 | 149 | }) | ||
167 | 150 | |||
168 | 151 | def get_defaults(self, cr, uid, model, condition=False): | ||
169 | 152 | query = """SELECT v.id, v.name, v.value FROM ir_values v | ||
170 | 153 | LEFT JOIN res_users u ON (v.user_id = u.id) | ||
171 | 154 | WHERE v.key = %%s AND v.model = %%s | ||
172 | 155 | AND (v.user_id = %%s OR v.user_id IS NULL) | ||
173 | 156 | AND (v.company_id IS NULL OR | ||
174 | 157 | v.company_id = | ||
175 | 158 | (SELECT company_id from res_users where id = %%s) | ||
176 | 159 | ) | ||
177 | 160 | %s | ||
178 | 161 | ORDER BY v.user_id, u.company_id""" | ||
179 | 162 | query = query % ('AND v.key2 = %s' if condition else '') | ||
180 | 163 | params = ('default', model, uid, uid) | ||
181 | 164 | if condition: | ||
182 | 165 | params += (condition[:200],) | ||
183 | 166 | cr.execute(query, params) | ||
184 | 167 | defaults = {} | ||
185 | 168 | for row in cr.dictfetchall(): | ||
186 | 169 | defaults.setdefault(row['name'], | ||
187 | 170 | (row['id'], row['name'], pickle.loads(row['value'].encode('utf-8')))) | ||
188 | 171 | return defaults.values() | ||
189 | 172 | |||
190 | 173 | def set_action(self, cr, uid, name, action_slot, model, action, res_id=False): | ||
191 | 174 | assert isinstance(action, basestring) and ',' in action, \ | ||
192 | 175 | 'Action definition must be an action reference, e.g. "ir.actions.act_window,42"' | ||
193 | 176 | assert action_slot in ACTION_SLOTS, \ | ||
194 | 177 | 'Action slot (%s) must be one of: %r' % (action_slot, ACTION_SLOTS) | ||
195 | 178 | search_criteria = [ | ||
196 | 179 | ('key', '=', 'action'), | ||
197 | 180 | ('key2', '=', action_slot), | ||
198 | 181 | ('model', '=', model), | ||
199 | 182 | ('res_id', '=', res_id or 0), # int field -> NULL == 0 | ||
200 | 183 | ('value', '=', action), | ||
201 | 184 | ] | ||
202 | 185 | self.unlink(cr, uid, self.search(cr, uid, search_criteria)) | ||
203 | 186 | return self.create(cr, uid, { | ||
204 | 187 | 'key': 'action', | ||
205 | 188 | 'key2': action_slot, | ||
206 | 189 | 'model': model, | ||
207 | 190 | 'res_id': res_id, | ||
208 | 191 | 'name': name, | ||
209 | 192 | 'value': action, | ||
210 | 193 | }) | ||
211 | 194 | |||
212 | 195 | def get_actions(self, cr, uid, action_slot, model, res_id=False, context=None): | ||
213 | 196 | assert action_slot in ACTION_SLOTS, 'Illegal action slot value: %s' % action_slot | ||
214 | 197 | query = """SELECT v.id, v.name, v.value FROM ir_values v | ||
215 | 198 | WHERE v.key = %s AND v.key2 = %s | ||
216 | 199 | AND v.model = %s | ||
217 | 200 | AND (v.res_id = %s | ||
218 | 201 | OR v.res_id IS NULL | ||
219 | 202 | OR v.res_id = 0) | ||
220 | 203 | ORDER BY v.id""" | ||
221 | 204 | cr.execute(query, ('action', action_slot, model, res_id or None)) | ||
222 | 205 | results = {} | ||
223 | 206 | for action in cr.dictfetchall(): | ||
224 | 207 | action_model,id = action['value'].split(',') | ||
225 | 208 | fields = [ | ||
226 | 209 | field | ||
227 | 210 | for field in self.pool.get(action_model)._all_columns | ||
228 | 211 | if field not in EXCLUDED_FIELDS] | ||
229 | 212 | try: | ||
230 | 213 | action_def = self.pool.get(action_model).read(cr, uid, int(id), fields, context) | ||
231 | 214 | if action_def: | ||
232 | 215 | if action_model in ('ir.actions.report.xml','ir.actions.act_window', | ||
233 | 216 | 'ir.actions.wizard'): | ||
234 | 217 | groups = action_def.get('groups_id') | ||
235 | 218 | if groups: | ||
236 | 219 | cr.execute('SELECT 1 FROM res_groups_users_rel WHERE gid IN %s AND uid=%s', | ||
237 | 220 | (tuple(groups), uid)) | ||
238 | 221 | if not cr.fetchone(): | ||
239 | 222 | if action['name'] == 'Menuitem': | ||
240 | 223 | raise osv.except_osv('Error !', | ||
241 | 224 | 'You do not have the permission to perform this operation !!!') | ||
242 | 225 | continue | ||
243 | 226 | results[action['name']] = (action['id'], action['name'], action_def) | ||
244 | 227 | except except_orm, e: | ||
245 | 228 | continue | ||
246 | 229 | return results.values() | ||
247 | 230 | |||
248 | 231 | def _map_legacy_model_list(self, model_list, map_fn, merge_results=False): | ||
249 | 232 | assert isinstance(model_list, (list, tuple)), \ | ||
250 | 233 | "model_list should be in the form [model,..] or [(model,res_id), ..]" | ||
251 | 234 | results = [] | ||
252 | 235 | for model in model_list: | ||
253 | 236 | res_id = False | ||
254 | 117 | if isinstance(model, (list, tuple)): | 237 | if isinstance(model, (list, tuple)): |
256 | 118 | model,res_id = model | 238 | model, res_id = model |
257 | 239 | result = map_fn(model, res_id) | ||
258 | 240 | if merge_results: | ||
259 | 241 | results.extend(result) | ||
260 | 119 | else: | 242 | else: |
276 | 120 | res_id=False | 243 | results.append(result) |
277 | 121 | if replace: | 244 | return results |
263 | 122 | search_criteria = [ | ||
264 | 123 | ('key', '=', key), | ||
265 | 124 | ('key2', '=', key2), | ||
266 | 125 | ('model', '=', model), | ||
267 | 126 | ('res_id', '=', res_id), | ||
268 | 127 | ('user_id', '=', preserve_user and uid), | ||
269 | 128 | ('company_id' ,'=', company) | ||
270 | 129 | |||
271 | 130 | ] | ||
272 | 131 | if key in ('meta', 'default'): | ||
273 | 132 | search_criteria.append(('name', '=', name)) | ||
274 | 133 | else: | ||
275 | 134 | search_criteria.append(('value', '=', value)) | ||
278 | 135 | 245 | ||
295 | 136 | self.unlink(cr, uid, self.search(cr, uid, search_criteria)) | 246 | def set(self, cr, uid, key, key2, name, models, value, replace=True, isobject=False, meta=False, preserve_user=False, company=False): |
296 | 137 | vals = { | 247 | assert key in ['default', 'action'], "ir.values entry keys must be in ['default','action']" |
297 | 138 | 'name': name, | 248 | if key == 'default': |
298 | 139 | 'value': value, | 249 | def do_set(model,res_id): |
299 | 140 | 'model': model, | 250 | return self.set_default(cr, uid, model, field_name=name, value=value, |
300 | 141 | 'object': isobject, | 251 | for_all_users=(not preserve_user), company_id=company, |
301 | 142 | 'key': key, | 252 | condition=key2) |
302 | 143 | 'key2': key2 and key2[:200], | 253 | elif key == 'action': |
303 | 144 | 'meta': meta, | 254 | def do_set(model,res_id): |
304 | 145 | 'user_id': preserve_user and uid, | 255 | return self.set_action(cr, uid, name, action_slot=key2, model=model, action=value, res_id=res_id) |
305 | 146 | 'company_id':company | 256 | return self._map_legacy_model_list(models, do_set) |
290 | 147 | } | ||
291 | 148 | if res_id: | ||
292 | 149 | vals['res_id'] = res_id | ||
293 | 150 | ids_res.append(self.create(cr, uid, vals)) | ||
294 | 151 | return ids_res | ||
306 | 152 | 257 | ||
307 | 153 | def get(self, cr, uid, key, key2, models, meta=False, context={}, res_id_req=False, without_user=True, key2_req=True): | 258 | def get(self, cr, uid, key, key2, models, meta=False, context={}, res_id_req=False, without_user=True, key2_req=True): |
389 | 154 | result = [] | 259 | assert key in ['default', 'action'], "ir.values entry keys must be in ['default','action']" |
390 | 155 | for m in models: | 260 | if key == 'default': |
391 | 156 | if isinstance(m, (list, tuple)): | 261 | def do_get(model,res_id): |
392 | 157 | m, res_id = m | 262 | return self.get_defaults(cr, uid, model, condition=key2) |
393 | 158 | else: | 263 | elif key == 'action': |
394 | 159 | res_id=False | 264 | def do_get(model,res_id): |
395 | 160 | 265 | return self.get_actions(cr, uid, action_slot=key2, model=model, res_id=res_id, context=context) | |
396 | 161 | where = ['key=%s','model=%s'] | 266 | return self._map_legacy_model_list(models, do_get, merge_results=True) |
397 | 162 | params = [key, str(m)] | 267 | |
317 | 163 | if key2: | ||
318 | 164 | where.append('key2=%s') | ||
319 | 165 | params.append(key2[:200]) | ||
320 | 166 | elif key2_req and not meta: | ||
321 | 167 | where.append('key2 is null') | ||
322 | 168 | if res_id_req and (models[-1][0]==m): | ||
323 | 169 | if res_id: | ||
324 | 170 | where.append('res_id=%s') | ||
325 | 171 | params.append(res_id) | ||
326 | 172 | else: | ||
327 | 173 | where.append('(res_id is NULL)') | ||
328 | 174 | elif res_id: | ||
329 | 175 | if (models[-1][0]==m): | ||
330 | 176 | where.append('(res_id=%s or (res_id is null))') | ||
331 | 177 | params.append(res_id) | ||
332 | 178 | else: | ||
333 | 179 | where.append('res_id=%s') | ||
334 | 180 | params.append(res_id) | ||
335 | 181 | |||
336 | 182 | order = 'id, company_id' | ||
337 | 183 | where.append('''(user_id=%s or (user_id IS NULL)) | ||
338 | 184 | and (company_id is null or | ||
339 | 185 | company_id = (SELECT company_id FROM res_users WHERE id = %s)) order by '''+ order) | ||
340 | 186 | params += [uid, uid] | ||
341 | 187 | clause = ' and '.join(where) | ||
342 | 188 | cr.execute('select id,name,value,object,meta, key from ir_values where ' + clause, params) | ||
343 | 189 | result = cr.fetchall() | ||
344 | 190 | if result: | ||
345 | 191 | break | ||
346 | 192 | |||
347 | 193 | if not result: | ||
348 | 194 | return [] | ||
349 | 195 | |||
350 | 196 | def _result_get(x, keys): | ||
351 | 197 | if x[1] in keys: | ||
352 | 198 | return False | ||
353 | 199 | keys.append(x[1]) | ||
354 | 200 | if x[3]: | ||
355 | 201 | model,id = x[2].split(',') | ||
356 | 202 | # FIXME: It might be a good idea to opt-in that kind of stuff | ||
357 | 203 | # FIXME: instead of arbitrarily removing random fields | ||
358 | 204 | fields = [ | ||
359 | 205 | field | ||
360 | 206 | for field in self.pool.get(model).fields_get_keys(cr, uid) | ||
361 | 207 | if field not in EXCLUDED_FIELDS] | ||
362 | 208 | |||
363 | 209 | try: | ||
364 | 210 | datas = self.pool.get(model).read(cr, uid, [int(id)], fields, context) | ||
365 | 211 | except except_orm, e: | ||
366 | 212 | return False | ||
367 | 213 | datas = datas and datas[0] | ||
368 | 214 | if not datas: | ||
369 | 215 | return False | ||
370 | 216 | else: | ||
371 | 217 | datas = pickle.loads(x[2].encode('utf-8')) | ||
372 | 218 | if meta: | ||
373 | 219 | return (x[0], x[1], datas, pickle.loads(x[4])) | ||
374 | 220 | return (x[0], x[1], datas) | ||
375 | 221 | keys = [] | ||
376 | 222 | res = filter(None, map(lambda x: _result_get(x, keys), result)) | ||
377 | 223 | res2 = res[:] | ||
378 | 224 | for r in res: | ||
379 | 225 | if isinstance(r[2], dict) and r[2].get('type') in ('ir.actions.report.xml','ir.actions.act_window','ir.actions.wizard'): | ||
380 | 226 | groups = r[2].get('groups_id') | ||
381 | 227 | if groups: | ||
382 | 228 | cr.execute('SELECT COUNT(1) FROM res_groups_users_rel WHERE gid IN %s AND uid=%s',(tuple(groups), uid)) | ||
383 | 229 | cnt = cr.fetchone()[0] | ||
384 | 230 | if not cnt: | ||
385 | 231 | res2.remove(r) | ||
386 | 232 | if r[1] == 'Menuitem' and not res2: | ||
387 | 233 | raise osv.except_osv('Error !','You do not have the permission to perform this operation !!!') | ||
388 | 234 | return res2 | ||
398 | 235 | ir_values() | 268 | ir_values() |
399 | 236 | 269 | ||
400 | === modified file 'bin/addons/base/security/base_security.xml' | |||
401 | --- bin/addons/base/security/base_security.xml 2011-03-03 15:59:18 +0000 | |||
402 | +++ bin/addons/base/security/base_security.xml 2012-05-09 12:18:18 +0000 | |||
403 | @@ -62,6 +62,13 @@ | |||
404 | 62 | <field name="global" eval="True"/> | 62 | <field name="global" eval="True"/> |
405 | 63 | <field name="domain_force">[('company_id','child_of',[user.company_id.id])]</field> | 63 | <field name="domain_force">[('company_id','child_of',[user.company_id.id])]</field> |
406 | 64 | </record> | 64 | </record> |
407 | 65 | |||
408 | 66 | <record model="ir.rule" id="ir_values_default_rule"> | ||
409 | 67 | <field name="name">Defaults: alter personal values only</field> | ||
410 | 68 | <field name="model_id" ref="model_ir_values"/> | ||
411 | 69 | <field name="domain_force">[('key','=','default'),('user_id','=',user.id)]</field> | ||
412 | 70 | <field name="perm_read" eval="False"/> | ||
413 | 71 | </record> | ||
414 | 65 | 72 | ||
415 | 66 | </data> | 73 | </data> |
416 | 67 | </openerp> | 74 | </openerp> |
417 | 68 | 75 | ||
418 | === modified file 'bin/addons/base/security/ir.model.access.csv' | |||
419 | --- bin/addons/base/security/ir.model.access.csv 2011-02-23 15:58:33 +0000 | |||
420 | +++ bin/addons/base/security/ir.model.access.csv 2012-05-09 12:18:18 +0000 | |||
421 | @@ -38,8 +38,7 @@ | |||
422 | 38 | "access_ir_ui_view_custom_group_user","ir_ui_view_custom_group_user","model_ir_ui_view_custom",,1,0,0,0 | 38 | "access_ir_ui_view_custom_group_user","ir_ui_view_custom_group_user","model_ir_ui_view_custom",,1,0,0,0 |
423 | 39 | "access_ir_ui_view_custom_group_system","ir_ui_view_custom_group_system","model_ir_ui_view_custom","group_system",1,1,1,1 | 39 | "access_ir_ui_view_custom_group_system","ir_ui_view_custom_group_system","model_ir_ui_view_custom","group_system",1,1,1,1 |
424 | 40 | "access_ir_ui_view_sc_group_user","ir_ui_view_sc group_user","model_ir_ui_view_sc",,1,1,1,1 | 40 | "access_ir_ui_view_sc_group_user","ir_ui_view_sc group_user","model_ir_ui_view_sc",,1,1,1,1 |
427 | 41 | "access_ir_values_group_erp_manager","ir_values group_erp_manager","model_ir_values","group_erp_manager",1,1,1,1 | 41 | "access_ir_values_group_all","ir_values group_all","model_ir_values",,1,1,1,1 |
426 | 42 | "access_ir_values_group_all","ir_values group_all","model_ir_values",,1,0,1,0 | ||
428 | 43 | "access_res_company_group_erp_manager","res_company group_erp_manager","model_res_company","group_erp_manager",1,1,1,1 | 42 | "access_res_company_group_erp_manager","res_company group_erp_manager","model_res_company","group_erp_manager",1,1,1,1 |
429 | 44 | "access_res_company_group_user","res_company group_user","model_res_company",,1,0,0,0 | 43 | "access_res_company_group_user","res_company group_user","model_res_company",,1,0,0,0 |
430 | 45 | "access_res_country_group_all","res_country group_user_all","model_res_country",,1,0,0,0 | 44 | "access_res_country_group_all","res_country group_user_all","model_res_country",,1,0,0,0 |
Hello
The changes are huge and very risky to be merged to stable version. This may cause regression and effect the existing customers. I would reject this merge proposal.
Thanks,