From 29e1859d8f919efdc87285054677fa28c9589b8a Mon Sep 17 00:00:00 2001 From: Holger Brunn Date: Thu, 30 Jun 2016 08:22:46 +0200 Subject: [PATCH] [ADD] check if our user may access the cleanup --- database_cleanup/model/purge_wizard.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/database_cleanup/model/purge_wizard.py b/database_cleanup/model/purge_wizard.py index f02f5dbc2..c5b9d6cf7 100644 --- a/database_cleanup/model/purge_wizard.py +++ b/database_cleanup/model/purge_wizard.py @@ -18,8 +18,9 @@ # along with this program. If not, see . # ############################################################################## - import logging +from openerp import api, SUPERUSER_ID +from openerp.exceptions import AccessDenied from openerp.osv import orm, fields @@ -37,6 +38,15 @@ class CleanupPurgeLine(orm.AbstractModel): def purge(self, cr, uid, ids, context=None): raise NotImplementedError + @api.model + def create(self, values): + # make sure the user trying this is actually supposed to do it + if self.env.uid != SUPERUSER_ID and\ + not self.env.ref('database_cleanup.menu_database_cleanup')\ + .parent_id._filter_visible_menus(): + raise AccessDenied + return super(CleanupPurgeLine, self).create(values) + class PurgeWizard(orm.AbstractModel): """ Abstract base class for the purge wizards """ @@ -82,6 +92,15 @@ class PurgeWizard(orm.AbstractModel): 'domain': [('wizard_id', 'in', ids)], } + @api.model + def create(self, values): + # make sure the user trying this is actually supposed to do it + if self.env.uid != SUPERUSER_ID and\ + not self.env.ref('database_cleanup.menu_database_cleanup')\ + .parent_id._filter_visible_menus(): + raise AccessDenied + return super(PurgeWizard, self).create(values) + _columns = { 'name': fields.char('Name', size=64, readonly=True), }