Merge pull request #1404 from yvaucher/10.0-ref_server_environment_secret_keys_tbi

[10.0] Forward port - ref server environment secret keys tbi
6 years ago · 39de8b57a8
5 changed files with 30 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -21,6 +21,7 @@ var/
 *.egg-info/
 .installed.cfg
 *.egg
+*.eggs

 # Installer logs
 pip-log.txt
--- a/server_environment/README.rst
+++ b/server_environment/README.rst
@ -15,7 +15,8 @@ module.

 All the settings will be read only and visible under the Configuration
 menu.  If you are not in the 'dev' environment you will not be able to
-see the values contained in keys named '*passw*'.
+see the values contained in the defined secret keys
+(by default : '*passw*', '*key*', '*secret*' and '*token*').

 Installation
 ============
--- a/server_environment/manifest.py
+++ b/server_environment/manifest.py
@ -29,6 +29,7 @@
    "license": "GPL-3 or any later version",
    "category": "Tools",
    "data": [
+        'security/res_groups.xml',
        'serv_config.xml',
    ],
    'installable': True,
--- a/server_environment/security/res_groups.xml
+++ b/server_environment/security/res_groups.xml
@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+
+<odoo>
+
+    <record model="res.groups" id="has_server_configuration_access">
+        <field name="name">View Server Environment Configuration</field>
+        <field name="users" eval="[(4, ref('base.user_root'))]"/>
+    </record>
+
+</odoo>
--- a/server_environment/serv_config.py
+++ b/server_environment/serv_config.py
@ -24,7 +24,7 @@ import ConfigParser
 from lxml import etree
 from itertools import chain

-from odoo import api, fields, models
+from odoo import api, models, fields
 from odoo.tools.config import config as system_base_config

 from .system_info import get_server_environment
@ -243,11 +243,25 @@ class ServerConfiguration(models.TransientModel):
            res['fields'] = xfields
        return res

+    @api.model
+    def _is_secret(self, key):
+        """
+        This method is intended to be inherited to defined which keywords
+        should be secret.
+        :return: list of secret keywords
+        """
+        secret_keys = ['passw', 'key', 'secret', 'token']
+        return any(secret_key in key for secret_key in secret_keys)
+
    @api.model
    def default_get(self, fields_list):
        res = {}
+        current_user = self.env.user
+        if not current_user.has_group(
+                'server_environment.has_server_configuration_access'):
+            return res
        for key in self._conf_defaults:
-            if 'passw' in key and not self.show_passwords:
+            if not self.show_passwords and self._is_secret(key=key):
                res[key] = '**********'
            else:
                res[key] = self._conf_defaults[key]()