damien
/
muk_base
mirror of https://github.com/muk-it/muk_base
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
230 Commits
5 Branches
0 Tags
14 MiB
Tree: 654add7825
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '654add7825'
${ noResults }
muk_base/muk_security/models/access.py

136 lines
5.2 KiB
Raw Normal View History

publish muk_security - 11.0
5 years ago
  1. ###################################################################################
  2. #
  3. # Copyright (C) 2017 MuK IT GmbH
  4. #
  5. # This program is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU Affero General Public License as
  7. # published by the Free Software Foundation, either version 3 of the
  8. # License, or (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU Affero General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU Affero General Public License
  16. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  17. #
  18. ###################################################################################
  20. import logging
  22. from odoo import _
  23. from odoo import models, api, fields
  24. from odoo.exceptions import AccessError
  26. _logger = logging.getLogger(__name__)
  28. class BaseModelAccess(models.AbstractModel):
  30. _name = 'muk_security.access'
  31. _description = "MuK Access Model"
  32. _inherit = 'muk_utils.model'
  34. #----------------------------------------------------------
  35. # Database
  36. #----------------------------------------------------------
  38. permission_read = fields.Boolean(
  39. compute='_compute_permissions',
  40. search='_search_permission_read',
  41. string="Read Access")
  43. permission_create = fields.Boolean(
  44. compute='_compute_permissions',
  45. search='_search_permission_create',
  46. string="Create Access")
  48. permission_write = fields.Boolean(
  49. compute='_compute_permissions',
  50. search='_search_permission_write',
  51. string="Write Access")
  53. permission_unlink = fields.Boolean(
  54. compute='_compute_permissions',
  55. search='_search_permission_unlink',
  56. string="Delete Access")
  58. #----------------------------------------------------------
  59. # Function
  60. #----------------------------------------------------------
  62. @api.model
  63. def check_access_rights(self, operation, raise_exception=True):
  64. return super(BaseModelAccess, self).check_access_rights(operation, raise_exception)
  66. @api.multi
  67. def check_access_rule(self, operation):
  68. return super(BaseModelAccess, self).check_access_rule(operation)
  70. @api.model
  71. def _apply_ir_rules(self, query, mode='read'):
  72. return super(BaseModelAccess, self)._apply_ir_rules(query, mode)
  74. @api.model
  75. def check_field_access_rights(self, operation, fields):
  76. return super(BaseModelAccess, self).check_field_access_rights(operation, fields)
  78. @api.multi
  79. def check_access(self, operation, raise_exception=False):
  80. try:
  81. access_right = self.check_access_rights(operation, raise_exception)
  82. access_rule = self.check_access_rule(operation) == None
  83. access = access_right and access_rule
  84. if not access and raise_exception:
  85. raise AccessError(_("This operation is forbidden!"))
  86. return access
  87. except AccessError:
  88. if raise_exception:
  89. raise AccessError(_("This operation is forbidden!"))
  90. return False
  92. #----------------------------------------------------------
  93. # Search
  94. #----------------------------------------------------------
  96. @api.model
  97. def _search_permission_read(self, operator, operand):
  98. records = self.search([]).filtered(lambda r: r.check_access('read') == True)
  99. if operator == '=' and operand:
  100. return [('id', 'in', records.mapped('id'))]
  101. return [('id', 'not in', records.mapped('id'))]
  103. @api.model
  104. def _search_permission_create(self, operator, operand):
  105. records = self.search([]).filtered(lambda r: r.check_access('create') == True)
  106. if operator == '=' and operand:
  107. return [('id', 'in', records.mapped('id'))]
  108. return [('id', 'not in', records.mapped('id'))]
  110. @api.model
  111. def _search_permission_write(self, operator, operand):
  112. records = self.search([]).filtered(lambda r: r.check_access('write') == True)
  113. if operator == '=' and operand:
  114. return [('id', 'in', records.mapped('id'))]
  115. return [('id', 'not in', records.mapped('id'))]
  117. @api.model
  118. def _search_permission_unlink(self, operator, operand):
  119. records = self.search([]).filtered(lambda r: r.check_access('unlink') == True)
  120. if operator == '=' and operand:
  121. return [('id', 'in', records.mapped('id'))]
  122. return [('id', 'not in', records.mapped('id'))]
  124. #----------------------------------------------------------
  125. # Read, View
  126. #----------------------------------------------------------
  128. @api.multi
  129. def _compute_permissions(self):
  130. for record in self:
  131. record.update({
  132. 'permission_read': record.check_access('read'),
  133. 'permission_create': record.check_access('create'),
  134. 'permission_write': record.check_access('write'),
  135. 'permission_unlink': record.check_access('unlink'),
  136. })