From 7feec6a7bd72753c64b35d3d3d98515c3bebdab0 Mon Sep 17 00:00:00 2001 From: MuK IT GmbH Date: Fri, 12 Jul 2019 22:51:02 +0000 Subject: [PATCH] publish muk_security - 12.0 --- muk_security/LICENSE | 776 ++++---------------- muk_security/README.rst | 240 +++--- muk_security/__init__.py | 17 +- muk_security/__manifest__.py | 23 +- muk_security/doc/index.rst | 240 +++--- muk_security/models/__init__.py | 19 +- muk_security/models/access_groups.py | 19 +- muk_security/models/base.py | 131 ++-- muk_security/models/ir_model_access.py | 79 +- muk_security/models/ir_rule.py | 79 +- muk_security/models/mixins_access_groups.py | 19 +- muk_security/models/mixins_access_rights.py | 239 +++--- muk_security/models/mixins_locking.py | 209 +++--- muk_security/models/res_users.py | 93 +-- muk_security/patch/__init__.py | 17 +- muk_security/patch/api.py | 73 +- muk_security/security/security.xml | 25 +- muk_security/tests/__init__.py | 19 +- muk_security/tests/test_access_groups.py | 167 ++--- muk_security/tests/test_suspend_security.py | 139 ++-- muk_security/tools/__init__.py | 17 +- muk_security/tools/security.py | 89 +-- muk_security/views/access_groups.xml | 25 +- 23 files changed, 1182 insertions(+), 1572 deletions(-) diff --git a/muk_security/LICENSE b/muk_security/LICENSE index faf7bf4..153d416 100644 --- a/muk_security/LICENSE +++ b/muk_security/LICENSE @@ -1,619 +1,165 @@ - GNU AFFERO GENERAL PUBLIC LICENSE - Version 3, 19 November 2007 + GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 - Copyright (C) 2007 Free Software Foundation, Inc. + Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. - Preamble - - The GNU Affero General Public License is a free, copyleft license for -software and other kinds of works, specifically designed to ensure -cooperation with the community in the case of network server software. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -our General Public Licenses are intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - Developers that use our General Public Licenses protect your rights -with two steps: (1) assert copyright on the software, and (2) offer -you this License which gives you legal permission to copy, distribute -and/or modify the software. - - A secondary benefit of defending all users' freedom is that -improvements made in alternate versions of the program, if they -receive widespread use, become available for other developers to -incorporate. Many developers of free software are heartened and -encouraged by the resulting cooperation. However, in the case of -software used on network servers, this result may fail to come about. -The GNU General Public License permits making a modified version and -letting the public access it on a server without ever releasing its -source code to the public. - - The GNU Affero General Public License is designed specifically to -ensure that, in such cases, the modified source code becomes available -to the community. It requires the operator of a network server to -provide the source code of the modified version running there to the -users of that server. Therefore, public use of a modified version, on -a publicly accessible server, gives the public access to the source -code of the modified version. - - An older license, called the Affero General Public License and -published by Affero, was designed to accomplish similar goals. This is -a different license, not a version of the Affero GPL, but Affero has -released a new version of the Affero GPL which permits relicensing under -this license. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU Affero General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Remote Network Interaction; Use with the GNU General Public License. - - Notwithstanding any other provision of this License, if you modify the -Program, your modified version must prominently offer all users -interacting with it remotely through a computer network (if your version -supports such interaction) an opportunity to receive the Corresponding -Source of your version by providing access to the Corresponding Source -from a network server at no charge, through some standard or customary -means of facilitating copying of software. This Corresponding Source -shall include the Corresponding Source for any work covered by version 3 -of the GNU General Public License that is incorporated pursuant to the -following paragraph. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the work with which it is combined will remain governed by version -3 of the GNU General Public License. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU Affero General Public License from time to time. Such new versions -will be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU Affero General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU Affero General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU Affero General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS \ No newline at end of file + + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. + + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". + + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + + You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + + If you modify a copy of the Library, and, in your modifications, a +facility refers to a function or data to be supplied by an Application +that uses the facility (other than as an argument passed when the +facility is invoked), then you may convey a copy of the modified +version: + + a) under this License, provided that you make a good faith effort to + ensure that, in the event an Application does not supply the + function or data, the facility still operates, and performs + whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of + this License applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + + The object code form of an Application may incorporate material from +a header file that is part of the Library. You may convey such object +code under terms of your choice, provided that, if the incorporated +material is not limited to numerical parameters, data structure +layouts and accessors, or small macros, inline functions and templates +(ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the + Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license + document. + + 4. Combined Works. + + You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work and reverse +engineering for debugging such modifications, if you also do each of +the following: + + a) Give prominent notice with each copy of the Combined Work that + the Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license + document. + + c) For a Combined Work that displays copyright notices during + execution, include the copyright notice for the Library among + these notices, as well as a reference directing the user to the + copies of the GNU GPL and this license document. + + d) Do one of the following: + + 0) Convey the Minimal Corresponding Source under the terms of this + License, and the Corresponding Application Code in a form + suitable for, and under terms that permit, the user to + recombine or relink the Application with a modified version of + the Linked Version to produce a modified Combined Work, in the + manner specified by section 6 of the GNU GPL for conveying + Corresponding Source. + + 1) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (a) uses at run time + a copy of the Library already present on the user's computer + system, and (b) will operate properly with a modified version + of the Library that is interface-compatible with the Linked + Version. + + e) Provide Installation Information, but only if you would otherwise + be required to provide such information under section 6 of the + GNU GPL, and only to the extent that such information is + necessary to install and execute a modified version of the + Combined Work produced by recombining or relinking the + Application with a modified version of the Linked Version. (If + you use option 4d0, the Installation Information must accompany + the Minimal Corresponding Source and Corresponding Application + Code. If you use option 4d1, you must provide the Installation + Information in the manner specified by section 6 of the GNU GPL + for conveying Corresponding Source.) + + 5. Combined Libraries. + + You may place library facilities that are a work based on the +Library side by side in a single library together with other library +facilities that are not Applications and are not covered by this +License, and convey such a combined library under terms of your +choice, if you do both of the following: + + a) Accompany the combined library with a copy of the same work based + on the Library, uncombined with any other library facilities, + conveyed under the terms of this License. + + b) Give prominent notice with the combined library that part of it + is a work based on the Library, and explaining where to find the + accompanying uncombined form of the same work. + + 6. Revised Versions of the GNU Lesser General Public License. + + The Free Software Foundation may publish revised and/or new versions +of the GNU Lesser General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the +Library as you received it specifies that a certain numbered version +of the GNU Lesser General Public License "or any later version" +applies to it, you have the option of following the terms and +conditions either of that published version or of any later version +published by the Free Software Foundation. If the Library as you +received it does not specify a version number of the GNU Lesser +General Public License, you may choose any version of the GNU Lesser +General Public License ever published by the Free Software Foundation. + + If the Library as you received it specifies that a proxy can decide +whether future versions of the GNU Lesser General Public License shall +apply, that proxy's public statement of acceptance of any version is +permanent authorization for you to choose that version for the +Library. \ No newline at end of file diff --git a/muk_security/README.rst b/muk_security/README.rst index 447ec0b..1548499 100644 --- a/muk_security/README.rst +++ b/muk_security/README.rst @@ -1,120 +1,120 @@ -============ -MuK Security -============ - -Technical module to provide some utility and security features that can be used -in other applications. This module has no direct effect on the running system. - -Installation -============ - -To install this module, you need to: - -Download the module and add it to your Odoo addons folder. Afterward, log on to -your Odoo server and go to the Apps menu. Trigger the debug mode and update the -list by clicking on the "Update Apps List" link. Now install the module by -clicking on the install button. - -Another way to install this module is via the package management for Python -(`PyPI `_). - -To install our modules using the package manager make sure -`odoo-autodiscover `_ is installed -correctly. Then open a console and install the module by entering the following -command: - -``pip install --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` - -The module name consists of the Odoo version and the module name, where -underscores are replaced by a dash. - -**Module:** - -``odoo-addon-`` - -**Example:** - -``sudo -H pip3 install --extra-index-url https://nexus.mukit.at/repository/odoo/simple odoo11-addon-muk-utils`` - -Once the installation has been successfully completed, the app is already in the -correct folder. Log on to your Odoo server and go to the Apps menu. Trigger the -debug mode and update the list by clicking on the "Update Apps List" link. Now -install the module by clicking on the install button. - -The biggest advantage of this variant is that you can now also update the app -using the "pip" command. To do this, enter the following command in your console: - -``pip install --upgrade --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` - -When the process is finished, restart your server and update the application in -Odoo. The steps are the same as for the installation only the button has changed -from "Install" to "Upgrade". - -You can also view available Apps directly in our `repository `_ -and find a more detailed installation guide on our `website `_. - -For modules licensed under OPL-1, you will receive access data when you purchase -the module. If the modules were not purchased directly from -`MuK IT `_ please contact our support (support@mukit.at) -with a confirmation of purchase to receive the corresponding access data. - -Upgrade -============ - -To upgrade this module, you need to: - -Download the module and add it to your Odoo addons folder. Restart the server -and log on to your Odoo server. Select the Apps menu and upgrade the module by -clicking on the upgrade button. - -If you installed the module using the "pip" command, you can also update the -module in the same way. Just type the following command into the console: - -``pip install --upgrade --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` - -When the process is finished, restart your server and update the application in -Odoo, just like you would normally. - -Configuration -============= - -No additional configuration is needed to use this module. - -Usage -============= - -This module has no direct visible effect on the system. It provide security features. - -Credits -======= - -Contributors ------------- - -* Mathias Markl - -Images ------------- - -Some pictures are based on or inspired by the icon set of Font Awesome: - -* `Font Awesome `_ - -Projects ------------- - -Parts of the module are based on or inspired by: - -* `Suspend Security `_ - -Author & Maintainer -------------------- - -This module is maintained by the `MuK IT GmbH `_. - -MuK IT is an Austrian company specialized in customizing and extending Odoo. -We develop custom solutions for your individual needs to help you focus on -your strength and expertise to grow your business. - -If you want to get in touch please contact us via mail -(sale@mukit.at) or visit our website (https://mukit.at). +============ +MuK Security +============ + +Technical module to provide some utility and security features that can be used +in other applications. This module has no direct effect on the running system. + +Installation +============ + +To install this module, you need to: + +Download the module and add it to your Odoo addons folder. Afterward, log on to +your Odoo server and go to the Apps menu. Trigger the debug mode and update the +list by clicking on the "Update Apps List" link. Now install the module by +clicking on the install button. + +Another way to install this module is via the package management for Python +(`PyPI `_). + +To install our modules using the package manager make sure +`odoo-autodiscover `_ is installed +correctly. Then open a console and install the module by entering the following +command: + +``pip install --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` + +The module name consists of the Odoo version and the module name, where +underscores are replaced by a dash. + +**Module:** + +``odoo-addon-`` + +**Example:** + +``sudo -H pip3 install --extra-index-url https://nexus.mukit.at/repository/odoo/simple odoo11-addon-muk-utils`` + +Once the installation has been successfully completed, the app is already in the +correct folder. Log on to your Odoo server and go to the Apps menu. Trigger the +debug mode and update the list by clicking on the "Update Apps List" link. Now +install the module by clicking on the install button. + +The biggest advantage of this variant is that you can now also update the app +using the "pip" command. To do this, enter the following command in your console: + +``pip install --upgrade --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` + +When the process is finished, restart your server and update the application in +Odoo. The steps are the same as for the installation only the button has changed +from "Install" to "Upgrade". + +You can also view available Apps directly in our `repository `_ +and find a more detailed installation guide on our `website `_. + +For modules licensed under OPL-1, you will receive access data when you purchase +the module. If the modules were not purchased directly from +`MuK IT `_ please contact our support (support@mukit.at) +with a confirmation of purchase to receive the corresponding access data. + +Upgrade +============ + +To upgrade this module, you need to: + +Download the module and add it to your Odoo addons folder. Restart the server +and log on to your Odoo server. Select the Apps menu and upgrade the module by +clicking on the upgrade button. + +If you installed the module using the "pip" command, you can also update the +module in the same way. Just type the following command into the console: + +``pip install --upgrade --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` + +When the process is finished, restart your server and update the application in +Odoo, just like you would normally. + +Configuration +============= + +No additional configuration is needed to use this module. + +Usage +============= + +This module has no direct visible effect on the system. It provide security features. + +Credits +======= + +Contributors +------------ + +* Mathias Markl + +Images +------------ + +Some pictures are based on or inspired by the icon set of Font Awesome: + +* `Font Awesome `_ + +Projects +------------ + +Parts of the module are inspired by: + +* `Suspend Security `_ + +Author & Maintainer +------------------- + +This module is maintained by the `MuK IT GmbH `_. + +MuK IT is an Austrian company specialized in customizing and extending Odoo. +We develop custom solutions for your individual needs to help you focus on +your strength and expertise to grow your business. + +If you want to get in touch please contact us via mail +(sale@mukit.at) or visit our website (https://mukit.at). diff --git a/muk_security/__init__.py b/muk_security/__init__.py index 74a21b0..e71401d 100644 --- a/muk_security/__init__.py +++ b/muk_security/__init__.py @@ -1,19 +1,22 @@ ################################################################################### # -# Copyright (C) 2017 MuK IT GmbH +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). # # This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. +# GNU Lesser General Public License for more details. # -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . # ################################################################################### diff --git a/muk_security/__manifest__.py b/muk_security/__manifest__.py index 2542cdf..e99e996 100644 --- a/muk_security/__manifest__.py +++ b/muk_security/__manifest__.py @@ -1,28 +1,31 @@ ################################################################################### -# -# Copyright (C) 2017 MuK IT GmbH +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). # # This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. +# GNU Lesser General Public License for more details. # -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . # ################################################################################### { "name": "MuK Security", "summary": """Security Features""", - "version": "12.0.1.5.8", + "version": "12.0.2.0.0", "category": "Extra Tools", - "license": "AGPL-3", + "license": "LGPL-3", "website": "http://www.mukit.at", 'live_test_url': 'https://mukit.at/r/SgN', "author": "MuK IT", diff --git a/muk_security/doc/index.rst b/muk_security/doc/index.rst index 447ec0b..1548499 100644 --- a/muk_security/doc/index.rst +++ b/muk_security/doc/index.rst @@ -1,120 +1,120 @@ -============ -MuK Security -============ - -Technical module to provide some utility and security features that can be used -in other applications. This module has no direct effect on the running system. - -Installation -============ - -To install this module, you need to: - -Download the module and add it to your Odoo addons folder. Afterward, log on to -your Odoo server and go to the Apps menu. Trigger the debug mode and update the -list by clicking on the "Update Apps List" link. Now install the module by -clicking on the install button. - -Another way to install this module is via the package management for Python -(`PyPI `_). - -To install our modules using the package manager make sure -`odoo-autodiscover `_ is installed -correctly. Then open a console and install the module by entering the following -command: - -``pip install --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` - -The module name consists of the Odoo version and the module name, where -underscores are replaced by a dash. - -**Module:** - -``odoo-addon-`` - -**Example:** - -``sudo -H pip3 install --extra-index-url https://nexus.mukit.at/repository/odoo/simple odoo11-addon-muk-utils`` - -Once the installation has been successfully completed, the app is already in the -correct folder. Log on to your Odoo server and go to the Apps menu. Trigger the -debug mode and update the list by clicking on the "Update Apps List" link. Now -install the module by clicking on the install button. - -The biggest advantage of this variant is that you can now also update the app -using the "pip" command. To do this, enter the following command in your console: - -``pip install --upgrade --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` - -When the process is finished, restart your server and update the application in -Odoo. The steps are the same as for the installation only the button has changed -from "Install" to "Upgrade". - -You can also view available Apps directly in our `repository `_ -and find a more detailed installation guide on our `website `_. - -For modules licensed under OPL-1, you will receive access data when you purchase -the module. If the modules were not purchased directly from -`MuK IT `_ please contact our support (support@mukit.at) -with a confirmation of purchase to receive the corresponding access data. - -Upgrade -============ - -To upgrade this module, you need to: - -Download the module and add it to your Odoo addons folder. Restart the server -and log on to your Odoo server. Select the Apps menu and upgrade the module by -clicking on the upgrade button. - -If you installed the module using the "pip" command, you can also update the -module in the same way. Just type the following command into the console: - -``pip install --upgrade --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` - -When the process is finished, restart your server and update the application in -Odoo, just like you would normally. - -Configuration -============= - -No additional configuration is needed to use this module. - -Usage -============= - -This module has no direct visible effect on the system. It provide security features. - -Credits -======= - -Contributors ------------- - -* Mathias Markl - -Images ------------- - -Some pictures are based on or inspired by the icon set of Font Awesome: - -* `Font Awesome `_ - -Projects ------------- - -Parts of the module are based on or inspired by: - -* `Suspend Security `_ - -Author & Maintainer -------------------- - -This module is maintained by the `MuK IT GmbH `_. - -MuK IT is an Austrian company specialized in customizing and extending Odoo. -We develop custom solutions for your individual needs to help you focus on -your strength and expertise to grow your business. - -If you want to get in touch please contact us via mail -(sale@mukit.at) or visit our website (https://mukit.at). +============ +MuK Security +============ + +Technical module to provide some utility and security features that can be used +in other applications. This module has no direct effect on the running system. + +Installation +============ + +To install this module, you need to: + +Download the module and add it to your Odoo addons folder. Afterward, log on to +your Odoo server and go to the Apps menu. Trigger the debug mode and update the +list by clicking on the "Update Apps List" link. Now install the module by +clicking on the install button. + +Another way to install this module is via the package management for Python +(`PyPI `_). + +To install our modules using the package manager make sure +`odoo-autodiscover `_ is installed +correctly. Then open a console and install the module by entering the following +command: + +``pip install --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` + +The module name consists of the Odoo version and the module name, where +underscores are replaced by a dash. + +**Module:** + +``odoo-addon-`` + +**Example:** + +``sudo -H pip3 install --extra-index-url https://nexus.mukit.at/repository/odoo/simple odoo11-addon-muk-utils`` + +Once the installation has been successfully completed, the app is already in the +correct folder. Log on to your Odoo server and go to the Apps menu. Trigger the +debug mode and update the list by clicking on the "Update Apps List" link. Now +install the module by clicking on the install button. + +The biggest advantage of this variant is that you can now also update the app +using the "pip" command. To do this, enter the following command in your console: + +``pip install --upgrade --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` + +When the process is finished, restart your server and update the application in +Odoo. The steps are the same as for the installation only the button has changed +from "Install" to "Upgrade". + +You can also view available Apps directly in our `repository `_ +and find a more detailed installation guide on our `website `_. + +For modules licensed under OPL-1, you will receive access data when you purchase +the module. If the modules were not purchased directly from +`MuK IT `_ please contact our support (support@mukit.at) +with a confirmation of purchase to receive the corresponding access data. + +Upgrade +============ + +To upgrade this module, you need to: + +Download the module and add it to your Odoo addons folder. Restart the server +and log on to your Odoo server. Select the Apps menu and upgrade the module by +clicking on the upgrade button. + +If you installed the module using the "pip" command, you can also update the +module in the same way. Just type the following command into the console: + +``pip install --upgrade --extra-index-url https://nexus.mukit.at/repository/odoo/simple `` + +When the process is finished, restart your server and update the application in +Odoo, just like you would normally. + +Configuration +============= + +No additional configuration is needed to use this module. + +Usage +============= + +This module has no direct visible effect on the system. It provide security features. + +Credits +======= + +Contributors +------------ + +* Mathias Markl + +Images +------------ + +Some pictures are based on or inspired by the icon set of Font Awesome: + +* `Font Awesome `_ + +Projects +------------ + +Parts of the module are inspired by: + +* `Suspend Security `_ + +Author & Maintainer +------------------- + +This module is maintained by the `MuK IT GmbH `_. + +MuK IT is an Austrian company specialized in customizing and extending Odoo. +We develop custom solutions for your individual needs to help you focus on +your strength and expertise to grow your business. + +If you want to get in touch please contact us via mail +(sale@mukit.at) or visit our website (https://mukit.at). diff --git a/muk_security/models/__init__.py b/muk_security/models/__init__.py index 9c9e253..a24c17f 100644 --- a/muk_security/models/__init__.py +++ b/muk_security/models/__init__.py @@ -1,19 +1,22 @@ ################################################################################### -# -# Copyright (C) 2018 MuK IT GmbH +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). # # This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. +# GNU Lesser General Public License for more details. # -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . # ################################################################################### diff --git a/muk_security/models/access_groups.py b/muk_security/models/access_groups.py index 05c7b65..5ec1c05 100644 --- a/muk_security/models/access_groups.py +++ b/muk_security/models/access_groups.py @@ -1,19 +1,22 @@ ################################################################################### -# -# Copyright (C) 2017 MuK IT GmbH +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). # # This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. +# GNU Lesser General Public License for more details. # -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . # ################################################################################### diff --git a/muk_security/models/base.py b/muk_security/models/base.py index b4c00f4..d8671f6 100644 --- a/muk_security/models/base.py +++ b/muk_security/models/base.py @@ -1,65 +1,68 @@ -################################################################################### -# -# Copyright (C) 2018 MuK IT GmbH -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -################################################################################### - -import logging - -from odoo import api, models, fields - -from odoo.addons.muk_security.tools.security import NoSecurityUid - -_logger = logging.getLogger(__name__) - -class Base(models.AbstractModel): - - _inherit = 'base' - - #---------------------------------------------------------- - # Helper - #---------------------------------------------------------- - - def _filter_access_rules(self, operation): - if isinstance(self.env.uid, NoSecurityUid): - return self - return super(Base, self)._filter_access_rules(operation) - - @api.model - def _apply_ir_rules(self, query, mode='read'): - if isinstance(self.env.uid, NoSecurityUid): - return None - return super(Base, self)._apply_ir_rules(query, mode=mode) - - #---------------------------------------------------------- - # Function - #---------------------------------------------------------- - - @api.model - def suspend_security(self, user=None): - return self.sudo(user=NoSecurityUid(user or self.env.uid)) - - @api.multi - def check_access_rule(self, operation): - if isinstance(self.env.uid, NoSecurityUid): - return None - return super(Base, self).check_access_rule(operation) - - @api.model - def check_field_access_rights(self, operation, fields): - if isinstance(self.env.uid, NoSecurityUid): - return fields or list(self._fields) +################################################################################### +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# +################################################################################### + +import logging + +from odoo import api, models, fields + +from odoo.addons.muk_security.tools.security import NoSecurityUid + +_logger = logging.getLogger(__name__) + +class Base(models.AbstractModel): + + _inherit = 'base' + + #---------------------------------------------------------- + # Helper + #---------------------------------------------------------- + + def _filter_access_rules(self, operation): + if isinstance(self.env.uid, NoSecurityUid): + return self + return super(Base, self)._filter_access_rules(operation) + + @api.model + def _apply_ir_rules(self, query, mode='read'): + if isinstance(self.env.uid, NoSecurityUid): + return None + return super(Base, self)._apply_ir_rules(query, mode=mode) + + #---------------------------------------------------------- + # Function + #---------------------------------------------------------- + + @api.model + def suspend_security(self, user=None): + return self.sudo(user=NoSecurityUid(user or self.env.uid)) + + @api.multi + def check_access_rule(self, operation): + if isinstance(self.env.uid, NoSecurityUid): + return None + return super(Base, self).check_access_rule(operation) + + @api.model + def check_field_access_rights(self, operation, fields): + if isinstance(self.env.uid, NoSecurityUid): + return fields or list(self._fields) return super(Base, self).check_field_access_rights(operation, fields) \ No newline at end of file diff --git a/muk_security/models/ir_model_access.py b/muk_security/models/ir_model_access.py index 43d209a..9d73e71 100644 --- a/muk_security/models/ir_model_access.py +++ b/muk_security/models/ir_model_access.py @@ -1,39 +1,42 @@ -################################################################################### -# -# Copyright (C) 2017 MuK IT GmbH -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -################################################################################### - -import logging - -from odoo import api, fields, models -from odoo import tools, _ -from odoo.exceptions import ValidationError - -from odoo.addons.muk_security.tools.security import NoSecurityUid - -_logger = logging.getLogger(__name__) - -class IrModelAccess(models.Model): - - _inherit = 'ir.model.access' - - @api.model - @tools.ormcache_context('self._uid', 'model', 'mode', 'raise_exception', keys=('lang',)) - def check(self, model, mode='read', raise_exception=True): - if isinstance(self.env.uid, NoSecurityUid): - return True +################################################################################### +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# +################################################################################### + +import logging + +from odoo import api, fields, models +from odoo import tools, _ +from odoo.exceptions import ValidationError + +from odoo.addons.muk_security.tools.security import NoSecurityUid + +_logger = logging.getLogger(__name__) + +class IrModelAccess(models.Model): + + _inherit = 'ir.model.access' + + @api.model + @tools.ormcache_context('self._uid', 'model', 'mode', 'raise_exception', keys=('lang',)) + def check(self, model, mode='read', raise_exception=True): + if isinstance(self.env.uid, NoSecurityUid): + return True return super(IrModelAccess, self).check(model, mode=mode, raise_exception=raise_exception) \ No newline at end of file diff --git a/muk_security/models/ir_rule.py b/muk_security/models/ir_rule.py index 3c7d72f..93b5136 100644 --- a/muk_security/models/ir_rule.py +++ b/muk_security/models/ir_rule.py @@ -1,39 +1,42 @@ -################################################################################### -# -# Copyright (C) 2017 MuK IT GmbH -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -################################################################################### - -import logging - -from odoo import api, fields, models -from odoo import tools, _ -from odoo.exceptions import ValidationError - -from odoo.addons.muk_security.tools.security import NoSecurityUid - -_logger = logging.getLogger(__name__) - -class IrRule(models.Model): - - _inherit = 'ir.rule' - - @api.model - @tools.ormcache('self._uid', 'model_name', 'mode') - def _compute_domain(self, model_name, mode="read"): - if isinstance(self.env.uid, NoSecurityUid): - return None +################################################################################### +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# +################################################################################### + +import logging + +from odoo import api, fields, models +from odoo import tools, _ +from odoo.exceptions import ValidationError + +from odoo.addons.muk_security.tools.security import NoSecurityUid + +_logger = logging.getLogger(__name__) + +class IrRule(models.Model): + + _inherit = 'ir.rule' + + @api.model + @tools.ormcache('self._uid', 'model_name', 'mode') + def _compute_domain(self, model_name, mode="read"): + if isinstance(self.env.uid, NoSecurityUid): + return None return super(IrRule, self)._compute_domain(model_name, mode=mode) \ No newline at end of file diff --git a/muk_security/models/mixins_access_groups.py b/muk_security/models/mixins_access_groups.py index 24b4cb3..d51a7a6 100644 --- a/muk_security/models/mixins_access_groups.py +++ b/muk_security/models/mixins_access_groups.py @@ -1,19 +1,22 @@ ################################################################################### -# -# Copyright (C) 2017 MuK IT GmbH +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). # # This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. +# GNU Lesser General Public License for more details. # -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . # ################################################################################### diff --git a/muk_security/models/mixins_access_rights.py b/muk_security/models/mixins_access_rights.py index 2e2a0a4..0cc0114 100644 --- a/muk_security/models/mixins_access_rights.py +++ b/muk_security/models/mixins_access_rights.py @@ -1,119 +1,122 @@ -################################################################################### -# -# Copyright (C) 2017 MuK IT GmbH -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -################################################################################### - -import logging - -from odoo import _ -from odoo import models, api, fields -from odoo.exceptions import AccessError - -_logger = logging.getLogger(__name__) - -class AccessModel(models.AbstractModel): - - _name = 'muk_security.mixins.access_rights' - _description = 'Access Mixin' - - #---------------------------------------------------------- - # Database - #---------------------------------------------------------- - - permission_read = fields.Boolean( - compute='_compute_permissions_read', - search='_search_permission_read', - string="Read Access") - - permission_create = fields.Boolean( - compute='_compute_permissions_create', - search='_search_permission_create', - string="Create Access") - - permission_write = fields.Boolean( - compute='_compute_permissions_write', - search='_search_permission_write', - string="Write Access") - - permission_unlink = fields.Boolean( - compute='_compute_permissions_unlink', - search='_search_permission_unlink', - string="Delete Access") - - #---------------------------------------------------------- - # Search - #---------------------------------------------------------- - - @api.model - def _search_permission_read(self, operator, operand): - if operator == '=' and operand: - return [('id', 'in', self.search([])._filter_access_ids('read'))] - return [('id', 'not in', self.search([])._filter_access_ids('read'))] - - @api.model - def _search_permission_create(self, operator, operand): - if operator == '=' and operand: - return [('id', 'in', self.search([])._filter_access_ids('create'))] - return [('id', 'not in', self.search([])._filter_access_ids('create'))] - - @api.model - def _search_permission_write(self, operator, operand): - if operator == '=' and operand: - return [('id', 'in', self.search([])._filter_access_ids('write'))] - return [('id', 'not in', self.search([])._filter_access_ids('write'))] - - @api.model - def _search_permission_unlink(self, operator, operand): - if operator == '=' and operand: - return [('id', 'in', self.search([])._filter_access_ids('unlink'))] - return [('id', 'not in', self.search([])._filter_access_ids('unlink'))] - - #---------------------------------------------------------- - # Read, View - #---------------------------------------------------------- - - @api.multi - def _compute_permissions_read(self): - records = self._filter_access('read') - for record in records: - record.update({'permission_read': True}) - for record in self - records: - record.update({'permission_read': False}) - - @api.multi - def _compute_permissions_create(self): - records = self._filter_access('create') - for record in records: - record.update({'permission_create': True}) - for record in self - records: - record.update({'permission_create': False}) - - @api.multi - def _compute_permissions_write(self): - records = self._filter_access('write') - for record in records: - record.update({'permission_write': True}) - for record in self - records: - record.update({'permission_write': False}) - - @api.multi - def _compute_permissions_unlink(self): - records = self._filter_access('unlink') - for record in records: - record.update({'permission_unlink': True}) - for record in self - records: +################################################################################### +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# +################################################################################### + +import logging + +from odoo import _ +from odoo import models, api, fields +from odoo.exceptions import AccessError + +_logger = logging.getLogger(__name__) + +class AccessModel(models.AbstractModel): + + _name = 'muk_security.mixins.access_rights' + _description = 'Access Mixin' + + #---------------------------------------------------------- + # Database + #---------------------------------------------------------- + + permission_read = fields.Boolean( + compute='_compute_permissions_read', + search='_search_permission_read', + string="Read Access") + + permission_create = fields.Boolean( + compute='_compute_permissions_create', + search='_search_permission_create', + string="Create Access") + + permission_write = fields.Boolean( + compute='_compute_permissions_write', + search='_search_permission_write', + string="Write Access") + + permission_unlink = fields.Boolean( + compute='_compute_permissions_unlink', + search='_search_permission_unlink', + string="Delete Access") + + #---------------------------------------------------------- + # Search + #---------------------------------------------------------- + + @api.model + def _search_permission_read(self, operator, operand): + if operator == '=' and operand: + return [('id', 'in', self.search([])._filter_access_ids('read'))] + return [('id', 'not in', self.search([])._filter_access_ids('read'))] + + @api.model + def _search_permission_create(self, operator, operand): + if operator == '=' and operand: + return [('id', 'in', self.search([])._filter_access_ids('create'))] + return [('id', 'not in', self.search([])._filter_access_ids('create'))] + + @api.model + def _search_permission_write(self, operator, operand): + if operator == '=' and operand: + return [('id', 'in', self.search([])._filter_access_ids('write'))] + return [('id', 'not in', self.search([])._filter_access_ids('write'))] + + @api.model + def _search_permission_unlink(self, operator, operand): + if operator == '=' and operand: + return [('id', 'in', self.search([])._filter_access_ids('unlink'))] + return [('id', 'not in', self.search([])._filter_access_ids('unlink'))] + + #---------------------------------------------------------- + # Read, View + #---------------------------------------------------------- + + @api.multi + def _compute_permissions_read(self): + records = self._filter_access('read') + for record in records: + record.update({'permission_read': True}) + for record in self - records: + record.update({'permission_read': False}) + + @api.multi + def _compute_permissions_create(self): + records = self._filter_access('create') + for record in records: + record.update({'permission_create': True}) + for record in self - records: + record.update({'permission_create': False}) + + @api.multi + def _compute_permissions_write(self): + records = self._filter_access('write') + for record in records: + record.update({'permission_write': True}) + for record in self - records: + record.update({'permission_write': False}) + + @api.multi + def _compute_permissions_unlink(self): + records = self._filter_access('unlink') + for record in records: + record.update({'permission_unlink': True}) + for record in self - records: record.update({'permission_unlink': False}) \ No newline at end of file diff --git a/muk_security/models/mixins_locking.py b/muk_security/models/mixins_locking.py index a56bfa2..fd7d542 100644 --- a/muk_security/models/mixins_locking.py +++ b/muk_security/models/mixins_locking.py @@ -1,103 +1,106 @@ -################################################################################### -# -# Copyright (C) 2017 MuK IT GmbH -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -################################################################################### - -import os -import hashlib -import logging -import itertools - -from odoo import _, SUPERUSER_ID -from odoo import models, api, fields -from odoo.exceptions import AccessError - -from odoo.addons.muk_security.tools.security import NoSecurityUid - -_logger = logging.getLogger(__name__) - -class LockingModel(models.AbstractModel): - - _name = 'muk_security.mixins.locking' - _description = 'Locking Mixin' - - #---------------------------------------------------------- - # Database - #---------------------------------------------------------- - - locked_by = fields.Many2one( - comodel_name='res.users', - string="Locked by") - - is_locked = fields.Boolean( - compute='_compute_locked', - string="Locked") - - is_lock_editor = fields.Boolean( - compute='_compute_locked', - string="Editor") - - #---------------------------------------------------------- - # Locking - #---------------------------------------------------------- - - @api.multi - def lock(self): - self.write({'locked_by': self.env.uid}) - - @api.multi - def unlock(self): - self.write({'locked_by': None}) - - @api.model - def _check_lock_editor(self, lock_uid): - return lock_uid in (self.env.uid, SUPERUSER_ID) or isinstance(self.env.uid, NoSecurityUid) - - @api.multi - def check_lock(self): - for record in self: - if record.locked_by.exists() and not self._check_lock_editor(record.locked_by.id): - message = _("The record (%s [%s]) is locked, by an other user.") - raise AccessError(message % (record._description, record.id)) - - #---------------------------------------------------------- - # Read, View - #---------------------------------------------------------- - - @api.depends('locked_by') - def _compute_locked(self): - for record in self: - if record.locked_by.exists(): - record.update({'is_locked': True, 'is_lock_editor': record.locked_by.id == record.env.uid}) - else: - record.update({'is_locked': False, 'is_lock_editor': False}) - - #---------------------------------------------------------- - # Create, Update, Delete - #---------------------------------------------------------- - - @api.multi - def _write(self, vals): - self.check_lock() - return super(LockingModel, self)._write(vals) - - - @api.multi - def unlink(self): - self.check_lock() - return super(LockingModel, self).unlink() - +################################################################################### +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# +################################################################################### + +import os +import hashlib +import logging +import itertools + +from odoo import _, SUPERUSER_ID +from odoo import models, api, fields +from odoo.exceptions import AccessError + +from odoo.addons.muk_security.tools.security import NoSecurityUid + +_logger = logging.getLogger(__name__) + +class LockingModel(models.AbstractModel): + + _name = 'muk_security.mixins.locking' + _description = 'Locking Mixin' + + #---------------------------------------------------------- + # Database + #---------------------------------------------------------- + + locked_by = fields.Many2one( + comodel_name='res.users', + string="Locked by") + + is_locked = fields.Boolean( + compute='_compute_locked', + string="Locked") + + is_lock_editor = fields.Boolean( + compute='_compute_locked', + string="Editor") + + #---------------------------------------------------------- + # Locking + #---------------------------------------------------------- + + @api.multi + def lock(self): + self.write({'locked_by': self.env.uid}) + + @api.multi + def unlock(self): + self.write({'locked_by': None}) + + @api.model + def _check_lock_editor(self, lock_uid): + return lock_uid in (self.env.uid, SUPERUSER_ID) or isinstance(self.env.uid, NoSecurityUid) + + @api.multi + def check_lock(self): + for record in self: + if record.locked_by.exists() and not self._check_lock_editor(record.locked_by.id): + message = _("The record (%s [%s]) is locked, by an other user.") + raise AccessError(message % (record._description, record.id)) + + #---------------------------------------------------------- + # Read, View + #---------------------------------------------------------- + + @api.depends('locked_by') + def _compute_locked(self): + for record in self: + if record.locked_by.exists(): + record.update({'is_locked': True, 'is_lock_editor': record.locked_by.id == record.env.uid}) + else: + record.update({'is_locked': False, 'is_lock_editor': False}) + + #---------------------------------------------------------- + # Create, Update, Delete + #---------------------------------------------------------- + + @api.multi + def _write(self, vals): + self.check_lock() + return super(LockingModel, self)._write(vals) + + + @api.multi + def unlink(self): + self.check_lock() + return super(LockingModel, self).unlink() + diff --git a/muk_security/models/res_users.py b/muk_security/models/res_users.py index 47b701b..df21a74 100644 --- a/muk_security/models/res_users.py +++ b/muk_security/models/res_users.py @@ -1,46 +1,49 @@ -################################################################################### -# -# Copyright (C) 2017 MuK IT GmbH -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -################################################################################### - -import logging - -from odoo import api, fields, models -from odoo import tools, _ -from odoo.exceptions import ValidationError - -from odoo.addons.muk_security.tools.security import NoSecurityUid -from odoo.addons.muk_security.tools.security import convert_security_uid - - -_logger = logging.getLogger(__name__) - -class AccessUser(models.Model): - - _inherit = 'res.users' - - #---------------------------------------------------------- - # Functions - #---------------------------------------------------------- - - def browse(self, arg=None, *args, **kwargs): - return super(AccessUser, self).browse(convert_security_uid(arg), *args, **kwargs) - - @classmethod - def _browse(cls, ids, *args, **kwargs): - access_ids = [convert_security_uid(id) for id in ids] +################################################################################### +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# +################################################################################### + +import logging + +from odoo import api, fields, models +from odoo import tools, _ +from odoo.exceptions import ValidationError + +from odoo.addons.muk_security.tools.security import NoSecurityUid +from odoo.addons.muk_security.tools.security import convert_security_uid + + +_logger = logging.getLogger(__name__) + +class AccessUser(models.Model): + + _inherit = 'res.users' + + #---------------------------------------------------------- + # Functions + #---------------------------------------------------------- + + def browse(self, arg=None, *args, **kwargs): + return super(AccessUser, self).browse(convert_security_uid(arg), *args, **kwargs) + + @classmethod + def _browse(cls, ids, *args, **kwargs): + access_ids = [convert_security_uid(id) for id in ids] return super(AccessUser, cls)._browse(access_ids, *args, **kwargs) \ No newline at end of file diff --git a/muk_security/patch/__init__.py b/muk_security/patch/__init__.py index a42d175..e4c0f8c 100644 --- a/muk_security/patch/__init__.py +++ b/muk_security/patch/__init__.py @@ -1,19 +1,22 @@ ################################################################################### # -# Copyright (C) 2018 MuK IT GmbH +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). # # This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. +# GNU Lesser General Public License for more details. # -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . # ################################################################################### diff --git a/muk_security/patch/api.py b/muk_security/patch/api.py index d090a97..c19f9d4 100644 --- a/muk_security/patch/api.py +++ b/muk_security/patch/api.py @@ -1,36 +1,39 @@ -################################################################################### -# -# Copyright (C) 2018 MuK IT GmbH -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -################################################################################### - -import logging - -from odoo import models, api, SUPERUSER_ID - -from odoo.addons.muk_utils.tools import patch -from odoo.addons.muk_security.tools import security - -_logger = logging.getLogger(__name__) - -@api.model -@patch.monkey_patch(api.Environment) -def __call__(self, cr=None, user=None, context=None): - env = __call__.super(self, cr, user, context) - if user and isinstance(user, security.NoSecurityUid): - env.uid = user - return env +################################################################################### +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# +################################################################################### + +import logging + +from odoo import models, api, SUPERUSER_ID + +from odoo.addons.muk_utils.tools import patch +from odoo.addons.muk_security.tools import security + +_logger = logging.getLogger(__name__) + +@api.model +@patch.monkey_patch(api.Environment) +def __call__(self, cr=None, user=None, context=None): + env = __call__.super(self, cr, user, context) + if user and isinstance(user, security.NoSecurityUid): + env.uid = user + return env return env \ No newline at end of file diff --git a/muk_security/security/security.xml b/muk_security/security/security.xml index 704bfed..f53f958 100644 --- a/muk_security/security/security.xml +++ b/muk_security/security/security.xml @@ -1,21 +1,26 @@ - + --> diff --git a/muk_security/tests/__init__.py b/muk_security/tests/__init__.py index 59d0262..cc576ff 100644 --- a/muk_security/tests/__init__.py +++ b/muk_security/tests/__init__.py @@ -1,19 +1,22 @@ ################################################################################### -# -# Copyright (C) 2018 MuK IT GmbH +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). # # This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. +# GNU Lesser General Public License for more details. # -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . # ################################################################################### diff --git a/muk_security/tests/test_access_groups.py b/muk_security/tests/test_access_groups.py index 0f61f6f..fbf9c43 100644 --- a/muk_security/tests/test_access_groups.py +++ b/muk_security/tests/test_access_groups.py @@ -1,83 +1,86 @@ -################################################################################### -# -# Copyright (C) 2017 MuK IT GmbH -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -################################################################################### - -import os -import base64 -import logging - -from odoo import exceptions -from odoo.tests import common - -_path = os.path.dirname(os.path.dirname(__file__)) -_logger = logging.getLogger(__name__) - -class AccessGroupsTestCase(common.TransactionCase): - - def setUp(self): - super(AccessGroupsTestCase, self).setUp() - self.user_id = self.ref('base.user_demo') - self.group_id = self.ref('base.group_system') - self.groups = self.env['muk_security.access_groups'] - self.group01 = self.groups.create({ - 'name': 'Group 01', - 'explicit_users': [(6, 0, [self.user_id])]}) - self.group02 = self.groups.create({ - 'name': 'Group 02', - 'groups': [(6, 0, [self.group_id])]}) - self.user = self.env['res.users'].browse(self.user_id) - self.group = self.env['res.groups'].browse(self.group_id) - - def tearDown(self): - super(AccessGroupsTestCase, self).tearDown() - - def test_access_groups_users(self): - count = len(self.group02.users) - self.group02.write({'explicit_users': [(6, 0, [self.user_id])]}) - self.assertTrue(len(self.group02.users) > count) - - def test_access_groups_groups(self): - count = len(self.group01.users) - self.group01.write({'groups': [(6, 0, [self.group_id])]}) - self.assertTrue(len(self.group01.users) > count) - - def test_access_groups_groups_group(self): - count = len(self.group02.users) - self.group.write({'users': [(4, self.user_id)]}) - self.assertTrue(len(self.group02.users) > count) - - def test_access_groups_groups_user(self): - count = len(self.group02.users) - self.user.write({'groups_id':[(4, self.group_id)]}) - self.assertTrue(len(self.group02.users) > count) - - def test_access_groups_parent(self): - count = len(self.group02.users) - self.group02.write({'parent_group': self.group01.id}) - self.assertTrue(len(self.group02.users) > count) - - def test_access_groups_parent_multi(self): - group01 = self.groups.create({'name': 'MGroup 01'}) - group02 = self.groups.create({'name': 'MGroup 02', 'parent_group': group01.id}) - group03 = self.groups.create({'name': 'MGroup 03', 'parent_group': group02.id}) - init_count = len(group03.users) - group02.write({'explicit_users': [(6, 0, [self.user_id])]}) - self.assertTrue(len(group03.users) > init_count) - updated_count = len(group03.users) - group01.write({'groups': [(6, 0, [self.group_id])]}) +################################################################################### +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# +################################################################################### + +import os +import base64 +import logging + +from odoo import exceptions +from odoo.tests import common + +_path = os.path.dirname(os.path.dirname(__file__)) +_logger = logging.getLogger(__name__) + +class AccessGroupsTestCase(common.TransactionCase): + + def setUp(self): + super(AccessGroupsTestCase, self).setUp() + self.user_id = self.ref('base.user_demo') + self.group_id = self.ref('base.group_system') + self.groups = self.env['muk_security.access_groups'] + self.group01 = self.groups.create({ + 'name': 'Group 01', + 'explicit_users': [(6, 0, [self.user_id])]}) + self.group02 = self.groups.create({ + 'name': 'Group 02', + 'groups': [(6, 0, [self.group_id])]}) + self.user = self.env['res.users'].browse(self.user_id) + self.group = self.env['res.groups'].browse(self.group_id) + + def tearDown(self): + super(AccessGroupsTestCase, self).tearDown() + + def test_access_groups_users(self): + count = len(self.group02.users) + self.group02.write({'explicit_users': [(6, 0, [self.user_id])]}) + self.assertTrue(len(self.group02.users) > count) + + def test_access_groups_groups(self): + count = len(self.group01.users) + self.group01.write({'groups': [(6, 0, [self.group_id])]}) + self.assertTrue(len(self.group01.users) > count) + + def test_access_groups_groups_group(self): + count = len(self.group02.users) + self.group.write({'users': [(4, self.user_id)]}) + self.assertTrue(len(self.group02.users) > count) + + def test_access_groups_groups_user(self): + count = len(self.group02.users) + self.user.write({'groups_id':[(4, self.group_id)]}) + self.assertTrue(len(self.group02.users) > count) + + def test_access_groups_parent(self): + count = len(self.group02.users) + self.group02.write({'parent_group': self.group01.id}) + self.assertTrue(len(self.group02.users) > count) + + def test_access_groups_parent_multi(self): + group01 = self.groups.create({'name': 'MGroup 01'}) + group02 = self.groups.create({'name': 'MGroup 02', 'parent_group': group01.id}) + group03 = self.groups.create({'name': 'MGroup 03', 'parent_group': group02.id}) + init_count = len(group03.users) + group02.write({'explicit_users': [(6, 0, [self.user_id])]}) + self.assertTrue(len(group03.users) > init_count) + updated_count = len(group03.users) + group01.write({'groups': [(6, 0, [self.group_id])]}) self.assertTrue(len(group03.users) > updated_count) \ No newline at end of file diff --git a/muk_security/tests/test_suspend_security.py b/muk_security/tests/test_suspend_security.py index c05fdff..1be02c3 100644 --- a/muk_security/tests/test_suspend_security.py +++ b/muk_security/tests/test_suspend_security.py @@ -1,69 +1,72 @@ -################################################################################### -# -# Copyright (C) 2017 MuK IT GmbH -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -################################################################################### - -import os -import base64 -import logging - -from odoo import exceptions -from odoo.tests import common - -_path = os.path.dirname(os.path.dirname(__file__)) -_logger = logging.getLogger(__name__) - -class SuspendSecurityTestCase(common.TransactionCase): - - def setUp(self): - super(SuspendSecurityTestCase, self).setUp() - - def tearDown(self): - super(SuspendSecurityTestCase, self).tearDown() - - def test_suspend_security(self): - user_id = self.env.ref('base.user_demo').id - tester = self.env.ref('base.user_root').sudo(user_id) - with self.assertRaises(exceptions.AccessError): - tester.write({'login': 'test'}) - tester.suspend_security().write({'login': 'test'}) - self.assertEqual(tester.login, 'test') - self.assertEqual(tester.write_uid.id, user_id) - - def test_normalize(self): - self.env['res.users'].browse(self.env['res.users'].suspend_security().env.uid) - - def test_search_one2many(self): - user = self.env.ref('base.user_demo') - model = self.env['res.partner'].sudo(user.id) - self.assertTrue(model.env.user.id == user.id) - normal_domain = [('user_ids.id', '=', model.env.uid)] - suspend_domain = [('user_ids.id', '=', model.suspend_security().env.uid)] - normal_partner = model.search(normal_domain, limit=1) - suspend_partner = model.search(suspend_domain, limit=1) - self.assertEqual(normal_partner, suspend_partner) - normal_domain = [('user_ids', '=', model.env.uid)] - suspend_domain = [('user_ids', '=', model.suspend_security().env.uid)] - normal_partner = model.search(normal_domain, limit=1) - suspend_partner = model.search(suspend_domain, limit=1) - self.assertEqual(normal_partner, suspend_partner) - normal_domain = [('user_ids.id', 'in', [model.env.uid])] - suspend_domain = [('user_ids.id', 'in', [model.suspend_security().env.uid])] - normal_partner = model.search(normal_domain, limit=1) - suspend_partner = model.search(suspend_domain, limit=1) - self.assertEqual(normal_partner, suspend_partner) +################################################################################### +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# +################################################################################### + +import os +import base64 +import logging + +from odoo import exceptions +from odoo.tests import common + +_path = os.path.dirname(os.path.dirname(__file__)) +_logger = logging.getLogger(__name__) + +class SuspendSecurityTestCase(common.TransactionCase): + + def setUp(self): + super(SuspendSecurityTestCase, self).setUp() + + def tearDown(self): + super(SuspendSecurityTestCase, self).tearDown() + + def test_suspend_security(self): + user_id = self.env.ref('base.user_demo').id + tester = self.env.ref('base.user_root').sudo(user_id) + with self.assertRaises(exceptions.AccessError): + tester.write({'login': 'test'}) + tester.suspend_security().write({'login': 'test'}) + self.assertEqual(tester.login, 'test') + self.assertEqual(tester.write_uid.id, user_id) + + def test_normalize(self): + self.env['res.users'].browse(self.env['res.users'].suspend_security().env.uid) + + def test_search_one2many(self): + user = self.env.ref('base.user_demo') + model = self.env['res.partner'].sudo(user.id) + self.assertTrue(model.env.user.id == user.id) + normal_domain = [('user_ids.id', '=', model.env.uid)] + suspend_domain = [('user_ids.id', '=', model.suspend_security().env.uid)] + normal_partner = model.search(normal_domain, limit=1) + suspend_partner = model.search(suspend_domain, limit=1) + self.assertEqual(normal_partner, suspend_partner) + normal_domain = [('user_ids', '=', model.env.uid)] + suspend_domain = [('user_ids', '=', model.suspend_security().env.uid)] + normal_partner = model.search(normal_domain, limit=1) + suspend_partner = model.search(suspend_domain, limit=1) + self.assertEqual(normal_partner, suspend_partner) + normal_domain = [('user_ids.id', 'in', [model.env.uid])] + suspend_domain = [('user_ids.id', 'in', [model.suspend_security().env.uid])] + normal_partner = model.search(normal_domain, limit=1) + suspend_partner = model.search(suspend_domain, limit=1) + self.assertEqual(normal_partner, suspend_partner) \ No newline at end of file diff --git a/muk_security/tools/__init__.py b/muk_security/tools/__init__.py index bd6f764..433767f 100644 --- a/muk_security/tools/__init__.py +++ b/muk_security/tools/__init__.py @@ -1,19 +1,22 @@ ################################################################################### # -# Copyright (C) 2018 MuK IT GmbH +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). # # This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. +# GNU Lesser General Public License for more details. # -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . # ################################################################################### diff --git a/muk_security/tools/security.py b/muk_security/tools/security.py index 6959e14..927a7df 100644 --- a/muk_security/tools/security.py +++ b/muk_security/tools/security.py @@ -1,44 +1,47 @@ -################################################################################### -# -# Copyright (C) 2018 MuK IT GmbH -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# -################################################################################### - -#---------------------------------------------------------- -# Helper -#---------------------------------------------------------- - -def convert_security_uid(id): - if isinstance(id, NoSecurityUid): - return super(NoSecurityUid, id).__int__() - return id - -#---------------------------------------------------------- -# Model -#---------------------------------------------------------- - -class NoSecurityUid(int): - - def __int__(self): - return self - - def __eq__(self, other): - if isinstance(other, int): - return False - return super(NoSecurityUid, self).__int__() == other - - def __hash__(self): +################################################################################### +# +# Copyright (c) 2017-2019 MuK IT GmbH. +# +# This file is part of MuK Security +# (see https://mukit.at). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# +################################################################################### + +#---------------------------------------------------------- +# Helper +#---------------------------------------------------------- + +def convert_security_uid(id): + if isinstance(id, NoSecurityUid): + return super(NoSecurityUid, id).__int__() + return id + +#---------------------------------------------------------- +# Model +#---------------------------------------------------------- + +class NoSecurityUid(int): + + def __int__(self): + return self + + def __eq__(self, other): + if isinstance(other, int): + return False + return super(NoSecurityUid, self).__int__() == other + + def __hash__(self): return super(NoSecurityUid, self).__hash__() \ No newline at end of file diff --git a/muk_security/views/access_groups.xml b/muk_security/views/access_groups.xml index e7a337d..1f9f325 100644 --- a/muk_security/views/access_groups.xml +++ b/muk_security/views/access_groups.xml @@ -1,21 +1,26 @@ - + -->