projects / odoo / odoo.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7787904)
* Resolved bug in permissions view (Define Access)
authorJean-Baptiste Aubort <jean-baptiste.aubort@camptocamp.com>
Wed, 30 Jul 2008 12:42:48 +0000 (14:42 +0200)
committerJean-Baptiste Aubort <jean-baptiste.aubort@camptocamp.com>
Wed, 30 Jul 2008 12:42:48 +0000 (14:42 +0200)
* Actions for demo user
* Added missing mandatory fields to new views
* User security in draft

bzr revid: jean-baptiste.aubort@camptocamp.com-20080730124248-9i13imd1nj2iio7g

bin/addons/base/base_demo.xml patch | blob | history
bin/addons/base/base_security.xml patch | blob | history
bin/addons/base/ir/ir.xml patch | blob | history
bin/addons/base/ir/ir_model.py patch | blob | history
bin/addons/base/res/res_security.xml patch | blob | history
bin/addons/base/res/res_user.py patch | blob | history

diff --git a/bin/addons/base/base_demo.xml b/bin/addons/base/base_demo.xml
index 6bfb81d..c6a578d 100644 (file)
--- a/bin/addons/base/base_demo.xml
+++ b/bin/addons/base/base_demo.xml
@@ -6,8 +6,6 @@
             <field name="password">demo</field>
             <field name="name">Demo User</field>
             <field name="signature">Fabien Pinckaers</field>
             <field name="password">demo</field>
             <field name="name">Demo User</field>
             <field name="signature">Fabien Pinckaers</field>
-            <field name="action_id" ref="action_menu_admin"/>
-            <field name="menu_id" ref="action_menu_admin"/>
             <field name="address_id" ref="main_address"/>
             <field name="company_id" ref="main_company"/>
         </record>
             <field name="address_id" ref="main_address"/>
             <field name="company_id" ref="main_company"/>
         </record>
diff --git a/bin/addons/base/base_security.xml b/bin/addons/base/base_security.xml
index 00b5135..065ee55 100644 (file)
--- a/bin/addons/base/base_security.xml
+++ b/bin/addons/base/base_security.xml
@@ -70,10 +70,6 @@
         <field name="name">Account Manager</field>
     </record>
 
         <field name="name">Account Manager</field>
     </record>
 
-    <record model="res.groups" id="group_partner_manager">
-        <field name="name">Partner Manager</field>
-    </record>
-
     <record model="res.groups" id="group_request">
         <field name="name">Request</field>
     </record>
     <record model="res.groups" id="group_request">
         <field name="name">Request</field>
     </record>
@@ -312,6 +308,19 @@
         <field name="perm_create" eval="0"/>
         <field name="perm_unlink" eval="0"/>
     </record>
         <field name="perm_create" eval="0"/>
         <field name="perm_unlink" eval="0"/>
     </record>
+
+    <record model="ir.model.access" id="access_ir_actions_wizard_group_employee">
+        <field name="name">ir_actions_wizard group_employee</field>
+        <field model="ir.model" name="model_id" search="[('model', '=', 'ir.actions.wizard')]"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="0"/>
+        <field name="perm_create" eval="0"/>
+        <field name="perm_unlink" eval="0"/>
+    </record>
+    
+    
+    
     
     
     
     
     
     
@@ -345,6 +354,56 @@
         <field name="perm_unlink" eval="0"/>
     </record>
 
         <field name="perm_unlink" eval="0"/>
     </record>
 
+    <record model="ir.model.access" id="access_ir_model_fields_group_employee">
+        <field name="name">ir_model_fields group_employee</field>
+        <field model="ir.model" name="model_id" ref="model_ir_model_fields"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="1"/>
+        <field name="perm_create" eval="0"/>
+        <field name="perm_unlink" eval="0"/>
+    </record>
+
+    <record model="ir.model.access" id="access_ir_module_category_group_employee">
+        <field name="name">ir_module_category group_employee</field>
+        <field model="ir.model" name="model_id" ref="model_ir_module_category"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="1"/>
+        <field name="perm_create" eval="0"/>
+        <field name="perm_unlink" eval="0"/>
+    </record>
+
+    <record model="ir.model.access" id="access_ir_module_module_group_employee">
+        <field name="name">ir_module_module group_employee</field>
+        <field model="ir.model" name="model_id" ref="model_ir_module_module"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="1"/>
+        <field name="perm_create" eval="0"/>
+        <field name="perm_unlink" eval="0"/>
+    </record>
+
+    <record model="ir.model.access" id="access_ir_rule_group_employee">
+        <field name="name">ir_rule group_employee</field>
+        <field model="ir.model" name="model_id" ref="model_ir_rule"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="0"/>
+        <field name="perm_create" eval="0"/>
+        <field name="perm_unlink" eval="0"/>
+    </record>
+
+    <record model="ir.model.access" id="access_ir_rule_group_group_employee">
+        <field name="name">ir_rule_group group_employee</field>
+        <field model="ir.model" name="model_id" ref="model_ir_rule_group"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="0"/>
+        <field name="perm_create" eval="0"/>
+        <field name="perm_unlink" eval="0"/>
+    </record>
+
     <record model="ir.model.access" id="access_ir_ui_menu_group_employee">
         <field name="name">ir_ui_menu group_employee</field>
         <field model="ir.model" name="model_id" ref="model_ir_ui_menu"/>
     <record model="ir.model.access" id="access_ir_ui_menu_group_employee">
         <field name="name">ir_ui_menu group_employee</field>
         <field model="ir.model" name="model_id" ref="model_ir_ui_menu"/>
@@ -380,7 +439,7 @@
         <field model="ir.model" name="model_id" ref="model_res_company"/>
         <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
         <field model="ir.model" name="model_id" ref="model_res_company"/>
         <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
-        <field name="perm_write" eval="0"/>
+        <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="0"/>
         <field name="perm_unlink" eval="0"/>
     </record>
         <field name="perm_create" eval="0"/>
         <field name="perm_unlink" eval="0"/>
     </record>
@@ -395,6 +454,36 @@
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_unlink" eval="1"/>
     </record>
 
+    <record model="ir.model.access" id="access_res_country_group_employee">
+        <field name="name">res_country group_employee</field>
+        <field model="ir.model" name="model_id" ref="model_res_country"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="0"/>
+        <field name="perm_create" eval="0"/>
+        <field name="perm_unlink" eval="0"/>
+    </record>
+
+    <record model="ir.model.access" id="access_res_country_state_group_employee">
+        <field name="name">res_country_state group_employee</field>
+        <field model="ir.model" name="model_id" ref="model_res_country_state"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="0"/>
+        <field name="perm_create" eval="0"/>
+        <field name="perm_unlink" eval="0"/>
+    </record>
+
+    <record model="ir.model.access" id="access_res_currency_group_employee">
+        <field name="name">res_currency group_employee</field>
+        <field model="ir.model" name="model_id" ref="model_res_currency"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="0"/>
+        <field name="perm_create" eval="0"/>
+        <field name="perm_unlink" eval="0"/>
+    </record>
+
     <record model="ir.model.access" id="access_res_currency_rate_group_employee">
         <field name="name">res_currency_rate group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_currency_rate"/>
     <record model="ir.model.access" id="access_res_currency_rate_group_employee">
         <field name="name">res_currency_rate group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_currency_rate"/>
@@ -445,16 +534,6 @@
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_unlink" eval="1"/>
     </record>
 
-    <record model="ir.model.access" id="access_res_partner_group_partner_manager">
-        <field name="name">res_partner group_partner_manager</field>
-        <field model="ir.model" name="model_id" ref="model_res_partner"/>
-        <field name="group_id" ref="group_partner_manager"/>
-        <field name="perm_read" eval="1"/>
-        <field name="perm_write" eval="1"/>
-        <field name="perm_create" eval="1"/>
-        <field name="perm_unlink" eval="1"/>
-    </record>
-
     <record model="ir.model.access" id="access_res_partner_address_group_employee">
         <field name="name">res_partner_address group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_address"/>
     <record model="ir.model.access" id="access_res_partner_address_group_employee">
         <field name="name">res_partner_address group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_address"/>
@@ -465,26 +544,6 @@
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_unlink" eval="1"/>
     </record>
 
-    <record model="ir.model.access" id="access_res_partner_address_group_partner_manager">
-        <field name="name">res_partner_address group_partner_manager</field>
-        <field model="ir.model" name="model_id" ref="model_res_partner_address"/>
-        <field name="group_id" ref="group_partner_manager"/>
-        <field name="perm_read" eval="1"/>
-        <field name="perm_write" eval="1"/>
-        <field name="perm_create" eval="1"/>
-        <field name="perm_unlink" eval="1"/>
-    </record>
-
-    <record model="ir.model.access" id="access_res_partner_bank_group_partner_manager">
-        <field name="name">res_partner_bank group_partner_manager</field>
-        <field model="ir.model" name="model_id" ref="model_res_partner_bank"/>
-        <field name="group_id" ref="group_partner_manager"/>
-        <field name="perm_read" eval="1"/>
-        <field name="perm_write" eval="1"/>
-        <field name="perm_create" eval="1"/>
-        <field name="perm_unlink" eval="1"/>
-    </record>
-
     <record model="ir.model.access" id="access_res_partner_bank_group_employee">
         <field name="name">res_partner_bank group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_bank"/>
     <record model="ir.model.access" id="access_res_partner_bank_group_employee">
         <field name="name">res_partner_bank group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_bank"/>
@@ -495,90 +554,90 @@
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_unlink" eval="1"/>
     </record>
 
-    <record model="ir.model.access" id="access_res_partner_bank_type_group_partner_manager">
-        <field name="name">res_partner_bank_type group_partner_manager</field>
+    <record model="ir.model.access" id="access_res_partner_bank_type_group_employee">
+        <field name="name">res_partner_bank_type group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_bank_type"/>
         <field model="ir.model" name="model_id" ref="model_res_partner_bank_type"/>
-        <field name="group_id" ref="group_partner_manager"/>
+        <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
-    <record model="ir.model.access" id="access_res_partner_bank_type_field_group_partner_manager">
-        <field name="name">res_partner_bank_type_field group_partner_manager</field>
+    <record model="ir.model.access" id="access_res_partner_bank_type_field_group_employee">
+        <field name="name">res_partner_bank_type_field group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_bank_type_field"/>
         <field model="ir.model" name="model_id" ref="model_res_partner_bank_type_field"/>
-        <field name="group_id" ref="group_partner_manager"/>
+        <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
-    <record model="ir.model.access" id="access_res_partner_canal_group_partner_manager">
-        <field name="name">res_partner_canal group_partner_manager</field>
+    <record model="ir.model.access" id="access_res_partner_canal_group_employee">
+        <field name="name">res_partner_canal group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_canal"/>
         <field model="ir.model" name="model_id" ref="model_res_partner_canal"/>
-        <field name="group_id" ref="group_partner_manager"/>
+        <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
-    <record model="ir.model.access" id="access_res_partner_category_group_partner_manager">
-        <field name="name">res_partner_category group_partner_manager</field>
+    <record model="ir.model.access" id="access_res_partner_category_group_employee">
+        <field name="name">res_partner_category group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_category"/>
         <field model="ir.model" name="model_id" ref="model_res_partner_category"/>
-        <field name="group_id" ref="group_partner_manager"/>
+        <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
-    <record model="ir.model.access" id="access_res_partner_event_group_partner_manager">
-        <field name="name">res_partner_event group_partner_manager</field>
+    <record model="ir.model.access" id="access_res_partner_event_group_employee">
+        <field name="name">res_partner_event group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_event"/>
         <field model="ir.model" name="model_id" ref="model_res_partner_event"/>
-        <field name="group_id" ref="group_partner_manager"/>
+        <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
-    <record model="ir.model.access" id="access_res_partner_event_type_group_partner_manager">
-        <field name="name">res_partner_event_type group_partner_manager</field>
+    <record model="ir.model.access" id="access_res_partner_event_type_group_employee">
+        <field name="name">res_partner_event_type group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_event_type"/>
         <field model="ir.model" name="model_id" ref="model_res_partner_event_type"/>
-        <field name="group_id" ref="group_partner_manager"/>
+        <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
-    <record model="ir.model.access" id="access_res_partner_function_group_partner_manager">
-        <field name="name">res_partner_function group_partner_manager</field>
+    <record model="ir.model.access" id="access_res_partner_function_group_employee">
+        <field name="name">res_partner_function group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_function"/>
         <field model="ir.model" name="model_id" ref="model_res_partner_function"/>
-        <field name="group_id" ref="group_partner_manager"/>
+        <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
-    <record model="ir.model.access" id="access_res_partner_som_group_partner_manager">
-        <field name="name">res_partner_som group_partner_manager</field>
+    <record model="ir.model.access" id="access_res_partner_som_group_employee">
+        <field name="name">res_partner_som group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_som"/>
         <field model="ir.model" name="model_id" ref="model_res_partner_som"/>
-        <field name="group_id" ref="group_partner_manager"/>
+        <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_unlink" eval="1"/>
     </record>
 
-    <record model="ir.model.access" id="access_res_partner_title_group_partner_manager">
-        <field name="name">res_partner_title group_partner_manager</field>
+    <record model="ir.model.access" id="access_res_partner_title_group_employee">
+        <field name="name">res_partner_title group_employee</field>
         <field model="ir.model" name="model_id" ref="model_res_partner_title"/>
         <field model="ir.model" name="model_id" ref="model_res_partner_title"/>
-        <field name="group_id" ref="group_partner_manager"/>
+        <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
@@ -592,6 +651,36 @@
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
         <field name="perm_read" eval="1"/>
         <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="1"/>
+        <field name="perm_unlink" eval="1"/>
+    </record>
+
+    <record model="ir.model.access" id="access_res_request_group_employee">
+        <field name="name">res_request group_employee</field>
+        <field model="ir.model" name="model_id" ref="model_res_request"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="0"/>
+        <field name="perm_create" eval="0"/>
+        <field name="perm_unlink" eval="0"/>
+    </record>
+
+    <record model="ir.model.access" id="access_res_request_history_group_employee">
+        <field name="name">res_request_history group_employee</field>
+        <field model="ir.model" name="model_id" ref="model_res_request_history"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="0"/>
+        <field name="perm_create" eval="0"/>
+        <field name="perm_unlink" eval="0"/>
+    </record>
+
+    <record model="ir.model.access" id="access_res_request_link_group_employee">
+        <field name="name">res_request_link group_employee</field>
+        <field model="ir.model" name="model_id" ref="model_res_request_link"/>
+        <field name="group_id" ref="group_employee"/>
+        <field name="perm_read" eval="1"/>
+        <field name="perm_write" eval="0"/>
+        <field name="perm_create" eval="0"/>
         <field name="perm_unlink" eval="0"/>
     </record>
 
         <field name="perm_unlink" eval="0"/>
     </record>
 
@@ -600,7 +689,7 @@
         <field model="ir.model" name="model_id" ref="model_res_users"/>
         <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
         <field model="ir.model" name="model_id" ref="model_res_users"/>
         <field name="group_id" ref="group_employee"/>
         <field name="perm_read" eval="1"/>
-        <field name="perm_write" eval="0"/>
+        <field name="perm_write" eval="1"/>
         <field name="perm_create" eval="0"/>
         <field name="perm_unlink" eval="0"/>
     </record>
         <field name="perm_create" eval="0"/>
         <field name="perm_unlink" eval="0"/>
     </record>
diff --git a/bin/addons/base/ir/ir.xml b/bin/addons/base/ir/ir.xml
index 12f1779..eb91d3d 100644 (file)
--- a/bin/addons/base/ir/ir.xml
+++ b/bin/addons/base/ir/ir.xml
@@ -623,6 +623,7 @@
                                 <field name="perm_write"/>
                                 <field name="perm_create"/>
                                 <field name="perm_unlink"/>
                                 <field name="perm_write"/>
                                 <field name="perm_create"/>
                                 <field name="perm_unlink"/>
+                                <field name="name"/>
                             </tree>
                         </field>
                     </page>
                             </tree>
                         </field>
                     </page>
diff --git a/bin/addons/base/ir/ir_model.py b/bin/addons/base/ir/ir_model.py
index 0b2fb1e..d19406f 100644 (file)
--- a/bin/addons/base/ir/ir_model.py
+++ b/bin/addons/base/ir/ir_model.py
@@ -32,6 +32,8 @@ import ir, re
 import netsvc
 from osv.orm import except_orm
 
 import netsvc
 from osv.orm import except_orm
 
+from pprint import pprint
+
 import time
 import tools
 import pooler
 import time
 import tools
 import pooler
@@ -106,28 +108,33 @@ class ir_model(osv.osv):
         result = super(osv.osv, self).read(cr, user, ids, fields, context, load)        
         if context and 'advanced' in context:
             for res in result:
         result = super(osv.osv, self).read(cr, user, ids, fields, context, load)        
         if context and 'advanced' in context:
             for res in result:
-                rules = self.pool.get('ir.model.access').search(cr, user, [('model_id', '=', res['id'])])
-                rules_br = self.pool.get('ir.model.access').browse(cr, user, rules)
-                # Take into account the last found rule
-                rules_br_len = len(rules_br) - 1
-                if rules_br_len>-1:
-                    perm_list = []
-                    if rules_br[rules_br_len].perm_read:
-                        perm_list.append('r')
-                    if rules_br[rules_br_len].perm_write:
-                        perm_list.append('w')
-                    if rules_br[rules_br_len].perm_create:
-                        perm_list.append('c')
-                    if rules_br[rules_br_len].perm_unlink:
-                        perm_list.append('u')
-                    perms = ",".join(perm_list)
-                    res['group_%i'%rules_br[rules_br_len].group_id.id] = perms
+                if 'access' in res:
+                    rules_br = self.pool.get('ir.model.access').browse(cr, user, res['access'])
+                else:
+                    rules = self.pool.get('ir.model.access').search(cr, user, [('model_id', '=', res['id'])])
+                    rules_br = self.pool.get('ir.model.access').browse(cr, user, rules)
+                if len(rules_br)>0:
+                    for rule in rules_br:
+                        perm_list = []
+                        if rule.perm_read:
+                            perm_list.append('r')
+                        if rule.perm_write:
+                            perm_list.append('w')
+                        if rule.perm_create:
+                            perm_list.append('c')
+                        if rule.perm_unlink:
+                            perm_list.append('u')
+                        perms = ",".join(perm_list)
+                        res['group_%i'%rule.group_id.id] = perms
+            pprint(result)
         return result
 
     def write(self, cr, user, ids, vals, context=None):
         return result
 
     def write(self, cr, user, ids, vals, context=None):
+        vals_new = vals.copy()
+        
         if context and 'advanced' in context:
         if context and 'advanced' in context:
-            perms_rel = ['create','read','unlink','write']
-            perms_all = ['c','r','u','w']
+            perms_rel = ['read','write','create','unlink']
+            perms_all = ['r','w','c','u']
             perms = []
             
             for val in vals:
             perms = []
             
             for val in vals:
@@ -158,6 +165,7 @@ class ir_model(osv.osv):
                         for k in req:
                             sql += '%s=%s,'%(k,req[k])
                         cr.execute("update ir_model_access set %s where id=%i"%(sql[:-1], rules[rule_len]))
                         for k in req:
                             sql += '%s=%s,'%(k,req[k])
                         cr.execute("update ir_model_access set %s where id=%i"%(sql[:-1], rules[rule_len]))
+                        print "update ir_model_access set %s where id=%i"%(sql[:-1], rules[rule_len])
                     else:
                         model_name = self.pool.get('ir.model').browse(cr, user, [model_id])[0].name
                         group_name = self.pool.get('res.groups').browse(cr, user, [group_id])[0].name
                     else:
                         model_name = self.pool.get('ir.model').browse(cr, user, [model_id])[0].name
                         group_name = self.pool.get('res.groups').browse(cr, user, [group_id])[0].name
@@ -166,9 +174,9 @@ class ir_model(osv.osv):
                             (name, model_id, group_id, perm_create, perm_read, perm_unlink, perm_write) \
                             values (%s, %i, %i, %s, %s, %s, %s)',
                             (rule_name, model_id, group_id,req['perm_create'], req['perm_read'], req['perm_unlink'], req['perm_write'],))
                             (name, model_id, group_id, perm_create, perm_read, perm_unlink, perm_write) \
                             values (%s, %i, %i, %s, %s, %s, %s)',
                             (rule_name, model_id, group_id,req['perm_create'], req['perm_read'], req['perm_unlink'], req['perm_write'],))
-            return 1
-        else:
-            return super(osv.osv, self).write(cr, user, ids, vals, context)
+            #return 1
+                    del vals_new[val]
+        return super(osv.osv, self).write(cr, user, ids, vals_new, context)
     
     def fields_get(self, cr, user, fields=None, context=None, read_access=True):
         result = super(osv.osv, self).fields_get(cr, user, fields, context)
     
     def fields_get(self, cr, user, fields=None, context=None, read_access=True):
         result = super(osv.osv, self).fields_get(cr, user, fields, context)
@@ -283,12 +291,13 @@ class ir_model_access(osv.osv):
             res = False
         return res
     
             res = False
         return res
     
-    def check(self, cr, uid, model_name, mode='read',raise_exception=True):       
-        assert mode in ['read','write','create','unlink'], 'Invalid access mode for security'
+    def check(self, cr, uid, model_name, mode='read',raise_exception=True):
         # Users root have all access (Todo: exclude xml-rpc requests)
         if uid==1:
             return True
         
         # Users root have all access (Todo: exclude xml-rpc requests)
         if uid==1:
             return True
         
+        assert mode in ['read','write','create','unlink'], 'Invalid access mode for security'
+        
         # We check if a specific rule exists
         cr.execute('SELECT MAX(CASE WHEN perm_'+mode+' THEN 1 else 0 END) '
             'from ir_model_access a join ir_model m on (m.id=a.model_id) '
         # We check if a specific rule exists
         cr.execute('SELECT MAX(CASE WHEN perm_'+mode+' THEN 1 else 0 END) '
             'from ir_model_access a join ir_model m on (m.id=a.model_id) '
@@ -326,6 +335,10 @@ class ir_model_access(osv.osv):
         res = super(ir_model_access, self).unlink(cr, uid, *args, **argv)
         self.check()
         return res
         res = super(ir_model_access, self).unlink(cr, uid, *args, **argv)
         self.check()
         return res
+    def read(self, cr, uid, *args, **argv):
+        res = super(ir_model_access, self).read(cr, uid, *args, **argv)
+        self.check()
+        return res
 ir_model_access()
 
 class ir_model_data(osv.osv):
 ir_model_access()
 
 class ir_model_data(osv.osv):
diff --git a/bin/addons/base/res/res_security.xml b/bin/addons/base/res/res_security.xml
index 15423d1..1ce9147 100644 (file)
--- a/bin/addons/base/res/res_security.xml
+++ b/bin/addons/base/res/res_security.xml
@@ -13,6 +13,10 @@
         <field name="name">Account Manager</field>
     </record>
 
         <field name="name">Account Manager</field>
     </record>
 
+    <record model="res.groups" id="group_partner_manager">
+        <field name="name">Partner Manager</field>
+    </record>
+
 <!--
  Objects Groups
 -->
 <!--
  Objects Groups
 -->
diff --git a/bin/addons/base/res/res_user.py b/bin/addons/base/res/res_user.py
index a7a7eb5..5454c0b 100644 (file)
--- a/bin/addons/base/res/res_user.py
+++ b/bin/addons/base/res/res_user.py
@@ -113,15 +113,6 @@ class users(osv.osv):
         'context_lang': fields.selection(_lang_get, 'Language', required=True),
         'context_tz': fields.selection(_tz_get,  'Timezone', size=64)
     }
         'context_lang': fields.selection(_lang_get, 'Language', required=True),
         'context_tz': fields.selection(_tz_get,  'Timezone', size=64)
     }
-    def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
-        result = super(users, self).read(cr, uid, ids, fields, context, load)
-        canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', raise_exception=False)
-        if not canwrite:
-            for r in result:
-                if 'password' in r:
-                    r['password'] = '********'
-        return result
-
     _sql_constraints = [
         ('login_key', 'UNIQUE (login)', 'You can not have two users with the same login !')
     ]
     _sql_constraints = [
         ('login_key', 'UNIQUE (login)', 'You can not have two users with the same login !')
     ]
@@ -153,7 +144,7 @@ class users(osv.osv):
         if (ids == [uid]):
             ok = True
             for k in values.keys():
         if (ids == [uid]):
             ok = True
             for k in values.keys():
-                if k not in ('password','signature','action_id', 'context_lang', 'context_tz'):
+                if k not in ('password', 'signature', 'action_id', 'context_lang', 'context_tz'):
                     ok=False
             if ok:
                 uid = 1
                     ok=False
             if ok:
                 uid = 1
@@ -163,9 +154,18 @@ class users(osv.osv):
         self.pool.get('ir.rule').domain_get()
         return res
 
         self.pool.get('ir.rule').domain_get()
         return res
 
+    def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
+        result = super(users, self).read(cr, uid, ids, fields, context, load)
+        canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', raise_exception=False)
+        if not canwrite:
+            for r in result:
+                if 'password' in r:
+                    r['password'] = '********'
+        return result
+
     def unlink(self, cr, uid, ids):
         if 1 in ids:
     def unlink(self, cr, uid, ids):
         if 1 in ids:
-            raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the root user as it is used internally for resources created by Tiny ERP (updates, module installation, ...)'))
+            raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the root user as it is used internally for resources created by Open ERP (updates, module installation, ...)'))
         return super(users, self).unlink(cr, uid, ids)
 
     def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=80):
         return super(users, self).unlink(cr, uid, ids)
 
     def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=80):
Unnamed repository; edit this file 'description' to name the repository.