Example #1
0
    def search(self, cr, uid, args, offset=0, limit=None, order=None,
               context=None, count=False):
        if context is None:
            context = {}
        # inject searching for current relation date if we search for relation
        # properties and no explicit date was given
        date_args = []
        for arg in args:
            if is_leaf(arg) and arg[0].startswith('search_relation'):
                if arg[0] == 'search_relation_date':
                    date_args = []
                    break
                if not date_args:
                    date_args = [
                        ('search_relation_date', '=', time.strftime(
                            DEFAULT_SERVER_DATE_FORMAT))]

        # because of auto_join, we have to do the active test by hand
        active_args = []
        if context.get('active_test', True):
            for arg in args:
                if is_leaf(arg) and\
                        arg[0].startswith('search_relation'):
                    active_args = [('relation_all_ids.active', '=', True)]
                    break

        return super(ResPartner, self).search(
            cr, uid, args + date_args + active_args, offset=offset,
            limit=limit, order=order, context=context, count=count)
Example #2
0
 def search(self, args, offset=0, limit=None, order=None, count=False):
     """Inject searching for current relation date if we search for
     relation properties and no explicit date was given.
     """
     # pylint: disable=arguments-differ
     # pylint: disable=no-value-for-parameter
     date_args = []
     for arg in args:
         if (is_leaf(arg) and isinstance(arg[0], basestring) and
                 arg[0].startswith('search_relation')):
             if arg[0] == 'search_relation_date':
                 date_args = []
                 break
             if not date_args:
                 date_args = [
                     ('search_relation_date', '=', fields.Date.today()),
                 ]
     # because of auto_join, we have to do the active test by hand
     active_args = []
     if self.env.context.get('active_test', True):
         for arg in args:
             if (is_leaf(arg) and isinstance(arg[0], basestring) and
                     arg[0].startswith('search_relation')):
                 active_args = [('relation_all_ids.active', '=', True)]
                 break
     return super(ResPartner, self).search(
         args + date_args + active_args, offset=offset, limit=limit,
         order=order, count=count)
Example #3
0
 def check_leaf(self):
     """ Leaf validity rules:
         - a valid leaf is an operator or a leaf
         - a valid leaf has a field objects unless
             - it is not a tuple
             - it is an inherited field
             - left is id, operator is 'child_of'
             - left is in MAGIC_COLUMNS
     """
     if not is_operator(self.leaf) and not is_leaf(self.leaf, True):
         raise ValueError("Invalid leaf %s" % str(self.leaf))
Example #4
0
 def _is_frozen_get(self, cr, uid, ids, field_name, args, context=None):
     '''determine if this is fixed list of ids'''
     result = {}
     for this in self.browse(cr, uid, ids, context=context):
         try:
             domain = safe_eval(this.domain)
         except:
             domain = [expression.FALSE_LEAF]
         result[this.id] = (len(domain) == 1 and
                            expression.is_leaf(domain[0]) and
                            domain[0][0] == 'id')
     return result
Example #5
0
 def _evaluate_get(self, cr, uid, ids, field_name, args, context=None):
     """check if this filter contains references to x2many fields. If so,
     then negation goes wrong in nearly all cases, so we evaluate the
     filter and remove its resulting ids"""
     result = {}
     for this in self.read(cr, uid, ids, ['model_id', 'domain'],
                           context=context):
         result[this['id']] = {
             'evaluate_before_negate': False,
             'evaluate_always': False,
         }
         domain = expression.normalize_domain(
             safe_eval(this['domain'] or 'False') or
             [expression.FALSE_LEAF])
         for arg in domain:
             if not expression.is_leaf(arg) or not isinstance(
                     arg[0], basestring):
                 continue
             current_model = self.pool.get(this['model_id'])
             if not current_model:
                 continue
             has_x2many = False
             has_auto_join = False
             for field_name in arg[0].split('.'):
                 if field_name in MAGIC_COLUMNS:
                     continue
                 field = current_model._all_columns[field_name].column
                 has_x2many |= field._type in self._evaluate_before_negate
                 has_x2many |= isinstance(field, fields.function)
                 has_auto_join |= field._auto_join
                 has_auto_join |= isinstance(field, fields.function)
                 if hasattr(field, '_obj'):
                     current_model = self.pool.get(field._obj)
                 if not current_model or has_x2many and has_auto_join:
                     break
             result[this['id']]['evaluate_before_negate'] |= has_x2many
             result[this['id']]['evaluate_always'] |= has_auto_join
             if result[this['id']]['evaluate_before_negate'] and\
                     result[this['id']]['evaluate_always']:
                 break
     return result
    def read_group(self, domain, fields, groupby, offset=0, limit=None,
                   orderby=False, lazy=True):
        """Restrict reading if we read an inaccessible field"""
        has_inaccessible_field = False
        has_inaccessible_field |= any(
            not self._restrict_field_access_is_field_accessible(f)
            for f in fields or self._fields.keys()
        )
        has_inaccessible_field |= any(
            expression.is_leaf(term) and
            not self._restrict_field_access_is_field_accessible(
                term[0].split('.')[0]
            )
            for term in domain
        )
        if groupby:
            if isinstance(groupby, basestring):
                groupby = [groupby]
            has_inaccessible_field |= any(
                not self._restrict_field_access_is_field_accessible(
                    f.split(':')[0]
                )
                for f in groupby
            )
        if orderby:
            has_inaccessible_field |= any(
                not self._restrict_field_access_is_field_accessible(f.split())
                for f in orderby.split(',')
            )
        # just like with search, we restrict read_group to the accessible
        # records, because we'd either leak data otherwise or have very wrong
        # results
        if has_inaccessible_field:
            self._restrict_field_access_inject_restrict_field_access_domain(
                domain
            )

        return super(RestrictFieldAccessMixin, self).read_group(
            domain, fields, groupby, offset=offset, limit=limit,
            orderby=orderby, lazy=lazy
        )
Example #7
0
 def _create_indirect_sharing_rules(self, cr, current_user, wizard_data, group_id, fields_relations, context=None):
     rule_name = _('Indirect sharing filter created by user %s (%s) for group %s') % \
                         (current_user.name, current_user.login, group_id)
     try:
         domain = safe_eval(wizard_data.domain)
         if domain:
             for rel_field, model in fields_relations:
                 # mail.message is transversal: it should not received directly the access rights
                 if model.model in ['mail.message', 'mail.notification']: continue
                 related_domain = []
                 if not rel_field: continue
                 for element in domain:
                     if expression.is_leaf(element):
                         left, operator, right = element
                         left = '%s.%s'%(rel_field, left)
                         element = left, operator, right
                     related_domain.append(element)
                 self._create_or_combine_sharing_rule(cr, current_user, wizard_data,
                      group_id, model_id=model.id, domain=str(related_domain),
                      rule_name=rule_name, restrict=True, context=context)
     except Exception:
         _logger.info('Failed to create share access', exc_info=True)
         raise UserError(_('Sorry, the current screen and filter you are trying to share are not supported at the moment.\nYou may want to try a simpler filter.'))
Example #8
0
 def get_applicable_args(args, index):
     if expression.is_leaf(args[index]):
         #TODO: also check for inherited fields etc
         if ((
                 args[index][0] in orm_model._columns or
                 orm_model._log_access and 
                     args[index][0]  in ['create_date','create_uid',
                     'write_date', 'write_uid']
             )
             and
             args[index][0] not in ['text','model']):
             return [args[index]], 1
         else:
             return [], 1
     else:
         op1=get_applicable_args(args, index+1)
         op2=get_applicable_args(args, index+op1[1]+1)
         return (([args[index]] 
                 if len(op1[0]) > 0 and len(op2[0]) > 0 
                 else []) +
                 op1[0] + op2[0],
                 op1[1] + op2[1] + 1
                 )
 def _search(self, args, offset=0, limit=None, order=None, count=False,
             access_rights_uid=None):
     if not args:
         return super(RestrictFieldAccessMixin, self)._search(
             args, offset=offset, limit=limit, order=order, count=count,
             access_rights_uid=access_rights_uid)
     args = expression.normalize_domain(args)
     has_inaccessible_field = False
     for term in args:
         if not expression.is_leaf(term):
             continue
         if not self._restrict_field_access_is_field_accessible(
                 term[0], 'read'):
             has_inaccessible_field = True
             break
     if has_inaccessible_field:
         check_self = self if not access_rights_uid else self.sudo(
             access_rights_uid)
         check_self\
             ._restrict_field_access_inject_restrict_field_access_domain(
                 args)
     return super(RestrictFieldAccessMixin, self)._search(
         args, offset=offset, limit=limit, order=order, count=count,
         access_rights_uid=access_rights_uid)
Example #10
0
 def is_leaf(self, internal=False):
     return is_leaf(self.leaf, internal=internal)