예제 #1
0
 def write(self, cr, uid, ids, vals, context=None):
     employee_id = vals.get('employee_id', False)
     if not self._check_state_access_right(cr, uid, vals, context):
         raise AccessError(_('You cannot set a leave request as \'%s\'. Contact a human resource manager.') % vals.get('state'))
     hr_holiday_id = super(hr_holidays, self).write(cr, uid, ids, vals, context=context)
     self.add_follower(cr, uid, ids, employee_id, context=context)
     return hr_holiday_id
예제 #2
0
    def set_sale_defaults(self):
        self.ensure_one()
        if not self.env.user._is_admin():
            raise AccessError(_("Only administrators can change the settings"))

        default_picking_policy = 'one' if self.default_picking_policy else 'direct'
        self.env['ir.values'].sudo().set_default('sale.order',
                                                 'picking_policy',
                                                 default_picking_policy)
        res = super(SaleConfiguration, self).set_sale_defaults()
        return res
예제 #3
0
    def check(self, cr, uid, ids, mode, context=None, values=None):
        """Restricts the access to an ir.attachment, according to referred model
        In the 'document' module, it is overriden to relax this hard rule, since
        more complex ones apply there.
        """
        res_ids = {}
        require_employee = False
        if ids:
            if isinstance(ids, (int, long)):
                ids = [ids]
            cr.execute(
                'SELECT res_model, res_id, create_uid, public FROM ir_attachment WHERE id = ANY (%s)',
                (ids, ))
            for rmod, rid, create_uid, public in cr.fetchall():
                if public and mode == 'read':
                    continue
                if not (rmod and rid):
                    if create_uid != uid:
                        require_employee = True
                    continue
                res_ids.setdefault(rmod, set()).add(rid)
        if values:
            if values.get('res_model') and values.get('res_id'):
                res_ids.setdefault(values['res_model'],
                                   set()).add(values['res_id'])

        ima = self.pool.get('ir.model.access')
        for model, mids in res_ids.items():
            # ignore attachments that are not attached to a resource anymore when checking access rights
            # (resource was deleted but attachment was not)
            if not self.pool.get(model):
                require_employee = True
                continue
            existing_ids = self.pool[model].exists(cr, uid, mids)
            if len(existing_ids) != len(mids):
                require_employee = True
            # For related models, check if we can write to the model, as unlinking
            # and creating attachments can be seen as an update to the model
            if (mode in ['unlink', 'create']):
                ima.check(cr, uid, model, 'write')
            else:
                ima.check(cr, uid, model, mode)
            self.pool[model].check_access_rule(cr,
                                               uid,
                                               existing_ids,
                                               mode,
                                               context=context)
        if require_employee:
            if not uid == SUPERUSER_ID and not self.pool[
                    'res.users'].has_group(cr, uid, 'base.group_user'):
                raise AccessError(
                    _("Sorry, you are not allowed to access this document."))
예제 #4
0
파일: res_users.py 프로젝트: ecoreos/hz
 def set_technical_features(self):
     """ Map boolean field value to group membership, but checking
     access """
     group = self.env.ref(
         'base_technical_features.group_technical_features')
     for user in self:
         if self.env.ref('base.group_no_one') not in user.groups_id:
             raise AccessError(
                 _('The user does not have access to technical '
                   'features.'))
     if user.technical_features:
         self.sudo().write({'groups_id': [(4, group.id)]})
     else:
         self.sudo().write({'groups_id': [(3, group.id)]})
예제 #5
0
 def create(self, cr, uid, values, context=None):
     """ Override to avoid automatic logging of creation """
     if context is None:
         context = {}
     employee_id = values.get('employee_id', False)
     context = dict(context, mail_create_nolog=True, mail_create_nosubscribe=True)
     if not self._check_state_access_right(cr, uid, values, context):
         raise AccessError(_('You cannot set a leave request as \'%s\'. Contact a human resource manager.') % values.get('state'))
     if not values.get('name'):
         employee_name = self.pool['hr.employee'].browse(cr, uid, employee_id, context=context).name
         holiday_type = self.pool['hr.holidays.status'].browse(cr, uid, values.get('holiday_status_id'), context=context).name
         values['name'] = _("%s on %s") % (employee_name, holiday_type)
     hr_holiday_id = super(hr_holidays, self).create(cr, uid, values, context=context)
     self.add_follower(cr, uid, [hr_holiday_id], employee_id, context=context)
     return hr_holiday_id
예제 #6
0
    def force_storage(self, cr, uid, context=None):
        """Force all attachments to be stored in the currently configured storage"""
        if not self.pool['res.users']._is_admin(cr, uid, [uid]):
            raise AccessError(
                _('Only administrators can execute this action.'))

        location = self._storage(cr, uid, context)
        domain = {
            'db': [('store_fname', '!=', False)],
            'file': [('db_datas', '!=', False)],
        }[location]

        ids = self.search(cr, uid, domain, context=context)
        for attach in self.browse(cr, uid, ids, context=context):
            attach.write({'datas': attach.datas})
        return True
예제 #7
0
 def check_access_rule(self, cr, uid, ids, operation, context=None):
     """ Add Access rules of mail.message for non-employee user:
         - read:
             - raise if the type is comment and subtype NULL (internal note)
     """
     if uid != SUPERUSER_ID:
         group_ids = self.pool.get('res.users').browse(
             cr, uid, uid, context=context).groups_id
         group_user_id = self.pool.get(
             "ir.model.data").get_object_reference(cr, uid, 'base',
                                                   'group_public')[1]
         if group_user_id in [group.id for group in group_ids]:
             cr.execute(
                 'SELECT id FROM "%s" WHERE website_published IS FALSE AND id = ANY (%%s)'
                 % (self._table), (ids, ))
             if cr.fetchall():
                 raise AccessError(
                     _('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)'
                       ) % (self._description, operation))
     return super(MailMessage, self).check_access_rule(cr,
                                                       uid,
                                                       ids=ids,
                                                       operation=operation,
                                                       context=context)
예제 #8
0
 def read(self, fields=None, load='_classic_read'):
     if self.search_count([('id', 'in', self._ids), ('name', '=', 'NOACCESS')]):
         raise AccessError('Sorry')
     return super(Category, self).read(fields=fields, load=load)
예제 #9
0
파일: ir_values.py 프로젝트: LiberTang0/5
    def get_actions(self,
                    cr,
                    uid,
                    action_slot,
                    model,
                    res_id=False,
                    context=None):
        """Retrieves the list of actions bound to the given model's action slot.
           See the class description for more details about the various action
           slots: :class:`~.ir_values`.

           :param string action_slot: the action slot to which the actions should be
                                      bound to - one of ``client_action_multi``,
                                      ``client_print_multi``, ``client_action_relate``,
                                      ``tree_but_open``.
           :param string model: model name
           :param int res_id: optional record id - will bind the action only to a
                              specific record of the model, not all records.
           :return: list of action tuples of the form ``(id, name, action_def)``,
                    where ``id`` is the ID of the default entry, ``name`` is the
                    action label, and ``action_def`` is a dict containing the
                    action definition as obtained by calling
                    :meth:`~ecore.osv.osv.osv.read` on the action record.
        """
        assert action_slot in ACTION_SLOTS, 'Illegal action slot value: %s' % action_slot
        # use a direct SQL query for performance reasons,
        # this is called very often
        query = """SELECT v.id, v.name, v.value FROM ir_values v
                   WHERE v.key = %s AND v.key2 = %s
                        AND v.model = %s
                        AND (v.res_id = %s
                             OR v.res_id IS NULL
                             OR v.res_id = 0)
                   ORDER BY v.id"""
        cr.execute(query, ('action', action_slot, model, res_id or None))

        # map values to their corresponding action record
        actions = []
        for id, name, value in cr.fetchall():
            if not value:
                continue  # skip if undefined
            action_model, action_id = value.split(',')
            if action_model not in self.pool:
                continue  # unknown model? skip it!
            action = self.pool[action_model].browse(cr, uid, int(action_id),
                                                    context)
            actions.append((id, name, action))

        # process values and their action
        user = self.pool['res.users'].browse(cr, uid, uid, context)
        results = {}
        for id, name, action in actions:
            fields = [
                field for field in action._fields
                if field not in EXCLUDED_FIELDS
            ]
            # FIXME: needs cleanup
            try:
                action_def = {
                    field: action._fields[field].convert_to_read(action[field])
                    for field in fields
                }
                if action._name in ('ir.actions.report.xml',
                                    'ir.actions.act_window'):
                    if action.groups_id and not action.groups_id & user.groups_id:
                        if name == 'Menuitem':
                            raise AccessError(
                                _('You do not have the permission to perform this operation!!!'
                                  ))
                        continue
                # keep only the last action registered for each action name
                results[name] = (id, name, action_def)
            except (AccessError, MissingError):
                continue
        return sorted(results.values())