forked from OCA/server-tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
security_protector.py
47 lines (39 loc) · 1.73 KB
/
security_protector.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# -*- encoding: utf-8 -*-
##############################################################################
#
# Author Nicolas Bessi. Copyright Camptocamp SA
##############################################################################
from osv import fields, osv
class IrModelAccess(osv.osv):
"We inherit ir model access to add specific write unlink and copy behavior"
_name = 'ir.model.access'
_inherit = "ir.model.access"
def _acces_can_be_modified(self, cr, uid, context=None):
context = context or {}
on = self.pool.get('ir.config_parameter').get_param(cr, uid, 'protect_security?', default=False, context=context)
if on in (1, "1", "YES", True):
if context.get('manual_security_override', False):
return True
return False
else:
return True
def write(self, cr, uid, ids, vals, context=None):
res =True
context = context or {}
if self._acces_can_be_modified(cr, uid, context=context):
res = super(IrModelAccess, self).write(cr, uid, ids, vals, context=context)
return res
def unlink(self, cr, uid, ids, context=None):
res = True
context = context or {}
# I'm note sur about this one maybe we should do nothing
if self._acces_can_be_modified(cr, uid, context=context):
vals = {'perm_read':False,
'perm_write': False,
'perm_unlink': False,
'perm_create': False}
super(IrModelAccess, self).write(cr, uid, ids, vals, context=context)
else:
res = super(IrModelAccess, self).unlink(cr, uid, ids, context=context)
return res
IrModelAccess()