changeset ce8d7a19766a in trytond:default
details: https://hg.tryton.org/trytond?cmd=changeset&node=ce8d7a19766a
description:
Check rule only if _check_access is set
issue4080
review343891009
diffstat:
CHANGELOG | 1 +
trytond/ir/rule.py | 12 +++------
trytond/model/modelsql.py | 3 +-
trytond/model/modelview.py | 3 +-
trytond/tests/test_rule.py | 60 +++++++++++++++++++++++----------------------
5 files changed, 40 insertions(+), 39 deletions(-)
diffs (336 lines):
diff -r 168782fc0baf -r ce8d7a19766a CHANGELOG
--- a/CHANGELOG Sat Apr 10 21:07:19 2021 +0200
+++ b/CHANGELOG Sat Apr 10 23:44:39 2021 +0200
@@ -1,3 +1,4 @@
+* Check rule only if _check_access is set
* Add statistics to Cache
* Add support for avatars
* Add status command
diff -r 168782fc0baf -r ce8d7a19766a trytond/ir/rule.py
--- a/trytond/ir/rule.py Sat Apr 10 21:07:19 2021 +0200
+++ b/trytond/ir/rule.py Sat Apr 10 23:44:39 2021 +0200
@@ -191,9 +191,7 @@
user_id = transaction.user
# root user above constraint
if user_id == 0:
- user_id = transaction.context.get('user')
- if not user_id:
- return {}, {}
+ return {}, {}
cursor.execute(*rule_table.join(rule_group,
condition=rule_group.id == rule_table.rule_group
).join(model,
@@ -256,11 +254,9 @@
def domain_get(cls, model_name, mode='read'):
transaction = Transaction()
# root user above constraint
- if transaction.user == 0:
- if not transaction.context.get('user'):
- return
- with transaction.set_user(Transaction().context['user']):
- return cls.domain_get(model_name, mode=mode)
+ if ((transaction.user == 0)
+ or not transaction.context.get('_check_access')):
+ return []
assert mode in cls.modes
diff -r 168782fc0baf -r ce8d7a19766a trytond/model/modelsql.py
--- a/trytond/model/modelsql.py Sat Apr 10 21:07:19 2021 +0200
+++ b/trytond/model/modelsql.py Sat Apr 10 23:44:39 2021 +0200
@@ -1456,7 +1456,8 @@
return And((convert(d) for d in (
domain[1:] if domain[0] == 'AND' else domain)))
- expression = convert(domain)
+ with Transaction().set_context(_check_access=False):
+ expression = convert(domain)
if cls._history and transaction.context.get('_datetime'):
table, _ = tables[None]
diff -r 168782fc0baf -r ce8d7a19766a trytond/model/modelview.py
--- a/trytond/model/modelview.py Sat Apr 10 21:07:19 2021 +0200
+++ b/trytond/model/modelview.py Sat Apr 10 23:44:39 2021 +0200
@@ -681,7 +681,8 @@
link_name = element.attrib['name']
action_id = ModelData.get_id(*link_name.split('.'))
try:
- action, = ActionWindow.search([('id', '=', action_id)])
+ with Transaction().set_context(_check_access=True):
+ action, = ActionWindow.search([('id', '=', action_id)])
except ValueError:
action = None
if (not action
diff -r 168782fc0baf -r ce8d7a19766a trytond/tests/test_rule.py
--- a/trytond/tests/test_rule.py Sat Apr 10 21:07:19 2021 +0200
+++ b/trytond/tests/test_rule.py Sat Apr 10 23:44:39 2021 +0200
@@ -7,6 +7,8 @@
from trytond.pool import Pool
from trytond.tests.test_tryton import activate_module, with_transaction
+_context = {'_check_access': True}
+
class ModelRuleTestCase(unittest.TestCase):
"Test Model Rule"
@@ -15,7 +17,7 @@
def setUpClass(cls):
activate_module('tests')
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_create_without_rule(self):
"Test create without rule"
pool = Pool()
@@ -23,7 +25,7 @@
test, = TestRule.create([{}])
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_create_with_rule(self):
"Test create with rule"
pool = Pool()
@@ -48,7 +50,7 @@
test, = TestRule.create([{'field': 'bar'}])
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_create_with_rule_fail(self):
"Test create with rule fail"
pool = Pool()
@@ -74,7 +76,7 @@
with self.assertRaisesRegex(AccessError, "Field different from foo"):
test, = TestRule.create([{'field': 'foo'}])
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_create_with_default_rule_fail(self):
"Test create with default rule fail"
pool = Pool()
@@ -101,7 +103,7 @@
with self.assertRaisesRegex(AccessError, "Field different from foo"):
test, = TestRule.create([{'field': 'foo'}])
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_write_without_rule(self):
"Test write without rule"
pool = Pool()
@@ -111,7 +113,7 @@
TestRule.write([test], {'field': 'foo'})
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_write_with_rule(self):
"Test write with rule"
pool = Pool()
@@ -137,7 +139,7 @@
TestRule.write([test], {'field': 'bar'})
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_write_with_rule_fail_before(self):
"Test write with rule fail before"
pool = Pool()
@@ -164,7 +166,7 @@
with self.assertRaisesRegex(AccessError, "Field different from foo"):
TestRule.write([test], {'field': 'bar'})
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_write_with_rule_fail_after(self):
"Test write with rule fail after"
pool = Pool()
@@ -191,7 +193,7 @@
with self.assertRaisesRegex(AccessError, "Field different from foo"):
TestRule.write([test], {'field': 'foo'})
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_delete_without_rule(self):
"Test delete without rule"
pool = Pool()
@@ -201,7 +203,7 @@
TestRule.delete([test])
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_delete_with_rule(self):
"Test delete with rule"
pool = Pool()
@@ -227,7 +229,7 @@
TestRule.delete([test])
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_delete_with_rule_fail(self):
"Test delete with rule fail"
pool = Pool()
@@ -254,7 +256,7 @@
with self.assertRaisesRegex(AccessError, "Field different from foo"):
TestRule.delete([test])
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_read_without_rule(self):
"Test read without rule"
pool = Pool()
@@ -264,7 +266,7 @@
TestRule.read([test.id], ['field'])
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_read_with_rule(self):
"Test read with rule"
pool = Pool()
@@ -290,7 +292,7 @@
TestRule.read([test.id], ['field'])
- @with_transaction()
+ @with_transaction(context=_context)
def test_perm_read_with_rule_fail(self):
"Test read with rule fail"
pool = Pool()
@@ -317,7 +319,7 @@
with self.assertRaisesRegex(AccessError, "Field different from foo"):
TestRule.read([test.id], ['field'])
- @with_transaction()
+ @with_transaction(context=_context)
def test_search_without_rule(self):
"Test search without rule"
pool = Pool()
@@ -327,7 +329,7 @@
self.assertListEqual(TestRule.search([]), [test])
- @with_transaction()
+ @with_transaction(context=_context)
def test_search_with_rule(self):
"Test search with rule"
pool = Pool()
@@ -353,7 +355,7 @@
self.assertListEqual(TestRule.search([]), [test])
- @with_transaction()
+ @with_transaction(context=_context)
def test_search_with_rule_match(self):
"Test search with rule match"
pool = Pool()
@@ -379,7 +381,7 @@
self.assertListEqual(TestRule.search([]), [])
- @with_transaction()
+ @with_transaction(context=_context)
def test_write_field_no_rule(self):
"Test _write field when there's no rule"
pool = Pool()
@@ -389,7 +391,7 @@
value, = TestRule.read([writable.id], ['_write'])
self.assertEqual(value['_write'], True)
- @with_transaction()
+ @with_transaction(context=_context)
def test_write_field_rule_True(self):
"Test _write field when there's a rule - True"
pool = Pool()
@@ -416,7 +418,7 @@
value, = TestRule.read([writable.id], ['_write'])
self.assertEqual(value['_write'], True)
- @with_transaction()
+ @with_transaction(context=_context)
def test_write_field_rule_False(self):
"Test _write field when there's a rule - False"
pool = Pool()
@@ -443,7 +445,7 @@
value, = TestRule.read([non_writable.id], ['_write'])
self.assertEqual(value['_write'], False)
- @with_transaction()
+ @with_transaction(context=_context)
def test_write_field_relation_rule_True(self):
"Test _write field when there's a rule with a relation - True"
pool = Pool()
@@ -472,7 +474,7 @@
value, = TestRule.read([writable.id], ['_write'])
self.assertEqual(value['_write'], True)
- @with_transaction()
+ @with_transaction(context=_context)
def test_write_field_relation_rule_False(self):
"Test _write field when there's a rule with a relation - False"
pool = Pool()
@@ -501,7 +503,7 @@
value, = TestRule.read([non_writable.id], ['_write'])
self.assertEqual(value['_write'], False)
- @with_transaction()
+ @with_transaction(context=_context)
def test_delete_field_no_rule(self):
"Test _delete field when there's no rule"
pool = Pool()
@@ -511,7 +513,7 @@
value, = TestRule.read([deletable.id], ['_delete'])
self.assertEqual(value['_delete'], True)
- @with_transaction()
+ @with_transaction(context=_context)
def test_delete_field_rule_True(self):
"Test _delete field when there's a rule - True"
pool = Pool()
@@ -538,7 +540,7 @@
value, = TestRule.read([deletable.id], ['_delete'])
self.assertEqual(value['_delete'], True)
- @with_transaction()
+ @with_transaction(context=_context)
def test_delete_field_rule_False(self):
"Test _delete field when there's a rule - False"
pool = Pool()
@@ -565,7 +567,7 @@
value, = TestRule.read([non_deletable.id], ['_delete'])
self.assertEqual(value['_delete'], False)
- @with_transaction()
+ @with_transaction(context=_context)
def test_delete_field_relation_rule_True(self):
"Test _delete field when there's a rule with a relation - True"
pool = Pool()
@@ -594,7 +596,7 @@
value, = TestRule.read([deletable.id], ['_delete'])
self.assertEqual(value['_delete'], True)
- @with_transaction()
+ @with_transaction(context=_context)
def test_delete_field_relation_rule_False(self):
"Test _delete field when there's a rule with a relation - False"
pool = Pool()
@@ -623,7 +625,7 @@
value, = TestRule.read([non_deletable.id], ['_delete'])
self.assertEqual(value['_delete'], False)
- @with_transaction()
+ @with_transaction(context=_context)
def test_model_with_rule(self):
"Test model with rule"
pool = Pool()
@@ -651,7 +653,7 @@
TestRuleModel.read([test.id], ['name'])
- @with_transaction()
+ @with_transaction(context=_context)
def test_model_with_rule_fail(self):
"Test model with rule fail"
pool = Pool()
