[tryton-commits] [Mercurial][tryton/tryton][branch/default] 2 commits: Keep default access for model without model access entry

Thu, 29 Jun 2023 14:38:57 -0700 


Cédric Krier pushed to branch branch/default at Tryton / Tryton


Commits:
c84d737c by Cédric Krier at 2023-06-18T17:21:06+02:00
Keep default access for model without model access entry
- - - - -
5870e7a5 by Cédric Krier at 2023-06-18T17:26:27+02:00
Make ModelSQL based on table query read only by default

Closes #12331
- - - - -


2 changed files:

- trytond/CHANGELOG
- trytond/trytond/ir/model.py


Changes:

=====================================
trytond/CHANGELOG
=====================================
@@ -1,3 +1,4 @@
+* Make ModelSQL based on table query read only by default
 * Add email validation tools
 * Remove overlapping indexes
 * Support subset operator between index definitions


=====================================
trytond/trytond/ir/model.py
=====================================
@@ -565,10 +565,17 @@
         default = {'read': True, 'write': True, 'create': True, 'delete': True}
         default_singleton = {
             'read': True, 'write': True, 'create': False, 'delete': False}
-        access = {
-            m: default
-            if not issubclass(pool.get(m), ModelSingleton)
-            else default_singleton for m in models}
+        default_table_query = {
+            'read': True, 'write': False, 'create': False, 'delete': False}
+        access = {}
+        for model in models:
+            Model = pool.get(model)
+            if callable(getattr(Model, 'table_query', None)):
+                access[model] = default_table_query
+            elif issubclass(Model, ModelSingleton):
+                access[model] = default_singleton
+            else:
+                access[model] = default
         cursor.execute(*model_access.join(ir_model, 'LEFT',
                 condition=model_access.model == ir_model.id
                 ).join(user_group, 'LEFT',
@@ -605,7 +612,7 @@
                 perm: max(
                     (raw_access[m][perm] for m in model2models[model]
                         if m in raw_access),
-                    default=True)
+                    default=access[model][perm])
                 for perm in ['read', 'write', 'create', 'delete']}
         for model, maccess in access.items():
             cls._get_access_cache.set((user, model), maccess)



View it on Heptapod: 
https://foss.heptapod.net/tryton/tryton/-/compare/cc4b93be0eeb71875b9db93093ffade0c2669727...5870e7a5b3ee1e81dde449a2f4ad328346072336

-- 
View it on Heptapod: 
https://foss.heptapod.net/tryton/tryton/-/compare/cc4b93be0eeb71875b9db93093ffade0c2669727...5870e7a5b3ee1e81dde449a2f4ad328346072336
You're receiving this email because of your account on foss.heptapod.net.

Reply via email to