[Openerp-dev-gtk] [Merge] lp:~openerp-dev/openerp-int/mck_audit_mmu into lp:~openerp-dev/openerp-int/mck_audit_tfr

[Max (OpenERP)]

Max (OpenERP) has proposed merging lp:~openerp-dev/openerp-int/mck_audit_mmu 
into lp:~openerp-dev/openerp-int/mck_audit_tfr.

Requested reviews:
  tfr (Openerp) (tfr)

For more details, see:
https://code.launchpad.net/~openerp-dev/openerp-int/mck_audit_mmu/+merge/134287

[IMP] setup field access restriction for event model. Change some documentation
-- 
https://code.launchpad.net/~openerp-dev/openerp-int/mck_audit_mmu/+merge/134287
Your team OpenERP R&D Team is subscribed to branch 
lp:~openerp-dev/openerp-int/mck_audit_tfr.

=== modified file 'mck_common/event.py'
--- mck_common/event.py	2012-11-12 10:47:10 +0000
+++ mck_common/event.py	2012-11-14 11:51:20 +0000
@@ -326,17 +326,33 @@
             today = date.today().strftime('%Y-%m-%d')
             args.append(('date','>=',today))
         return super(mck_invitee, self).search(cr, uid, args,offset, limit, order, context, count)
+
+
+    # define fields that should be hidden from users who do not have enough permissions
+    _access_denied_fields = ['email']
+    # define fields that are required to make access permission judgement
+    _access_denied_info_field = ['executive_id']
     
-    def _filter_records(self, cr, uid, res, context=None):
+    def _access_sensitive_data(self, cr, uid, ids, all_records, context=None):
+        """
+            override this field from the Model class to check user access and set each unaccessible field to False
+        """
+
+        res = dict.fromkeys(ids, True)
+
+        # if user level is above 2, return full data
+        user_level = self.pool.get('res.users').get_level(cr, uid, context)
+        if user_level > 2:
+            return res
+        
         user_practice_id = self.pool.get('res.users').browse(cr, uid, uid, context=context).context_practice_id.id
-        
         contact_ids = []
-        for result in res:
+        for result in all_records:
             if result.get('executive_id'):
-                contact_id = result.get('executive_id')
-                if isinstance(contact_id, tuple):
-                    contact_id = contact_id[0]
-                contact_ids.append(contact_id)
+                executive_id = result.get('executive_id')
+                if isinstance(executive_id, tuple):
+                    executive_id = executive_id[0]
+                contact_ids.append(executive_id)
                 
         contacts = self.pool.get('res.partner.contact').browse(cr, uid, contact_ids, context=context)
         practice_link_ids_per_contact = {}
@@ -345,34 +361,16 @@
             if contact.cell_id: #Add the cell that create the exec
                 practice_link_ids_per_contact[contact.id].append(contact.cell_id.id)
                     
-        for result in res:
+        for result in all_records:
             if result.get('executive_id'):
-                contact_id = result.get('executive_id')
-                if isinstance(contact_id, tuple):
-                    contact_id = contact_id[0]
-                if not (practice_link_ids_per_contact[contact_id] and
-                    user_practice_id in practice_link_ids_per_contact[contact_id]):
-                        result = self._filter_record(result)
-        
+                executive_id = result.get('executive_id')
+                if isinstance(executive_id, tuple):
+                    executive_id = executive_id[0]
+                if not (practice_link_ids_per_contact[executive_id] and
+                    user_practice_id in practice_link_ids_per_contact[executive_id]): 
+                    res[result['id']] = False
         return res
 
-    # define fields that should be hidden from users who do not have enough permissions
-    _access_denied_fields = ['email']
-
-    def _filter_read(self, cr, uid, all_records, context=None):
-        """
-            override this field from the BaseModel class to check user access and, if needed, hide some fields
-            using the _filter_records function
-        """
-
-        # if user level is above 2, return full data
-        user_level = self.pool.get('res.users').get_level(cr, uid, context)
-        if user_level > 2:
-            return all_records
-        
-        # otherwise, apply _filter_records function to data and return it
-        all_records = self._filter_records(cr, uid, all_records, context=context)
-        return all_records
 
     def read(self, cr, uid, ids, fields=None, context=None, load='_classic_read'):
         if fields and not 'executive_id' in fields:

=== modified file 'mck_contact/orm.py'
--- mck_contact/orm.py	2012-11-13 16:50:48 +0000
+++ mck_contact/orm.py	2012-11-14 11:51:20 +0000
@@ -7,7 +7,7 @@
 
 """
 	list of field names that should be shown as "<Access Denied>" to users without high enough permissions
-	The intersectin between _access_denied_info_field and  _access_denied_fields should be empty
+	The intersection between _access_denied_info_field and  _access_denied_fields should be empty
 """
 Model._access_denied_fields = []
 
@@ -82,6 +82,6 @@
 	 In the model definition:
 	 1) define the list of field that are sensitive in _access_denied_fields
 	 2) define the list of field that you need to determine if the user can access sensitive data in _access_denied_fields 
-	 3) Override the _access_sensitive_data that check if the user has permission to read sensitive data for the given record
+	 3) Override the _access_sensitive_data - set each field in dictionary to False if access to that field is denied
 	 
 """
\ No newline at end of file

=== modified file 'mck_contact/role.py'
--- mck_contact/role.py	2012-11-13 16:50:48 +0000
+++ mck_contact/role.py	2012-11-14 11:51:20 +0000
@@ -192,21 +192,22 @@
     
     # define fields that should be hidden from users who do not have enough permissions
     _access_denied_fields = ['email', 'fax', 'phone', 'mobile', 'assistant_email', 'assistant_mobile', 'assistant_phone']
+    # define fields that are required to make access permission judgement
     _access_denied_info_field = ['contact_id']
     
     def _access_sensitive_data(self, cr, uid, ids, all_records, context=None):
         """
-            override this field from the BaseModel class to check user access and, if needed, hide some fields
-            using the _filter_records function
+            override this field from the Model class to check user access and set each unaccessible field to False
         """
+
         res = dict.fromkeys(ids, True)
+
         # if user level is above 2, return full data
         user_level = self.pool.get('res.users').get_level(cr, uid, context)
         if user_level > 2:
             return res
         
         user_practice_id = self.pool.get('res.users').browse(cr, uid, uid, context=context).context_practice_id.id
-        #user_region = self.pool.get('res.users').browse(cr, uid, uid, context=context).context_region
         contact_ids = []
         for result in all_records:
             if result.get('contact_id'):
@@ -229,12 +230,9 @@
                     contact_id = contact_id[0]
                 if not (practice_link_ids_per_contact[contact_id] and
                     user_practice_id in practice_link_ids_per_contact[contact_id]): 
-                    #or (user_region != REGION_GLOBAL and user_region != result.get('region'))
                     res[result['id']] = False
         return res
 
-  
-         
     def _onePrimary(self, cr, uid, ids):
         ## Other way
         contact_ids = self.pool.get('res.partner.contact').search(cr, uid, [('job_ids','in',ids)])


_______________________________________________
Mailing list: https://launchpad.net/~openerp-dev-gtk
Post to     : openerp-dev-gtk@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openerp-dev-gtk
More help   : https://help.launchpad.net/ListHelp