On 18/05/12 20:06 +0530, Sharoon Thomas wrote:
> However, your suggestion brings us to a whole new way
> in which we could probably enforce access control logic. At the
> moment we defined ACL on groups and the membership of the user
> to these groups define the rights of the user. While, retaining this
> behavior we could switch the CRUD definitions also to python code
> like what we did with Workflow transitions (From xml through database
> to Python code).
>
> Eg:
>
> @Model.user_in_group(['sale.sale', 'product.product_admin'])
> def create(self, vals):
> do create only if the user has permissions
>
> This will allow us to reuse the same decorator for steps in workflow
> as well like:
>
> @Model.user_in_group(['sale.sale_manager'])
> @ModelView.button
> @Workflow.transition('confirmed')
> def confirm_without_credit_check(self, ids):
> passI think it is wrong to put xml_id of groups in the code because it prevents to create new groups with similar access rights without monkey patching the method. -- Cédric Krier B2CK SPRL Rue de Rotterdam, 4 4000 Liège Belgium Tel: +32 472 54 46 59 Email/Jabber: [email protected] Website: http://www.b2ck.com/
pgptC5jyS4e0I.pgp
Description: PGP signature
