A Divendres, 18 de maig de 2012 12:03:02, Cédric Krier va escriure: > I see two solutions to this issue: > > - Using the root context switching in the code everywhere it is > needed based on the default access right define in Tryton. > This means the developper must take care of this everytime he > write code. This is a little bit constraining but it has the > advantage to execute the smaller part of the code as root. > > - Remove the access right from within the CRUD to move it just on > the rpc calls and run all the code as root. > This has the advantage to be simple but it is a bad design for > security principle to run the least possible code as root. >
I think there's a third option. We can add a new boolean field called "Use root context" to the new button access rights model that was introduced in 2.4. If this fields is set to True, the decorator of the button will use the root context. If not, it will work as it currently does. The patch to implement this would be trivial and allows users to define their own access rights from scratch without touching a single line of code and give options to those who prefer action-based access rights override CRUD rights but also allow those that want to be more paranoid and force the definition specific CRUD permissions. -- Albert Cervera i Areny http://www.NaN-tic.com Tel: +34 93 553 18 03 http://twitter.com/albertnan http://www.nan-tic.com/blog -- [email protected] mailing list
