On 23/05/12 18:23 +0200, Albert Cervera i Areny wrote: > A Dimecres, 23 de maig de 2012 18:06:04, Cédric Krier va escriure: > > On 23/05/12 17:55 +0200, Albert Cervera i Areny wrote: > > > A Divendres, 18 de maig de 2012 12:03:02, Cédric Krier va escriure: > > > > I see two solutions to this issue: > > > > - Using the root context switching in the code everywhere it is > > > > > > > > needed based on the default access right define in Tryton. > > > > This means the developper must take care of this everytime he > > > > write code. This is a little bit constraining but it has the > > > > advantage to execute the smaller part of the code as root. > > > > > > > > - Remove the access right from within the CRUD to move it just on > > > > > > > > the rpc calls and run all the code as root. > > > > This has the advantage to be simple but it is a bad design for > > > > security principle to run the least possible code as root. > > > > > > I think there's a third option. We can add a new boolean field called > > > "Use root context" to the new button access rights model that was > > > introduced in 2.4. If this fields is set to True, the decorator of the > > > button will use the root context. If not, it will work as it currently > > > does. > > > > It is not only linked to the button methods. Some method could be > > triggered by a CRUD operation. > > But, we could add the button decorator to the triggered method.
Then it is the same as switching context on each methods. -- Cédric Krier B2CK SPRL Rue de Rotterdam, 4 4000 Liège Belgium Tel: +32 472 54 46 59 Email/Jabber: [email protected] Website: http://www.b2ck.com/
pgpHnq0CCwYnY.pgp
Description: PGP signature
