Skip to Content
Menu
Musisz się zarejestrować, aby móc wchodzić w interakcje z tą społecznością.
To pytanie dostało ostrzeżenie
1 Odpowiedz
6525 Widoki

Hi, I have been using field level 'read/write' access rights in OpenERP 7.0 (please don't be confused with the 'groups' field attribute) and I know the low level details of what is their effect. Just as a reference, below are links to the 7.0 sources where they are processed in the ORM of v7.0:

* field_object.read (field values are cleared after reading the DB if the user doesn't have read permission)

* field_object.write: (field keys/values are silently removed before writing them to the database if the user doesn't have write permissions)

My problem is that I have not found where field level 'read' (only read) access rights are processed in Odoo 8.0, I have read the new ORM sources and identified the corresponding read method (_read_from_database), but I have not found any chunk of code where field level 'read' access rights are processed. I'm afraid the feature is missing in v8.0.

On the other hand, field level 'write' access rights is correctly processed in the _write method for Odoo 8.0.

Is this a missing feature in Odoo 8.0?

Are field level 'read/write' access rights a feature that is expected to be included in Odoo 8.0?

Thanks in advance for your attention,

Marvin

Awatar
Odrzuć
Najlepsza odpowiedź

 

In my opinion, we use check_access_rights method to check whether the access is available for the particular table.
self.check_access_rights(cr, uid, 'read')
fields = self.check_field_access_rights(cr, user, 'read', fields)   

    def check_field_access_rights(self, cr, user, operation, fields, context=None):
        """
        Check the user access rights on the given fields. This raises Access
        Denied if the user does not have the rights. Otherwise it returns the
        fields (as is if the fields is not falsy, or the readable/writable
        fields if fields is falsy).
        """

then using the generated fields list, self._read_flat(cr, user, select, fields, context, load) is called.

So, why do we need to check the access once again after the _read_flat is generated? 

Awatar
Odrzuć
Autor

Wrong answer my friend, I already said I'm not talking about the 'field_object.groups' attribute. Please review the implementation of 'check_field_access_rights' at https://github.com/odoo/odoo/blob/7.0/openerp/osv/orm.py#L3646 to verify that it is not related to my question. Thanks anyway for your time.

Powiązane posty Odpowiedzi Widoki Czynność
0
wrz 15
3743
5
lis 15
5162
0
mar 15
4228
2
sie 20
2921
1
lis 24
1022