Field level 'read' access rights missing in Odoo 8.0?

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Księgowość
Zapasy
PoS
Project
MRP

All apps

Wszystkie posty Osoby Odznaki

Tagi (Zobacz wszystko)

odoo accounting v14 pos v15

O tym forum

Pomoc

Field level 'read' access rights missing in Odoo 8.0?

security v8 fields orm

1 Odpowiedz

6525 Widoki

Marvin Taboada

Hi, I have been using field level 'read/write' access rights in OpenERP 7.0 (please don't be confused with the 'groups' field attribute) and I know the low level details of what is their effect. Just as a reference, below are links to the 7.0 sources where they are processed in the ORM of v7.0:

* field_object.read (field values are cleared after reading the DB if the user doesn't have read permission)

* field_object.write: (field keys/values are silently removed before writing them to the database if the user doesn't have write permissions)

My problem is that I have not found where field level 'read' (only read) access rights are processed in Odoo 8.0, I have read the new ORM sources and identified the corresponding read method (_read_from_database), but I have not found any chunk of code where field level 'read' access rights are processed. I'm afraid the feature is missing in v8.0.

On the other hand, field level 'write' access rights is correctly processed in the _write method for Odoo 8.0.

Is this a missing feature in Odoo 8.0?

Are field level 'read/write' access rights a feature that is expected to be included in Odoo 8.0?

Thanks in advance for your attention,

Marvin

Atchuthan - Technical Consultant, Sodexis Inc

In my opinion, we use check_access_rights method to check whether the access is available for the particular table.
self.check_access_rights(cr, uid, 'read')
fields = self.check_field_access_rights(cr, user, 'read', fields)

def check_field_access_rights(self, cr, user, operation, fields, context=None):
"""
Check the user access rights on the given fields. This raises Access
Denied if the user does not have the rights. Otherwise it returns the
fields (as is if the fields is not falsy, or the readable/writable
fields if fields is falsy).
"""

then using the generated fields list, self._read_flat(cr, user, select, fields, context, load) is called.

So, why do we need to check the access once again after the _read_flat is generated?

Marvin Taboada

Autor

Wrong answer my friend, I already said I'm not talking about the 'field_object.groups' attribute. Please review the implementation of 'check_field_access_rights' at https://github.com/odoo/odoo/blob/7.0/openerp/osv/orm.py#L3646 to verify that it is not related to my question. Thanks anyway for your time.

Podoba Ci się ta dyskusja? Dołącz do niej!

Stwórz konto dzisiaj, aby cieszyć się ekskluzywnymi funkcjami i wchodzić w interakcje z naszą wspaniałą społecznością!

Zarejestruj się

Powiązane posty	Odpowiedzi	Widoki
Troubleshooting access denied problems security v8 orm	0 wrz 15	3743
Odoo security issue for invisible fields Rozwiązane security v8 fields invisible	5 lis 15	5162
Is there a way to apply read, write permissions per field? Or turn to read-only based on user groups? security v8 fields permissions	0 mar 15	4228
Field Read-only for certain users (logged-in) security fields	2 sie 20	2921
How to change inherited fields group? security fields res.users	1 lis 24	1022

To pytanie dostało ostrzeżenie

Podoba Ci się ta dyskusja? Dołącz do niej!