res.partner 上的“写入”高级访问权限
Advanced access for `write` on res.partner
是否可以从方法 check_access_rights 中访问使用参数 (vals) 提供给 write() 的数据?
我继承了 res.partner 并覆盖了方法 check_access_rights,目的是允许对 res.partner 没有写权限的用户更新 child_ids(该合作伙伴的)如果child 是由该用户创建的 (create_uid = user.id) 。我希望能够在某个地方(在方法 write 或 check_access_rights 中)实现这个 pseudo-code:
if `the user belongs to a group "GroupX"` and `user tries to only update field "child_ids" with records that are created by that user`
then `allow this write operation on res.partner`
else `raise AccessError`
让用户(来自 "Group X")修改由他创建的 res.partner 个对象,并让修改 res.partner 个由任何人创建的 res.partner 个对象:
首先创建一个组 "Group X",权限为:a) res.partner 上的 r,w,c,u ; b) ir.property .
上的 r,w,c
然后创建一个继承自res.partner的class并覆盖方法write。
# -*- coding: utf-8 -*-
class InheritedResPartner(models.Model):
"""Description"""
_inherit = 'res.partner'
@api.multi
def write(self, vals):
is_in_group = 'Group X' in map(lambda x: x.name, self.env.user.groups_id)
if is_in_group:
operation = 'write'
owns_record = self.create_uid == self.env.user
if owns_record:
True
else:
allowed = True
# Do all checks further and set `allowed` to either True or False
...<omitted intentionaly> put your logic here
#
if not allowed:
raise AccessError(_('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % (self._description, operation))
return super(InheritedResPartner, self).write(vals)
注意:我们授予对 res.partner 的全部权限,但如果检测到不需要的操作,我们将覆盖写入方法并引发 AccessError。
是否可以从方法 check_access_rights 中访问使用参数 (vals) 提供给 write() 的数据?
我继承了 res.partner 并覆盖了方法 check_access_rights,目的是允许对 res.partner 没有写权限的用户更新 child_ids(该合作伙伴的)如果child 是由该用户创建的 (create_uid = user.id) 。我希望能够在某个地方(在方法 write 或 check_access_rights 中)实现这个 pseudo-code:
if `the user belongs to a group "GroupX"` and `user tries to only update field "child_ids" with records that are created by that user`
then `allow this write operation on res.partner`
else `raise AccessError`
让用户(来自 "Group X")修改由他创建的 res.partner 个对象,并让修改 res.partner 个由任何人创建的 res.partner 个对象:
首先创建一个组 "Group X",权限为:a) res.partner 上的 r,w,c,u ; b) ir.property .
上的 r,w,c然后创建一个继承自res.partner的class并覆盖方法write。
# -*- coding: utf-8 -*-
class InheritedResPartner(models.Model):
"""Description"""
_inherit = 'res.partner'
@api.multi
def write(self, vals):
is_in_group = 'Group X' in map(lambda x: x.name, self.env.user.groups_id)
if is_in_group:
operation = 'write'
owns_record = self.create_uid == self.env.user
if owns_record:
True
else:
allowed = True
# Do all checks further and set `allowed` to either True or False
...<omitted intentionaly> put your logic here
#
if not allowed:
raise AccessError(_('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % (self._description, operation))
return super(InheritedResPartner, self).write(vals)
注意:我们授予对 res.partner 的全部权限,但如果检测到不需要的操作,我们将覆盖写入方法并引发 AccessError。