refactor: Migrated user access restriction rules from custom SQL methods to ORM field access.
This commit is contained in:
parent
5b6a217b83
commit
23f326b973
@ -55,32 +55,3 @@ class ResUsers(models.Model):
|
|||||||
prefetch=False,
|
prefetch=False,
|
||||||
)
|
)
|
||||||
|
|
||||||
def _get_allowed_ids_sql(self, table_name, column_name):
|
|
||||||
self.ensure_one()
|
|
||||||
self.env.cr.execute(f"SELECT {column_name} FROM {table_name} WHERE user_id = %s", (self.id,))
|
|
||||||
return [r[0] for r in self.env.cr.fetchall()]
|
|
||||||
|
|
||||||
def sql_allowed_warehouse_ids(self):
|
|
||||||
return self._get_allowed_ids_sql('res_users_stock_warehouse_rel', 'warehouse_id')
|
|
||||||
|
|
||||||
def sql_allowed_picking_type_ids(self):
|
|
||||||
return self._get_allowed_ids_sql('res_users_stock_picking_type_rel', 'picking_type_id')
|
|
||||||
|
|
||||||
def sql_allowed_location_ids(self):
|
|
||||||
return self._get_allowed_ids_sql('res_users_stock_location_rel', 'location_id')
|
|
||||||
|
|
||||||
def sql_allowed_location_warehouse_ids(self):
|
|
||||||
self.ensure_one()
|
|
||||||
self.env.cr.execute("""
|
|
||||||
SELECT l.warehouse_id
|
|
||||||
FROM res_users_stock_location_rel r
|
|
||||||
JOIN stock_location l ON r.location_id = l.id
|
|
||||||
WHERE r.user_id = %s AND l.warehouse_id IS NOT NULL
|
|
||||||
""", (self.id,))
|
|
||||||
return [r[0] for r in self.env.cr.fetchall()]
|
|
||||||
|
|
||||||
def sql_allowed_workcenter_ids(self):
|
|
||||||
return self._get_allowed_ids_sql('res_users_mrp_workcenter_rel', 'workcenter_id')
|
|
||||||
|
|
||||||
def sql_allowed_approval_category_ids(self):
|
|
||||||
return self._get_allowed_ids_sql('res_users_approval_category_rel', 'category_id')
|
|
||||||
|
|||||||
@ -15,7 +15,7 @@
|
|||||||
<field name="domain_force">
|
<field name="domain_force">
|
||||||
(
|
(
|
||||||
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
||||||
[('id', 'in', user.sql_allowed_warehouse_ids())] if user.sql_allowed_warehouse_ids() else [(1, '=', 1)]
|
[('id', 'in', user.sudo().allowed_warehouse_ids.ids)] if user.sudo().allowed_warehouse_ids else [(1, '=', 1)]
|
||||||
)
|
)
|
||||||
</field>
|
</field>
|
||||||
</record>
|
</record>
|
||||||
@ -28,7 +28,7 @@
|
|||||||
<field name="domain_force">
|
<field name="domain_force">
|
||||||
(
|
(
|
||||||
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
||||||
['|', ('id', 'in', user.sql_allowed_picking_type_ids()), ('warehouse_id', 'in', (user.sql_allowed_warehouse_ids() + user.sql_allowed_location_warehouse_ids()))] if (user.sql_allowed_picking_type_ids() or user.sql_allowed_warehouse_ids() or user.sql_allowed_location_ids()) else [(1, '=', 1)]
|
['|', ('id', 'in', user.sudo().allowed_picking_type_ids.ids), ('warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.mapped('warehouse_id')).ids)] if (user.sudo().allowed_picking_type_ids or user.sudo().allowed_warehouse_ids or user.sudo().allowed_location_ids) else [(1, '=', 1)]
|
||||||
)
|
)
|
||||||
</field>
|
</field>
|
||||||
</record>
|
</record>
|
||||||
@ -41,7 +41,7 @@
|
|||||||
<field name="domain_force">
|
<field name="domain_force">
|
||||||
(
|
(
|
||||||
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
||||||
['|', ('usage', '!=', 'internal'), '|', '|', '|', ('id', 'in', user.sql_allowed_location_ids() or [0]), ('id', 'child_of', user.sql_allowed_location_ids() or [0]), ('id', 'parent_of', user.sql_allowed_location_ids() or [0]), ('warehouse_id', 'in', (user.sql_allowed_warehouse_ids() + user.sql_allowed_location_warehouse_ids()))] if (user.sql_allowed_location_ids() or user.sql_allowed_warehouse_ids()) else [(1, '=', 1)]
|
['|', ('usage', '!=', 'internal'), '|', '|', '|', ('id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('id', 'parent_of', user.sudo().allowed_location_ids.ids or [0]), ('warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.mapped('warehouse_id')).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)]
|
||||||
)
|
)
|
||||||
</field>
|
</field>
|
||||||
</record>
|
</record>
|
||||||
@ -54,7 +54,7 @@
|
|||||||
<field name="domain_force">
|
<field name="domain_force">
|
||||||
(
|
(
|
||||||
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
||||||
['|', '|', ('location_id', 'in', user.sql_allowed_location_ids() or [0]), ('location_id', 'child_of', user.sql_allowed_location_ids() or [0]), ('location_id.warehouse_id', 'in', (user.sql_allowed_warehouse_ids() + user.sql_allowed_location_warehouse_ids()))] if (user.sql_allowed_location_ids() or user.sql_allowed_warehouse_ids()) else [(1, '=', 1)]
|
['|', '|', ('location_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.mapped('warehouse_id')).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)]
|
||||||
)
|
)
|
||||||
</field>
|
</field>
|
||||||
</record>
|
</record>
|
||||||
@ -67,8 +67,8 @@
|
|||||||
<field name="domain_force">
|
<field name="domain_force">
|
||||||
(
|
(
|
||||||
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
||||||
['|', '|', '|', ('location_id', 'in', user.sql_allowed_location_ids() or [0]), ('location_id', 'child_of', user.sql_allowed_location_ids() or [0]), ('location_id.warehouse_id', 'in', (user.sql_allowed_warehouse_ids() + user.sql_allowed_location_warehouse_ids())),
|
['|', '|', '|', ('location_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.mapped('warehouse_id')).ids),
|
||||||
'|', '|', ('location_dest_id', 'in', user.sql_allowed_location_ids() or [0]), ('location_dest_id', 'child_of', user.sql_allowed_location_ids() or [0]), ('location_dest_id.warehouse_id', 'in', (user.sql_allowed_warehouse_ids() + user.sql_allowed_location_warehouse_ids()))] if (user.sql_allowed_location_ids() or user.sql_allowed_warehouse_ids()) else [(1, '=', 1)]
|
'|', '|', ('location_dest_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.mapped('warehouse_id')).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)]
|
||||||
)
|
)
|
||||||
</field>
|
</field>
|
||||||
</record>
|
</record>
|
||||||
@ -81,8 +81,8 @@
|
|||||||
<field name="domain_force">
|
<field name="domain_force">
|
||||||
(
|
(
|
||||||
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
||||||
['|', '|', '|', ('location_id', 'in', user.sql_allowed_location_ids() or [0]), ('location_id', 'child_of', user.sql_allowed_location_ids() or [0]), ('location_id.warehouse_id', 'in', (user.sql_allowed_warehouse_ids() + user.sql_allowed_location_warehouse_ids())),
|
['|', '|', '|', ('location_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.mapped('warehouse_id')).ids),
|
||||||
'|', '|', ('location_dest_id', 'in', user.sql_allowed_location_ids() or [0]), ('location_dest_id', 'child_of', user.sql_allowed_location_ids() or [0]), ('location_dest_id.warehouse_id', 'in', (user.sql_allowed_warehouse_ids() + user.sql_allowed_location_warehouse_ids()))] if (user.sql_allowed_location_ids() or user.sql_allowed_warehouse_ids()) else [(1, '=', 1)]
|
'|', '|', ('location_dest_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.mapped('warehouse_id')).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)]
|
||||||
)
|
)
|
||||||
</field>
|
</field>
|
||||||
</record>
|
</record>
|
||||||
@ -95,7 +95,7 @@
|
|||||||
<field name="domain_force">
|
<field name="domain_force">
|
||||||
(
|
(
|
||||||
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
||||||
[('id', 'in', user.sql_allowed_workcenter_ids())] if user.sql_allowed_workcenter_ids() else [(1, '=', 1)]
|
[('id', 'in', user.sudo().allowed_workcenter_ids.ids)] if user.sudo().allowed_workcenter_ids else [(1, '=', 1)]
|
||||||
)
|
)
|
||||||
</field>
|
</field>
|
||||||
</record>
|
</record>
|
||||||
@ -108,7 +108,7 @@
|
|||||||
<field name="domain_force">
|
<field name="domain_force">
|
||||||
(
|
(
|
||||||
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
||||||
[('workcenter_id', 'in', user.sql_allowed_workcenter_ids())] if user.sql_allowed_workcenter_ids() else [(1, '=', 1)]
|
[('workcenter_id', 'in', user.sudo().allowed_workcenter_ids.ids)] if user.sudo().allowed_workcenter_ids else [(1, '=', 1)]
|
||||||
)
|
)
|
||||||
</field>
|
</field>
|
||||||
</record>
|
</record>
|
||||||
@ -121,7 +121,7 @@
|
|||||||
<field name="domain_force">
|
<field name="domain_force">
|
||||||
(
|
(
|
||||||
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
||||||
[('id', 'in', user.sql_allowed_approval_category_ids())] if user.sql_allowed_approval_category_ids() else [(1, '=', 1)]
|
[('id', 'in', user.sudo().allowed_approval_category_ids.ids)] if user.sudo().allowed_approval_category_ids else [(1, '=', 1)]
|
||||||
)
|
)
|
||||||
</field>
|
</field>
|
||||||
</record>
|
</record>
|
||||||
@ -134,7 +134,7 @@
|
|||||||
<field name="domain_force">
|
<field name="domain_force">
|
||||||
(
|
(
|
||||||
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
||||||
[('warehouse_id', 'in', (user.sql_allowed_warehouse_ids() + user.sql_allowed_location_warehouse_ids()))] if (user.sql_allowed_warehouse_ids() or user.sql_allowed_location_ids()) else [(1, '=', 1)]
|
[('warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.mapped('warehouse_id')).ids)] if (user.sudo().allowed_warehouse_ids or user.sudo().allowed_location_ids) else [(1, '=', 1)]
|
||||||
)
|
)
|
||||||
</field>
|
</field>
|
||||||
</record>
|
</record>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user