Techsystech
/
server-tools
mirror of https://github.com/OCA/server-tools.git
3
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[IMP] auditlog: dedicated security groups for model access

pull/2466/head
Bert Van Groenendael 2022-11-18 13:46:45 +01:00 committed by Stefan Rijnhart
parent c8671aa35b
commit 3cc5a704e6
4 changed files with 42 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
auditlog/__manifest__.py
View File

@ -10,6 +10,7 @@
"category": "Tools",
"depends": ["base"],
"data": [
"security/res_groups.xml",
"security/ir.model.access.csv",
"data/ir_cron.xml",
"views/auditlog_view.xml",

6
auditlog/readme/USAGE.rst
View File

@ -19,3 +19,9 @@ To activate it and/or change the delay, go to the
`Auto-vacuum audit logs` entry:
.. image:: ../static/description/autovacuum.png
There are two possible groups configured to which one may belong. The first
is the Auditlog User group. This group has read-only access to the auditlogs of
individual records through the `View Logs` action. The second group is the
Auditlog Manager group. This group additionally has the right to configure the
auditlog configuration rules.

22
auditlog/security/ir.model.access.csv
View File

@ -1,13 +1,13 @@
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_auditlog_rule_user,auditlog_rule_user,model_auditlog_rule,base.group_user,0,0,0,0
access_auditlog_log_user,auditlog_log_user,model_auditlog_log,base.group_user,0,0,0,0
access_auditlog_log_line_user,auditlog_log_line_user,model_auditlog_log_line,base.group_user,0,0,0,0
access_auditlog_http_session_user,auditlog_http_session_user,model_auditlog_http_session,base.group_user,0,0,0,0
access_auditlog_http_request_user,auditlog_http_request_user,model_auditlog_http_request,base.group_user,0,0,0,0
access_auditlog_rule_user,auditlog_rule_user,model_auditlog_rule,auditlog.group_auditlog_user,1,0,0,0
access_auditlog_log_user,auditlog_log_user,model_auditlog_log,auditlog.group_auditlog_user,1,0,0,0
access_auditlog_log_line_user,auditlog_log_line_user,model_auditlog_log_line,auditlog.group_auditlog_user,1,0,0,0
access_auditlog_http_session_user,auditlog_http_session_user,model_auditlog_http_session,auditlog.group_auditlog_user,1,0,0,0
access_auditlog_http_request_user,auditlog_http_request_user,model_auditlog_http_request,auditlog.group_auditlog_user,1,0,0,0
access_auditlog_rule_manager,auditlog_rule_manager,model_auditlog_rule,base.group_erp_manager,1,1,1,1
access_auditlog_log_manager,auditlog_log_manager,model_auditlog_log,base.group_erp_manager,1,1,1,1
access_auditlog_log_line_manager,auditlog_log_line_manager,model_auditlog_log_line,base.group_erp_manager,1,1,1,1
access_auditlog_http_session_manager,auditlog_http_session_manager,model_auditlog_http_session,base.group_erp_manager,1,1,1,1
access_auditlog_http_request_manager,auditlog_http_request_manager,model_auditlog_http_request,base.group_erp_manager,1,1,1,1
access_auditlog_autovacuum,access_auditlog_autovacuum,model_auditlog_autovacuum,base.group_user,1,1,1,1
access_auditlog_rule_manager,auditlog_rule_manager,model_auditlog_rule,auditlog.group_auditlog_manager,1,1,1,1
access_auditlog_log_manager,auditlog_log_manager,model_auditlog_log,auditlog.group_auditlog_manager,1,1,1,1
access_auditlog_log_line_manager,auditlog_log_line_manager,model_auditlog_log_line,auditlog.group_auditlog_manager,1,1,1,1
access_auditlog_http_session_manager,auditlog_http_session_manager,model_auditlog_http_session,auditlog.group_auditlog_manager,1,1,1,1
access_auditlog_http_request_manager,auditlog_http_request_manager,model_auditlog_http_request,auditlog.group_auditlog_manager,1,1,1,1
access_auditlog_autovacuum,access_auditlog_autovacuum,model_auditlog_autovacuum,auditlog.group_auditlog_user,1,1,1,1

1 id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
2 access_auditlog_rule_user auditlog_rule_user model_auditlog_rule base.group_user auditlog.group_auditlog_user 0 1 0 0 0
3 access_auditlog_log_user auditlog_log_user model_auditlog_log base.group_user auditlog.group_auditlog_user 0 1 0 0 0
4 access_auditlog_log_line_user auditlog_log_line_user model_auditlog_log_line base.group_user auditlog.group_auditlog_user 0 1 0 0 0
5 access_auditlog_http_session_user auditlog_http_session_user model_auditlog_http_session base.group_user auditlog.group_auditlog_user 0 1 0 0 0
6 access_auditlog_http_request_user auditlog_http_request_user model_auditlog_http_request base.group_user auditlog.group_auditlog_user 0 1 0 0 0
7 access_auditlog_rule_manager auditlog_rule_manager model_auditlog_rule base.group_erp_manager auditlog.group_auditlog_manager 1 1 1 1
8 access_auditlog_log_manager auditlog_log_manager model_auditlog_log base.group_erp_manager auditlog.group_auditlog_manager 1 1 1 1
9 access_auditlog_log_line_manager auditlog_log_line_manager model_auditlog_log_line base.group_erp_manager auditlog.group_auditlog_manager 1 1 1 1
10 access_auditlog_http_session_manager auditlog_http_session_manager model_auditlog_http_session base.group_erp_manager auditlog.group_auditlog_manager 1 1 1 1
11 access_auditlog_http_request_manager auditlog_http_request_manager model_auditlog_http_request base.group_erp_manager auditlog.group_auditlog_manager 1 1 1 1
12 access_auditlog_autovacuum access_auditlog_autovacuum model_auditlog_autovacuum base.group_user auditlog.group_auditlog_user 1 1 1 1
13

24
auditlog/security/res_groups.xml 100644
View File

@ -0,0 +1,24 @@
<odoo>
<record model="ir.module.category" id="security_auditlog_groups">
<field name="name">Auditlog Rights</field>
</record>
<record model="res.groups" id="group_auditlog_user">
<field name="name">Auditlog User</field>
<field name="category_id" ref="auditlog.security_auditlog_groups" />
</record>
<record model="res.groups" id="group_auditlog_manager">
<field name="name">Auditlog Manager</field>
<field name="category_id" ref="auditlog.security_auditlog_groups" />
<field name="implied_ids" eval="[(4, ref('auditlog.group_auditlog_user'))]" />
</record>
<record id="base.group_system" model="res.groups">
<field
name="implied_ids"
eval="[(4, ref('auditlog.group_auditlog_manager'))]"
/>
</record>
</odoo>