[ADD] security protector

(lp:c2c-addons/6.1  rev 28.1.3)

security_protector/__init__.py

@@ -0,0 +1 @@
+from . import security_protector

security_protector/__openerp__.py

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+##############################################################################
+#
+#    Author Nicolas Bessi. Copyright Camptocamp SA
+##############################################################################
+{'name': 'Security protector',
+ 'version': '0.1',
+ 'category': 'Tools',
+ 'description': """
+    Prevent security to be changed when module is updated
+    This module overwrite ir model acces write delete function.
+    Only acces edited trough the UI or with manual_security_override in context set to True will be altered.
+    When you try to delete a acces write it simply set all perms to false
+    you can deactivate this behavior in ir.config_parameter by chanching the protect_security? key to 0
+ """,
+ 'author': 'Camptocamp',
+ 'website': 'http://openerp.camptocamp.com',
+ 'depends': ['base'],
+ 'init_xml': ['data.xml'],
+ 'update_xml': ['security_view.xml'],
+ 'demo_xml': [],
+ 'installable': True,
+ 'auto_install': False}
+# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:

security_protector/data.xml

@@ -0,0 +1,8 @@
+<openerp>
+    <data noupdate="1">
+        <record id="security_protector_config_param" model="ir.config_parameter">
+            <field name="key">protect_security?</field>
+            <field name="value">1</field>
+        </record>
+    </data>
+</openerp>

security_protector/security_protector.py

@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+##############################################################################
+#
+#    Author Nicolas Bessi. Copyright Camptocamp SA
+##############################################################################
+from osv import fields, osv
+
+class IrModelAccess(osv.osv):
+    "We inherit ir model access to add specific write unlink and copy behavior"
+    _name = 'ir.model.access'
+    _inherit = "ir.model.access"
+                    
+    def _acces_can_be_modified(self, cr, uid, context=None):
+        context = context or {}
+        on = self.pool.get('ir.config_parameter').get_param(cr, uid, 'protect_security?', default=False, context=context)
+        if on in (1, "1", "YES", True):
+            if context.get('manual_security_override', False):
+                return True
+            return False
+            
+        else:
+            return True
+        
+    def write(self, cr, uid, ids, vals, context=None):
+        res =True
+        context = context or {}
+        if self._acces_can_be_modified(cr, uid, context=context):
+            res = super(IrModelAccess, self).write(cr, uid, ids, vals, context=context)
+        return res
+
+
+    def unlink(self, cr, uid, ids, context=None):
+        res = True
+        context = context or {}
+        if self._acces_can_be_modified(cr, uid, context=context):
+            res = super(IrModelAccess, self).write(cr, uid, ids, context=context)
+        else: # I'm note sur about this one maybe we should do nothing
+            self.write(cr, uid, args[0], 
+                       {'perm_read':False,
+                        'perm_write': False, 
+                        'perm_unlink': False,
+                        'perm_create': False}, 
+                       context={context})
+        return res
+        
+IrModelAccess()

security_protector/security_view.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<openerp>
+    <data>
+        <record id="base.ir_access_act" model="ir.actions.act_window">
+            <field name="context">{'manual_security_override': 1}</field>
+        </record>
+    </data>
+</openerp>