On 18 Jul 11:15, Pierre-Louis Bonicoli wrote: > On 17/07/2014 23:21, Cédric Krier wrote: > > Hi, > > > > I re-open the discussion of > > https://groups.google.com/d/msg/tryton-dev/v8nBMe_ZBDk/qrvCml95UVYJ > > > > I have a solution which should be a mix of both previous solution. > > I propose to active the access right control only if a keyword is set in > > the context ('_check_access_right'). Of course to avoid cheating, the > > context will be always set on RPC calls for create, read, write, delete, > > copy, search, search_count, search_read, export_data, import_data and > > history_revision. > > The other methods could be: > > > > - buttons: managed by ir.model.button > > - selection: should be managed by the developer (but most of them > > doesn't need such access right) > > - manual RPC addition: so manually managed > > - default_get, fields_get, fields_view_get, view_toolbar_get: I > > propose to add also the context > > - on_change{,_with}, pre_validate: idem > > > > So I'm thinking about adding a parameter to RPC to set or not the > > context. > > > > So to ease the transition, we could keep the root switch to deactivate > > the access right. And later slowly remove such hack. > > > > In this new design, the equivalent of "root switch" will be to set to > > false in the context _check_access_right. > > > > The only drawback, I see, is if someone right code which set in the > > context user input data. But I think it is a very small drawback compare > > to the advantage this design gives because in many places now we have to > > «re-browse» or «switch the context» which slow down Tryton because it > > kill the cache. > > > > Instead of completely switching off access right control,
The proposal is not about switcing off access right. It is about moving access right check on the border of the application. > each module > could declare what he is allowed to access. For example > account_stock_anglo_saxon module could declare to be allowed to access > to sale/purchase. This could be implemented using a new type of context: > a module context. Please provide a clear example of what you are proposing because I don't understand what you mean by "module" neither how you will do that. -- Cédric Krier - B2CK SPRL Email/Jabber: cedric.kr...@b2ck.com Tel: +32 472 54 46 59 Website: http://www.b2ck.com/
pgptJZfmfJsns.pgp
Description: PGP signature
