NeoAnd/knowledge
1
0
Fork 0
mirror of https://github.com/OCA/knowledge.git synced 2025-07-24 17:38:42 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #205 from Eficent/11.0-knowledge-document-security

Browse Source 
[knowledge][11.0.3.0.0] - add security for access to ir.attachment.
This commit is contained in:
Jordi Ballester Alomar 2019-03-11 20:30:11 +01:00 committed by GitHub
commit f731c04534
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 111 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
attachment_preview/static/src/js/attachment_preview.js
View File

@ -1,5 +1,5 @@
///* Copyright 2014 Therp BV (<http://therp.nl>)
// * License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). */
/* Copyright 2014 Therp BV (<http://therp.nl>)
* License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). */
odoo.define('attachment_preview', function (require) {
'use strict';
@ -17,9 +17,8 @@ odoo.define('attachment_preview', function(require) {
canPreview: function (extension) {
return $.inArray(
extension,
[
'odt', 'odp', 'ods', 'fodt', 'pdf', 'ott', 'fodp', 'otp',
'fods', 'ots'
['odt', 'odp', 'ods', 'fodt', 'pdf', 'ott', 'fodp', 'otp',
'fods', 'ots',
]) > -1;
},
@ -46,7 +45,7 @@ odoo.define('attachment_preview', function(require) {
Sidebar.include(AttachmentPreviewMixin);
Sidebar.include({
events: _.extend({}, Sidebar.prototype.events, {
'click .o_sidebar_preview_attachment': '_onPreviewAttachment'
'click .o_sidebar_preview_attachment': '_onPreviewAttachment',
}),
previewableAttachments: null,
@ -64,7 +63,7 @@ odoo.define('attachment_preview', function(require) {
event.preventDefault();
var self = this,
$target = $(event.currentTarget),
split_screen = $target.attr('data-target') != 'new',
split_screen = $target.attr('data-target') !== 'new',
attachment_id = parseInt($target.attr('data-id'), 10),
attachment_url = $target.attr('data-url'),
attachment_extension = $target.attr('data-extension'),
@ -76,7 +75,7 @@ odoo.define('attachment_preview', function(require) {
this._rpc({
model: 'ir.attachment',
method: 'get_attachment_extension',
args: [attachment_id]
args: [attachment_id],
}).then(function (extension) {
self.showPreview(attachment_id, attachment_url, extension, null, split_screen);
});
@ -104,8 +103,8 @@ odoo.define('attachment_preview', function(require) {
args: [
_.map(_.keys(attachments), function (id) {
return parseInt(id, 10);
})
]
}),
],
}).then(function (extensions) {
var reviewableAttachments = _.map(_.keys(_.pick(extensions, function (extension, id) {
return self.canPreview(extension);
@ -120,8 +119,8 @@ odoo.define('attachment_preview', function(require) {
attachments[id]['url'],
extensions[id],
id + ' - ' + attachments[id]['title']
)
}
),
};
});
deferred.resolve(reviewableAttachments);
}, function () {
@ -147,7 +146,7 @@ odoo.define('attachment_preview', function(require) {
basic_fields.FieldBinaryFile.include(AttachmentPreviewMixin);
basic_fields.FieldBinaryFile.include({
events: _.extend({}, basic_fields.FieldBinaryFile.prototype.events, {
'click .fa-search': '_onPreview'
'click .fa-search': '_onPreview',
}),
_renderReadonly: function () {
@ -176,8 +175,8 @@ odoo.define('attachment_preview', function(require) {
this.model,
this.recordData.id,
this.name,
this.attrs.filename
]
this.attrs.filename,
],
});
},
@ -194,7 +193,7 @@ odoo.define('attachment_preview', function(require) {
_.str.sprintf(_t('Preview %s'), this.field.string),
false
);
}
},
});
var AttachmentPreviewWidget = Widget.extend({
@ -273,7 +272,7 @@ odoo.define('attachment_preview', function(require) {
},
loadPreview: function () {
if (this.attachments.length == 0) {
if (this.attachments.length === 0) {
this.$iframe.attr('src', 'about:blank');
return;
}
@ -287,7 +286,7 @@ odoo.define('attachment_preview', function(require) {
this.activeIndex = 0;
this.updatePaginator();
this.loadPreview();
}
},
});
FormRenderer.include({
@ -320,14 +319,14 @@ odoo.define('attachment_preview', function(require) {
on_detach_callback: function () {
this.attachmentPreviewWidget.hide();
return this._super.apply(this, arguments);
}
},
});
FormController.include({
custom_events: _.extend({}, FormController.prototype.custom_events, {
onAttachmentPreview: '_onAttachmentPreview',
setPreviewableAttachments: '_setPreviewableAttachments'
setPreviewableAttachments: '_setPreviewableAttachments',
}),
_onAttachmentPreview: function (event) {
@ -338,11 +337,11 @@ odoo.define('attachment_preview', function(require) {
this.renderer.attachmentPreviewWidget.setAttachments(
event.data.attachments
);
}
},
});
return {
AttachmentPreviewMixin: AttachmentPreviewMixin,
AttachmentPreviewWidget: AttachmentPreviewWidget
AttachmentPreviewWidget: AttachmentPreviewWidget,
};
});

2
document_page_project/__manifest__.py
View File

@ -4,7 +4,7 @@
{
'name': 'Project Wiki',
'description': 'This module links document pages to projects',
'summary': 'This module links document pages to projects',
'version': '11.0.1.0.0',
"development_status": "Beta",
'category': 'Project',

6
document_url/static/src/js/url.js
View File

@ -21,7 +21,7 @@ odoo.define('document_url', function (require) {
self.$el.find("a[href]").attr('target', '_blank');
self.$el
.find('.oe_sidebar_add_attachment, .o_sidebar_add_attachment')
.after(QWeb.render('AddUrlDocumentItem', {widget: self}))
.after(QWeb.render('AddUrlDocumentItem', {widget: self}));
self.$el.find('.o_sidebar_add_url').on('click', function (e) {
self.on_url_doc();
});
@ -29,7 +29,7 @@ odoo.define('document_url', function (require) {
on_url_doc: function (event) {
var self = this;
var env = self.env
var env = self.env;
var view = self.getParent();
var ids = self.env.activeIds;
if (!_.isEmpty(ids)) {
@ -41,7 +41,7 @@ odoo.define('document_url', function (require) {
if (env.domain) {
activeIdsContext.active_domain = env.domain;
}
var context = new Context(env.context, activeIdsContext)
var context = new Context(env.context, activeIdsContext);
context = pyeval.eval('context', context);
self._rpc({
route: "/web/action/load",

3
knowledge/__manifest__.py
View File

@ -2,10 +2,11 @@
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
{
"name": "Knowledge Management System",
"version": "11.0.2.0.0",
"version": "11.0.3.0.0",
"author": "OpenERP SA,"
"MONK Software, "
"Tecnativa, "
"Eficent, "
"Odoo Community Association (OCA)",
"category": "Knowledge",
"license": "AGPL-3",

8
knowledge/models/res_config.py
View File

@ -9,11 +9,17 @@ class KnowledgeConfigSettings(models.TransientModel):
_inherit = 'res.config.settings'
module_document = fields.Boolean(
'Manage documents',
'Attachments List and Document Indexation',
help='Document indexation, full text search of attachements.\n'
'- This installs the module document.'
)
group_ir_attachment_user = fields.Boolean(
string='Central access to Documents',
help="When you set this field all users will be able to manage "
"attachments centrally, from the Knowledge/Documents menu.",
implied_group='knowledge.group_ir_attachment_user')
module_document_page = fields.Boolean(
'Manage document pages (Wiki)',
help='Provide document page and category as a wiki.\n'

20
knowledge/readme/CONFIGURE.rst Normal file
View File

@ -0,0 +1,20 @@
To set up this module, you need to go to:
* Knowledge / Configuration / Settings
From this menu you'll have a central access to install the apps that belong
to Knowledge.
* Check *Attachments List and Document Indexation* if you want to install the
module that allows users to attach documents to any model.
* Check *Manage attachments centrally* if you want all users to be able to
access to the all attachments to which they have read permissions, from the
menu *Knowledge / Documents*
If you want to grant Central Access to Documents only to some users:
#. Go to *Settings/Activate the developer mode*. Only a user with
*Administration / Settings* permissions can do that.
#. Go to *Settings / Users & Companies / Users* and set the checkbox
*Central access to Documents* to the selected users.

1
knowledge/readme/CONTRIBUTORS.rst
View File

@ -6,3 +6,4 @@
* Fayez Qandeel
* Vicent Cubells <vicent.cubells@tecnativa.com>
* Iván Todorovich <ivan.todorovich@gmail.com>
* Jordi Ballester <jordi.ballester@eficent.com>

2
knowledge/readme/ROADMAP.rst
View File

@ -1,2 +0,0 @@
* Migrate related modules to v11 and add options in the settings as soon as
they are installable.

6
knowledge/readme/USAGE.rst
View File

@ -1,3 +1,5 @@
To use this module, you need to:
This module adds a new top level menu *Knowledge*
* Go to Knowledge / Configuration / Settings
Users with permission *Central access to Documents* can access in
*Knowledge/Documents* to all the documents attached to records of any model
for which they have read permission.

6
knowledge/security/knowledge_security.xml
View File

@ -7,4 +7,10 @@
<field name="users" eval="[(4, ref('base.user_root'))]"/>
</record>
<record id="group_ir_attachment_user" model="res.groups">
<field name="name">Central access to Documents</field>
<field name="category_id" ref="base.module_category_hidden"/>
<field name="implied_ids" eval="[(4, ref('group_document_user'))]"/>
</record>
</odoo>

4
knowledge/views/knowledge.xml
View File

@ -37,9 +37,9 @@
<menuitem
id="menu_document_section"
name="Documents"
groups="knowledge.group_document_user"
groups="knowledge.group_ir_attachment_user"
parent="menu_document_root"
sequence="10"/>
sequence="150"/>
<menuitem
id="menu_document"

10
knowledge/views/res_config.xml
View File

@ -21,6 +21,14 @@
<label for="module_document"/>
</div>
</div>
<div class="col-xs-12 col-md-12 o_setting_box">
<div class="o_setting_left_pane">
<field name="group_ir_attachment_user"/>
</div>
<div class="o_setting_right_pane">
<label for="group_ir_attachment_user"/>
</div>
</div>
<div class="col-xs-12 col-md-12 o_setting_box">
<div class="o_setting_left_pane">
<field name="module_document_page"/>
@ -75,7 +83,7 @@
name="Configuration"
parent="menu_document_root"
groups="base.group_system"
sequence="50"/>
sequence="200"/>
<menuitem id="menu_knowledge_configuration"
name="Settings"
parent="menu_document_configuration"