devops_admin
/
odex25_standard
mirror of https://github.com/hydracp9/odex25_standard
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
odex25_standard/odex25_dms/dms/security/security.xml

274 lines
13 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8" ?>
<odoo>
<!-- <record id="module_category_documents_management" model="ir.module.category">
<field name="name">Documents</field>
<field name="description">Allows you to manage your documents.</field>
<field name="sequence">20</field>
</record>
<record id="group_dms_user" model="res.groups">
<field name="name">User</field>
<field name="implied_ids" eval="[(4, ref('base.group_user'))]"/>
<field name="category_id" ref="dms.module_category_documents_management"/>
</record>
<record id="group_dms_manager" model="res.groups">
<field name="name">Administrator</field>
<field name="category_id" ref="dms.module_category_documents_management"/>
<field name="implied_ids" eval="[(4, ref('group_dms_user'))]"/>
<field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>
</record> -->
<record id="category_dms_security" model="ir.module.category">
<field name="name">Documents</field>
</record>
<record id="group_dms_user" model="res.groups">
<field name="name">User</field>
<field name="category_id" ref="dms.category_dms_security"/>
</record>
<record id="group_dms_manager" model="res.groups">
<field name="name">Manager</field>
<field name="implied_ids" eval="[(4, ref('group_dms_user'))]"/>
<field name="category_id" ref="dms.category_dms_security"/>
<field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]" />
</record>
<record id="group_dms_delete_directory" model="res.groups">
<field name="name">Permission to delete Folders/Directories</field>
</record>
<record id="rule_multi_company_storage" model="ir.rule">
<field name="name">DMS Storage multi-company</field>
<field name="model_id" ref="model_dms_storage"/>
<field name="global" eval="True"/>
<field name="domain_force">['|',('company_id','=',False),('company_id','in',company_ids)]
</field>
</record>
<record id="rule_multi_company_directory" model="ir.rule">
<field name="name">DMS Directory multi-company</field>
<field name="model_id" ref="model_dms_directory"/>
<field name="global" eval="True"/>
<field name="domain_force">['|',('company_id','=',False),('company_id','in',company_ids)]
</field>
</record>
<record id="rule_multi_company_file" model="ir.rule">
<field name="name">File multi-company</field>
<field name="model_id" ref="model_dms_file"/>
<field name="global" eval="True"/>
<field name="domain_force">['|',('company_id','=',False),('company_id','in',company_ids)]
</field>
</record>
<record id="rule_file_locked" model="ir.rule">
<field name="name">Locked files are only modified by locker user.</field>
<field name="model_id" ref="model_dms_file"/>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
<field name="global" eval="True"/>
<field name="perm_read" eval="0"/>
<field name="perm_create" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_unlink" eval="1"/>
<field name="domain_force">['|', ('locked_by', '=', False), ('locked_by', '=', user.id)]
</field>
</record>
<record id="rule_security_groups_user" model="ir.rule">
<field name="name">User can only edit and delete their own groups.</field>
<field name="model_id" ref="model_dms_access_group"/>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
<field name="perm_read" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_write" eval="1"/>
<field name="perm_unlink" eval="1"/>
<field name="domain_force">[('create_uid','=',user.id)]</field>
</record>
<record id="rule_security_groups_manager" model="ir.rule">
<field name="name">Admins can edit and delete all groups.</field>
<field name="model_id" ref="model_dms_access_group"/>
<field name="groups" eval="[(4, ref('base.group_erp_manager'))]"/>
<field name="perm_read" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_write" eval="1"/>
<field name="perm_unlink" eval="1"/>
<field name="domain_force">[(1 ,'=', 1)]</field>
</record>
<!-- Forbid lower groups access to hidden storage -->
<record id="rule_forbid_hidden_storage" model="ir.rule">
<field name="name">Basic users cannot access hidden storage</field>
<field name="model_id" ref="model_dms_storage"/>
<field name="groups" eval="[(4, ref('base.group_portal')), (4, ref('group_dms_user'))]" />
<field name="perm_read" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_unlink" eval="1"/>
<field name="domain_force">[('is_hidden', '=', False)]</field>
</record>
<record id="rule_allow_hidden_storage" model="ir.rule">
<field name="name">Managers can access hidden storage</field>
<field name="model_id" ref="model_dms_storage"/>
<field name="groups" eval="[(4, ref('group_dms_manager'))]"/>
<field name="perm_read" eval="1"/>
<field name="perm_create" eval="1"/>
<field name="perm_write" eval="1"/>
<field name="perm_unlink" eval="1"/>
<field name="domain_force">[('is_hidden', '=', True)]</field>
</record>
<!-- These rules leverage computed permission management -->
<record id="rule_directory_computed_create" model="ir.rule">
<field name="name">Apply computed create permissions.</field>
<field name="model_id" ref="model_dms_directory"/>
<field name="global" eval="True"/>
<field name="perm_read" eval="0"/>
<field name="perm_create" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_unlink" eval="0"/>
<field name="domain_force">['|',('permission_create', '=', user.id),('create_uid','=',user.id)]</field>
</record>
<record id="rule_directory_computed_read" model="ir.rule">
<field name="name">Apply computed read permissions.</field>
<field name="model_id" ref="model_dms_directory"/>
<field name="global" eval="True"/>
<field name="active" eval="True"/>
<field name="perm_read" eval="1"/>
<field name="perm_create" eval="0"/>
<field name="perm_write" eval="0"/>
<field name="perm_unlink" eval="0"/>
<field name="domain_force">['|',('permission_read', '=', user.id),('create_uid','=',user.id)]</field>
</record>
<record id="rule_directory_computed_unlink" model="ir.rule">
<field name="name">Apply computed unlink permissions.</field>
<field name="model_id" ref="model_dms_directory"/>
<field name="global" eval="True"/>
<field name="perm_read" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_write" eval="0"/>
<field name="perm_unlink" eval="1"/>
<field name="domain_force">[('permission_unlink', '=', user.id)]</field>
</record>
<record id="rule_directory_computed_write" model="ir.rule">
<field name="name">Apply computed write permissions.</field>
<field name="model_id" ref="model_dms_directory"/>
<field name="global" eval="True"/>
<field name="perm_read" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_write" eval="1"/>
<field name="perm_unlink" eval="0"/>
<field name="domain_force">['|',('permission_write', '=', user.id),('create_uid','=',user.id)]</field>
</record>
<!-- document -->
<record id="rule_document_computed_create" model="ir.rule">
<field name="name">Apply computed create permissions.</field>
<field name="model_id" ref="model_documents_document"/>
<field name="global" eval="True"/>
<field name="perm_read" eval="0"/>
<field name="perm_create" eval="1"/>
<field name="perm_write" eval="0"/>
<field name="perm_unlink" eval="0"/>
<field name="domain_force">[('permission_create', '=', user.id)]</field>
</record>
<record id="rule_document_computed_read" model="ir.rule">
<field name="name">Apply computed read permissions.</field>
<field name="model_id" ref="model_documents_document"/>
<field name="global" eval="True"/>
<field name="perm_read" eval="1"/>
<field name="perm_create" eval="0"/>
<field name="perm_write" eval="0"/>
<field name="perm_unlink" eval="0"/>
<field name="domain_force">[('permission_read', '=', user.id)]</field>
</record>
<record id="rule_document_computed_unlink" model="ir.rule">
<field name="name">Apply computed unlink permissions.</field>
<field name="model_id" ref="model_documents_document"/>
<field name="global" eval="True"/>
<field name="perm_read" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_write" eval="0"/>
<field name="perm_unlink" eval="1"/>
<field name="domain_force">[('permission_unlink', '=', user.id)]</field>
</record>
<record id="rule_document_computed_write" model="ir.rule">
<field name="name">Apply computed write permissions.</field>
<field name="model_id" ref="model_documents_document"/>
<field name="global" eval="True"/>
<field name="perm_read" eval="0"/>
<field name="perm_create" eval="0"/>
<field name="perm_write" eval="1"/>
<field name="perm_unlink" eval="0"/>
<field name="domain_force">[('permission_write', '=', user.id)]</field>
</record>
<!-- <record id="documents_document_global_rule" model="ir.rule">
<field name="name">Documents.document: global</field>
<field name="model_id" ref="model_documents_document"/>
<field name="domain_force">['|',
('folder_id.company_id', '=', False),
('folder_id.company_id', 'in', company_ids)]
</field>
</record>
<record id="documents_document_readonly_rule" model="ir.rule">
<field name="name">Documents.document: readonly rule</field>
<field name="model_id" ref="model_documents_document"/>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
<field name="domain_force">[
'&amp;',
('folder_id.group_ids', 'in', [g.id for g in user.groups_id]),
'|',
('folder_id.user_specific', '=', False),
('owner_id', '=', user.id)
]
</field>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<record id="documents_document_write_rule" model="ir.rule">
<field name="name">Documents.document: folder write groups</field>
<field name="model_id" ref="model_documents_document"/>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
<field name="domain_force">[
'|',
('folder_id.group_ids', 'in', [g.id for g in user.groups_id]),
'&amp;',
('folder_id.group_ids', '=', False),
('folder_id.group_ids', '=', False)]
</field>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="True"/>
<field name="perm_unlink" eval="False"/>
</record>
-->
<record id="documents_document_manager_rule" model="ir.rule">
<field name="name">Documents.document: manager rule</field>
<field name="model_id" ref="model_documents_document"/>
<field name="groups" eval="[(4, ref('dms.group_dms_manager'))]"/>
<field name="domain_force">[(1, '=', 1)]</field>
</record>
<!-- share links rules -->
<record id="documents_share_folder_company_rule" model="ir.rule">
<field name="name">Documents.share: company</field>
<field name="model_id" ref="model_documents_share"/>
<field name="domain_force">['|',
('folder_id.company_id', '=', False),
('folder_id.company_id', 'in', company_ids)]
</field>
</record>
<record id="documents_share_folder_create_uid_rule" model="ir.rule">
<field name="name">Documents.share: create uid</field>
<field name="model_id" ref="model_documents_share"/>
<field name="groups" eval="[(4, ref('dms.group_dms_user'))]"/>
<field name="domain_force">[('create_uid', '=', user.id)]</field>
</record>
<record id="documents_share_manager_rule" model="ir.rule">
<field name="name">Documents.share: manager rule</field>
<field name="model_id" ref="model_documents_share"/>
<field name="groups" eval="[(4, ref('dms.group_dms_manager'))]"/>
<field name="domain_force">[(1, '=', 1)]</field>
</record>
</odoo>
Reference in New Issue View Git Blame Copy Permalink