NextERP/runbot
5
0
Fork 0
mirror of https://github.com/odoo/runbot.git synced 2025-03-15 23:45:44 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

[IMP] runbot: add security rules for objects by projects

Browse Source
This commit is contained in:
Christophe Monniez 2024-03-01 15:29:32 +01:00
parent 4d7580605e
commit f4615911fe
1 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
runbot/security/runbot_security.xml
View File

@ -130,5 +130,41 @@
<field name="perm_read" eval="False"/>
</record>
<record id="runbot_bundle_access_user" model="ir.rule">
<field name="name">User can read bundle from public projects or specific groups</field>
<field name="model_id" ref="model_runbot_bundle"/>
<field name="domain_force">['|', ('project_id.group_ids.users', 'in', user.id), ('project_id.group_ids', '=', False)]</field>
</record>
<record id="runbot_branch_access_user" model="ir.rule">
<field name="name">User can read branch from public projects or specific groups</field>
<field name="model_id" ref="model_runbot_branch"/>
<field name="domain_force">['|', ('bundle_id.project_id.group_ids.users', 'in', user.id), ('bundle_id.project_id.group_ids', '=', False)]</field>
</record>
<record id="runbot_batch_access_user" model="ir.rule">
<field name="name">User can read batch from public projects or specific groups</field>
<field name="model_id" ref="model_runbot_batch"/>
<field name="domain_force">['|', ('bundle_id.project_id.group_ids.users', 'in', user.id), ('bundle_id.project_id.group_ids', '=', False)]</field>
</record>
<record id="runbot_commit_access_user" model="ir.rule">
<field name="name">User can read commits from public projects or specific groups</field>
<field name="model_id" ref="model_runbot_commit"/>
<field name="domain_force">['|', ('repo_id.project_id.group_ids.users', 'in', user.id), ('repo_id.project_id.group_ids', '=', False)]</field>
</record>
<record id="runbot_batch_slot_access_user" model="ir.rule">
<field name="name">User can read batch slot from public projects or specific groups</field>
<field name="model_id" ref="model_runbot_batch_slot"/>
<field name="domain_force">['|', ('batch_id.bundle_id.project_id.group_ids.users', 'in', user.id), ('batch_id.bundle_id.project_id.group_ids', '=', False)]</field>
</record>
<record id="runbot_build_access_user" model="ir.rule">
<field name="name">User can read build from public projects or specific groups</field>
<field name="model_id" ref="model_runbot_build"/>
<field name="domain_force">['|', ('params_id.project_id.group_ids.users', 'in', user.id), ('params_id.project_id.group_ids', '=', False)]</field>
</record>
</data>
</odoo>