本文深入探讨Odoo的权限管理机制,详细解析了用户权限如何动态生成,包括组视图的自定义字段引入及权限代码背后的逻辑。通过分析源代码,揭示了Odoo如何在后台动态创建和更新权限界面。
起因:
由于需要了解 odoo的权限管理,去看了下 odoo 是如何给用户赋权限的。发现好多不能理解。因此,打算从 user 的xml开始。看里面到底是什么意思
第一步,肯定查看user的xml。找user源码
odoo/odoo/addons/base/views/res_users_views.xml
<record id="view_users_form" model="ir.ui.view">
<field name="name">res.users.form</field>
<field name="model">res.users</field>
<field name="arch" type="xml">
<form string="Users">
<header>
</header>
<sheet>
由于只看权限,这里全部省略....
<notebook colspan="4">
<page name="access_rights" string="Access Rights">
<group string="Multi Companies" attrs="{'invisible': [('companies_count', '<=', 1)]}">
<field string="Allowed Companies" name="company_ids" widget="many2many_tags" options="{'no_create': True}"/>
<field string="Current Company" name="company_id" context="{'user_preference': 0}"/>
<field string="Companies count" name="companies_count" invisible="1"/>
</group>
<field name="groups_id"/>
</page>
<page string="Preferences">
省略......
</page>
</notebook>
</sheet>
</form>
</field>
</record>
发现。里面根本没有 权限部分的代码。。然后找了继承view_users_form ,发现也没有。想想也对,既然权限是动态生成的,肯定要在后台完成,不会在 前台写固定的。
由于增删改都需要更新界面。所以 查看user的后台代码。找到
@api.model
def _update_user_groups_view(self):
""" Modify the view with xmlid ``base.user_groups_view``, which inherits
the user form view, and introduces the reified group fields.
"""
# remove the language to avoid translations, it will be handled at the view level
self = self.with_context(lang=None)
# We have to try-catch this, because at first init the view does not
# exist but we are already creating some basic groups.
# 获取 base.user_groups_view 组view 的xml
view = self.env.ref('base.user_groups_view', raise_if_not_found=False)
if view and view.exists() and view._name == 'ir.ui.view':
group_no_one = view.env.ref('base.group_no_one')
group_employee = view.env.ref('base.group_user')
xml1, xml2, xml3 = [], [], []
# 这两个固定
xml1.append(E.separator(string='User Type', colspan="2", groups='base.group_no_one'))
xml2.append(E.separator(string='Application Accesses', colspan="2"))
user_type_field_name = ''
for app, kind, gs in self.get_groups_by_application():
attrs = {}
# hide groups in categories 'Hidden' and 'Extra' (except for group_no_one)
if app.xml_id in ('base.module_category_hidden', 'base.module_category_extra', 'base.module_category_usability'):
attrs['groups'] = 'base.group_no_one'
# User type (employee, portal or public) is a separated group. This is the only 'selection'
# group of res.groups without implied groups (with each other).
if app.xml_id == 'base.module_category_user_type':
# application name with a selection field
field_name = name_selection_groups(gs.ids)
user_type_field_name = field_name
attrs['widget'] = 'radio'
attrs['groups'] = 'base.group_no_one'
xml1.append(E.field(name=field_name, **attrs))
xml1.append(E.newline())
elif kind == 'selection':
# 只要属于selection 的就放在Application Accesses 下
# application name with a selection field
field_name = name_selection_groups(gs.ids)
xml2.append(E.field(name=field_name, **attrs))
xml2.append(E.newline())
else:
# application separator with boolean fields
# 不属于那两个的则为 app_name
app_name = app.name or 'Other'
xml3.append(E.separator(string=app_name, colspan="4", **attrs))
for g in gs:
field_name = name_boolean_group(g.id)
if g == group_no_one:
# make the group_no_one invisible in the form view
xml3.append(E.field(name=field_name, invisible="1", **attrs))
else:
xml3.append(E.field(name=field_name, **attrs))
xml3.append({'class': "o_label_nowrap"})
if user_type_field_name:
user_type_attrs = {'invisible': [(user_type_field_name, '!=', group_employee.id)]}
else:
user_type_attrs = {}
xml = E.field(
E.group(*(xml1), col="2"),
E.group(*(xml2), col="2", attrs=str(user_type_attrs)),
E.group(*(xml3), col="4", attrs=str(user_type_attrs)), name="groups_id", position="replace")
xml.addprevious(etree.Comment("GENERATED AUTOMATICALLY BY GROUPS"))
xml_content = etree.tostring(xml, pretty_print=True, encoding="unicode")
new_context = dict(view._context)
new_context.pop('install_mode_data', None) # don't set arch_fs for this computed view
new_context['lang'] = None
# 写入base.user_groups_view
view.with_context(new_context).write({'arch': xml_content})
可以看到。完全在后台给生成了。。都有注释。只说大概原理
<record id="user_groups_view" model="ir.ui.view">
<field name="name">res.users.groups</field>
<field name="model">res.users</field>
<field name="inherit_id" ref="view_users_form"/>
<field name="arch" type="xml">
<!-- dummy, will be modified by groups -->
<field name="groups_id" position="after"/>
</field>
</record>
1、先获取user_groups_view,的view。。而此view 继承 users_form ,而且after
2、根据逻辑生成 content 。然后 写入数据库的 arch里面就ok了
还有个疑问,如何 确定 selection
def get_groups_by_application(self):
""" Return all groups classified by application (module category), as a list::
[(app, kind, groups), ...],
where ``app`` and ``groups`` are recordsets, and ``kind`` is either
``'boolean'`` or ``'selection'``. Applications are given in sequence
order. If ``kind`` is ``'selection'``, ``groups`` are given in
reverse implication order.
"""
# app 分类 gs 组
def linearize(app, gs):
# 'User Type' is an exception 特例 app.xml_id 是计算字段
if app.xml_id == 'base.module_category_user_type':
return (app, 'selection', gs.sorted('id'))
# determine sequence order: a group appears after its implied groups 自己继承的组
order = {g: len(g.trans_implied_ids & gs) for g in gs}
# check whether order is total, i.e., sequence orders are distinct
#判断当前group 是否有平级关系,没有平级关系的话,res_groups_implied_rel 肯定无数据,set{g:0,g:0}
# /set{g:1,g:2,g:1} 肯定不等于gs(组对象)
if len(set(order.values())) == len(gs):
return (app, 'selection', gs.sorted(key=order.get))
else:
return (app, 'boolean', gs)
# classify all groups by application
by_app, others = defaultdict(self.browse), self.browse()
# 遍历所有group
for g in self.get_application_groups([]):
if g.category_id:
#如果有 category
by_app[g.category_id] += g
else:
others += g
# build the result
res = []
for app, gs in sorted(by_app.items(), key=lambda it: it[0].sequence or 0):
#app 分类 gs 组
res.append(linearize(app, gs))
if others:
res.append((self.env['ir.module.category'], 'boolean', others))
return res
关键点在 order = {g: len(g.trans_implied_ids & gs) for g in gs}
trans_implied_ids = fields.Many2many('res.groups', string='Transitively inherits',
compute='_compute_trans_implied')
@api.depends('implied_ids.trans_implied_ids')
def _compute_trans_implied(self):
# Compute the transitive closure recursively. Note that the performance
# is good, because the record cache behaves as a memo (the field is
# never computed twice on a given group.)
for g in self:
g.trans_implied_ids = g.implied_ids | g.mapped('implied_ids.trans_implied_ids')
可以看出。trans_implied_ids 其实就是只想自己的 也就是 res_groups_implied_rel 。
只有当前 category 的组 和 trans_implied_ids 不重复的id 相等,才会显示selection
a -----b
---------c
平级 则不会
扫一扫
2287
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
