From 2177a4c4827578ffedaf4476e30f0af6d49b468c Mon Sep 17 00:00:00 2001 From: AjmalCybro Date: Fri, 26 May 2023 17:50:28 +0530 Subject: [PATCH] May 24 : [UPDT] Updated 'employee_documents_expiry' --- .../models/employee_documents.py | 83 ++++++++++++++++--- 1 file changed, 73 insertions(+), 10 deletions(-) diff --git a/employee_documents_expiry/models/employee_documents.py b/employee_documents_expiry/models/employee_documents.py index d119eb607..d308eff9e 100644 --- a/employee_documents_expiry/models/employee_documents.py +++ b/employee_documents_expiry/models/employee_documents.py @@ -23,6 +23,8 @@ from datetime import datetime, date, timedelta from odoo import models, fields, api, _ +from odoo.exceptions import AccessError +from collections import defaultdict class HrEmployeeDocument(models.Model): @@ -40,7 +42,8 @@ class HrEmployeeDocument(models.Model): mail_content = " Hello " + i.employee_ref.name + ",
Your Document " + i.name + "is going to expire on " + \ str(i.expiry_date) + ". Please renew it before expiry date" main_content = { - 'subject': _('Document-%s Expired On %s') % (i.name, i.expiry_date), + 'subject': _('Document-%s Expired On %s') % ( + i.name, i.expiry_date), 'author_id': self.env.user.partner_id.id, 'body_html': mail_content, 'email_to': i.employee_ref.work_email, @@ -60,25 +63,29 @@ class HrEmployeeDocument(models.Model): } name = fields.Char(string='Document Number', required=True, copy=False) - document_name = fields.Many2one('employee.checklist', string='Document', required=True) + document_name = fields.Many2one('employee.checklist', string='Document', + required=True) description = fields.Text(string='Description', copy=False) expiry_date = fields.Date(string='Expiry Date', copy=False) employee_ref = fields.Many2one('hr.employee', copy=False) - doc_attachment_id = fields.Many2many('ir.attachment', 'doc_attach_rel', 'doc_id', 'attach_id3', string="Attachment", - help='You can attach the copy of your document', copy=False) - issue_date = fields.Date(string='Issue Date', default=fields.Date.context_today, copy=False) + doc_attachment_id = fields.Many2many('ir.attachment', 'doc_attach_rel', + 'doc_id', 'attach_id3', + string="Attachment", + help='You can attach the copy of your document', + copy=False) + issue_date = fields.Date(string='Issue Date', + default=fields.Date.context_today, copy=False) class HrEmployee(models.Model): _inherit = 'hr.employee' - def _document_count(self): for each in self: - document_ids = self.env['hr.employee.document'].search([('employee_ref', '=', each.id)]) + document_ids = self.env['hr.employee.document'].search( + [('employee_ref', '=', each.id)]) each.document_count = len(document_ids) - def document_view(self): self.ensure_one() domain = [ @@ -98,11 +105,67 @@ class HrEmployee(models.Model): 'context': "{'default_employee_ref': '%s'}" % self.id } - document_count = fields.Integer(compute='_document_count', string='# Documents') + document_count = fields.Integer(compute='_document_count', + string='# Documents') class HrEmployeeAttachment(models.Model): _inherit = 'ir.attachment' - doc_attach_rel = fields.Many2many('hr.employee.document', 'doc_attachment_id', 'attach_id3', 'doc_id', + doc_attach_rel = fields.Many2many('hr.employee.document', + 'doc_attachment_id', 'attach_id3', + 'doc_id', string="Attachment", invisible=1) + + @api.model + def check(self, mode, values=None): + """ Restricts the access to an ir.attachment, according to referred mode """ + if self.env.is_superuser(): + return True + # Always require an internal user (aka, employee) to access to a attachment + if not (self.env.is_admin() or self.env.user.has_group( + 'base.group_user') or self.env.user.has_group( + 'hr.group_hr_manager') or self.env.user.has_group( + 'hr.group_hr_user')): + raise AccessError( + _("Sorry, you are not allowed to access this document.")) + # collect the records to check (by model) + model_ids = defaultdict(set) # {model_name: set(ids)} + if self: + # DLE P173: `test_01_portal_attachment` + self.env['ir.attachment'].flush( + ['res_model', 'res_id', 'create_uid', 'public', 'res_field']) + self._cr.execute( + 'SELECT res_model, res_id, create_uid, public, res_field FROM ir_attachment WHERE id IN %s', + [tuple(self.ids)]) + for res_model, res_id, create_uid, public, res_field in self._cr.fetchall(): + if public and mode == 'read': + continue + if not self.env.uid and self.env.is_system(): + raise AccessError( + _("Sorry, you are not allowed to access this document.")) + if not (res_model and res_id): + continue + model_ids[res_model].add(res_id) + if values and values.get('res_model') and values.get('res_id'): + model_ids[values['res_model']].add(values['res_id']) + + # check access rights on the records + for res_model, res_ids in model_ids.items(): + # ignore attachments that are not attached to a resource anymore + # when checking access rights (resource was deleted but attachment + # was not) + if res_model not in self.env: + continue + if res_model == 'res.users' and len( + res_ids) == 1 and self.env.uid == list(res_ids)[0]: + # by default a user cannot write on itself, despite the list of writeable fields + # e.g. in the case of a user inserting an image into his image signature + # we need to bypass this check which would needlessly throw us away + continue + records = self.env[res_model].browse(res_ids).exists() + # For related models, check if we can write to the model, as unlinking + # and creating attachments can be seen as an update to the model + access_mode = 'write' if mode in ('create', 'unlink') else mode + records.check_access_rights(access_mode) + records.check_access_rule(access_mode)