audrius/app-odoo
1
0
Fork 0
mirror of https://github.com/guohuadeng/app-odoo.git synced 2025-02-23 04:11:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

update customize 安全问题

Browse Source
This commit is contained in:
Ivan Office
2024-03-11 19:25:56 +08:00
parent fd6ac0bd98
commit 30de6cdeb7
2 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app_odoo_customize/__openerp__.py
View File

@@ -16,7 +16,7 @@
# description: # description:
{ {
'name': 'Customize odoo OEM (Boost, My Odoo)', 'name': 'Customize odoo OEM (Boost, My Odoo)',
'version': '10.20.03.04', 'version': '10.24.03.11',
'author': '广州欧度智能', 'author': '广州欧度智能',
'category': 'Productivity', 'category': 'Productivity',
'website': 'http://www.sunpop.cn', 'website': 'http://www.sunpop.cn',

32
app_odoo_customize/models/app_theme_config_settings.py
View File

@@ -2,7 +2,8 @@
import logging import logging
from openerp import api, fields, models, _ from odoo import api, fields, models, _
from odoo.exceptions import UserError
_logger = logging.getLogger(__name__) _logger = logging.getLogger(__name__)
@@ -41,6 +42,13 @@ class AppThemeConfigSettings(models.TransientModel):
string='Favicon mimetype', string='Favicon mimetype',
help='Set the mimetype of your file.') help='Set the mimetype of your file.')
@api.model
def _app_check_sys_op(self):
if self.env.user.has_group('base.group_erp_manager'):
return True
return False
@api.model @api.model
def get_default_all(self, fields): def get_default_all(self, fields):
ir_config = self.env['ir.config_parameter'] ir_config = self.env['ir.config_parameter']
@@ -115,6 +123,8 @@ class AppThemeConfigSettings(models.TransientModel):
@api.multi @api.multi
def remove_sales(self): def remove_sales(self):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
to_removes = [ to_removes = [
# 清除销售单据 # 清除销售单据
['sale.order.line', ], ['sale.order.line', ],
@@ -140,6 +150,8 @@ class AppThemeConfigSettings(models.TransientModel):
return True return True
def remove_product(self): def remove_product(self):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
to_removes = [ to_removes = [
# 清除产品数据 # 清除产品数据
['product.product', ], ['product.product', ],
@@ -165,6 +177,8 @@ class AppThemeConfigSettings(models.TransientModel):
return True return True
def remove_product_attribute(self): def remove_product_attribute(self):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
to_removes = [ to_removes = [
# 清除产品属性 # 清除产品属性
['product.attribute.value', ], ['product.attribute.value', ],
@@ -183,6 +197,8 @@ class AppThemeConfigSettings(models.TransientModel):
@api.multi @api.multi
def remove_pos(self): def remove_pos(self):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
to_removes = [ to_removes = [
# 清除POS单据 # 清除POS单据
['pos.order.line', ], ['pos.order.line', ],
@@ -209,6 +225,8 @@ class AppThemeConfigSettings(models.TransientModel):
@api.multi @api.multi
def remove_purchase(self): def remove_purchase(self):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
to_removes = [ to_removes = [
# 清除采购单据 # 清除采购单据
['purchase.order.line', ], ['purchase.order.line', ],
@@ -237,6 +255,8 @@ class AppThemeConfigSettings(models.TransientModel):
@api.multi @api.multi
def remove_mrp(self): def remove_mrp(self):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
to_removes = [ to_removes = [
# 清除生产单据 # 清除生产单据
['mrp.workcenter.productivity', ], ['mrp.workcenter.productivity', ],
@@ -268,6 +288,8 @@ class AppThemeConfigSettings(models.TransientModel):
@api.multi @api.multi
def remove_mrp_bom(self): def remove_mrp_bom(self):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
to_removes = [ to_removes = [
# 清除生产BOM # 清除生产BOM
['mrp.bom.line', ], ['mrp.bom.line', ],
@@ -286,6 +308,8 @@ class AppThemeConfigSettings(models.TransientModel):
@api.multi @api.multi
def remove_inventory(self): def remove_inventory(self):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
to_removes = [ to_removes = [
# 清除库存单据 # 清除库存单据
['stock.quant', ], ['stock.quant', ],
@@ -354,6 +378,8 @@ class AppThemeConfigSettings(models.TransientModel):
@api.multi @api.multi
def remove_account(self): def remove_account(self):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
to_removes = [ to_removes = [
# 清除财务会计单据 # 清除财务会计单据
['account.voucher.line', ], ['account.voucher.line', ],
@@ -419,6 +445,8 @@ class AppThemeConfigSettings(models.TransientModel):
@api.multi @api.multi
def remove_message(self): def remove_message(self):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
to_removes = [ to_removes = [
# 清除消息数据 # 清除消息数据
['mail.message', ], ['mail.message', ],
@@ -437,6 +465,8 @@ class AppThemeConfigSettings(models.TransientModel):
@api.multi @api.multi
def remove_workflow(self): def remove_workflow(self):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
to_removes = [ to_removes = [
# 清除工作流 # 清除工作流
['wkf.workitem', ], ['wkf.workitem', ],