3540
def check_field_access_rights(self, cr, user, operation, fields, context=None):
3542
Check the user access rights on the given fields. This raises Access
3543
Denied if the user does not have the rights. Otherwise it returns the
3544
fields (as is if the fields is not falsy, or the readable/writable
3545
fields if fields is falsy).
3548
"""Predicate to test if the user has access to the given field name."""
3549
# Ignore requested field if it doesn't exist. This is ugly but
3550
# it seems to happen at least with 'name_alias' on res.partner.
3551
if field_name not in self._all_columns:
3553
field = self._all_columns[field_name].column
3555
return self.user_has_groups(cr, user, groups=field.groups, context=context)
3559
fields = filter(p, self._all_columns.keys())
3561
filtered_fields = filter(lambda a: not p(a), fields)
3563
_logger.warning('Access Denied by ACLs for operation: %s, uid: %s, model: %s, fields: %s', operation, user, self._name, ', '.join(filtered_fields))
3566
_('The requested operation cannot be completed due to security restrictions. '
3567
'Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % \
3568
(self._description, operation))
3540
3571
def read(self, cr, user, ids, fields=None, context=None, load='_classic_read'):
3541
3572
""" Read records with given ids with the given fields
3562
3593
if not context:
3564
3595
self.check_access_rights(cr, user, 'read')
3566
fields = list(set(self._columns.keys() + self._inherit_fields.keys()))
3596
fields = self.check_field_access_rights(cr, user, 'read', fields)
3567
3597
if isinstance(ids, (int, long)):
4022
4052
readonly = None
4053
self.check_field_access_rights(cr, user, 'write', vals.keys())
4023
4054
for field in vals.copy():
4025
4056
if field in self._columns: