Chapter 4: Security – A Brief Introduction
第四章:安全入门简介
原文来自:
https://www.odoo.com/documentation/17.0/zh_CN/developer/tutorials/server_framework_101/04_securityintro.html 使用通义千问翻译。
测试代码:https://gitee.com/zhang-wei918/estate
In the previous chapter, we created our first table intended to store business data. In a business application such as Odoo, one of the first questions to consider is who1 can access the data. Odoo provides a security mechanism to allow access to the data for specific groups of users.
在上一章中,我们创建了首个用于存储业务数据的表。在Odoo这样的业务应用中,首先要考虑的问题之一是谁能访问这些数据。Odoo提供了一种安全机制,允许特定用户群体访问数据。
The topic of security is covered in more detail in Restrict access to data. This chapter aims to cover the minimum required for our new module.
安全主题在《限制数据访问》中有更详细的介绍。本章旨在涵盖新模块所需的最低限度内容。
Data Files (CSV) 数据文件(CSV)
Odoo is a highly data driven system. Although behavior is customized using Python code, part of a module’s value is in the data it sets up when loaded. One way to load data is through a CSV file. One example is the list of country states which is loaded at installation of the base module.
Odoo是一个高度依赖数据驱动的系统。尽管行为是通过Python代码定制的,但模块价值的一部分在于加载时设置的数据。加载数据的一种方式是通过CSV文件。一个例子是基础模块安装时加载的国家州/省列表。
"id","country_id:id","name","code"
state_au_1,au,"Australian Capital Territory","ACT"
state_au_2,au,"New South Wales","NSW"
state_au_3,au,"Northern Territory","NT"
state_au_4,au,"Queensland","QLD"
...idis an external identifier. It can be used to refer to the record (without knowing its in-database identifier).id是外部标识符,可以用来引用记录(无需知道其在数据库中的标识符)。country_id:idrefers to the country by using its external identifier.country_id:id通过使用其外部标识符来引用国家。nameis the name of the state.name是州/省的名称。codeis the code of the state.code是州/省的代码。
These three fields are defined in the res.country.state model.
这三个字段在res.country.state模型中定义。
By convention, a file importing data is located in the data folder of a module. When the data is related to security, it is located in the security folder. When the data is related to views and actions (we will cover this later), it is located in the views folder. Additionally, all of these files must be declared in the data list within the __manifest__.py file. Our example file is defined in the manifest of the base module.
按照约定,导入数据的文件位于模块的data文件夹中。当数据涉及安全性时,它位于security文件夹中。当数据与视图和操作有关(我们将在后面覆盖这部分内容)时,它位于views文件夹中。此外,所有这些文件都必须在__manifest__.py文件的data列表中声明。我们的示例文件在基础模块的清单中定义。
Also note that the content of the data files is only loaded when a module is installed or updated.
还需注意的是,数据文件的内容仅在安装或更新模块时加载。
警告
The data files are sequentially loaded following their order in the __manifest__.py file. This means that if data A refers to data B, you must make sure that B is loaded before A.
数据文件按照它们在__manifest__.py文件中的顺序依次加载。这意味着,如果数据A引用了数据B,你必须确保B在A之前被加载。
In the case of the country states, you will note that the list of countries is loaded before the list of country states. This is because the states refer to the countries.
对于国家州/省的情况,你会注意到国家列表在州/省列表之前加载。这是因为州/省参照了国家。
Why is all this important for security? Because all the security configuration of a model is loaded through data files, as we’ll see in the next section.
为什么这对安全性很重要?因为模型的所有安全配置都是通过数据文件加载的,正如我们在下一部分将看到的。
Access Rights 访问权限
Reference: the documentation related to this topic can be found in Access Rights.
参考:关于该主题的文档可在《访问权限》中找到。
注解
Goal: at the end of this section, the following warning should not appear anymore:
目标:本节结束后,以下警告不应再出现:
WARNING rd-demo odoo.modules.loading: The models [‘estate.property’] have no access rules…
When no access rights are defined on a model, Odoo determines that no users can access the data. It is even notified in the log:
如果未在模型上定义访问权限,Odoo则确定没有任何用户可以访问数据。甚至还会在日志中通知:
WARNING rd-demo odoo.modules.loading: The models ['estate.property'] have no access rules in module estate, consider adding some, like:
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlinkAccess rights are defined as records of the model ir.model.access. Each access right is associated with a model, a group (or no group for global access) and a set of permissions: create, read, write and unlink2. Such access rights are usually defined in a CSV file named ir.model.access.csv.
访问权限被定义为ir.model.access模型的记录。每个访问权限与一个模型、一个用户组(或无组以进行全局访问)以及一组权限(创建、读取、写入和删除)关联。这类访问权限通常在一个名为ir.model.access.csv的CSV文件中定义。
Here is an example for our previous test_model:
以下是针对我们之前的test_model的一个示例:
id,name,model_id/id,group_id/id,perm_read,perm_write,perm_create,perm_unlink
access_test_model,access_test_model,model_test_model,base.group_user,1,0,0,0idis an external identifier.id是外部标识符。nameis the name of their.model.access.name是ir.model.access的名称。model_id/idrefers to the model which the access right applies to. The standard way to refer to the model ismodel_<model_name>, where<model_name>is the_nameof the model with the.replaced by_. Seems cumbersome? Indeed it is…model_id/id指定访问权限适用的模型。标准方式是指定model_<model_name>,其中<model_name>是模型的_name,将.替换为_。看起来繁琐吗?确实如此…group_id/idrefers to the group which the access right applies to.group_id/id指定访问权限适用的用户组。perm_read,perm_write,perm_create,perm_unlink: read, write, create and unlink permissionsperm_read,perm_write,perm_create,perm_unlink分别代表读、写、创建和删除权限。
练习
Add access rights. 添加访问权限。
Create the ir.model.access.csv file in the appropriate folder and define it in the __manifest__.py file.
在适当文件夹中创建ir.model.access.csv文件,并在__manifest__.py文件中定义它。
Give the read, write, create and unlink permissions to the group base.group_user.
给予base.group_user组读、写、创建和删除权限。
Tip: the warning message in the log gives you most of the solution 😉
提示:日志中的警告消息几乎给出了完整的解决方案;-)
Restart the server and the warning message should have disappeared!
重启服务器后,警告消息应该消失了!
It’s now time to finally interact with the UI!
现在终于可以与用户界面进行互动了!
1.meaning which Odoo user (or group of users)
这里指的是Odoo用户(或用户组)
2.‘unlink’ is the equivalent of ‘delete’
‘unlink’相当于‘删除’。
发表回复