高度封装的前后端框架-odoo回顾(三):翻译官方教程第五章:＜＜安全-简单介绍＞＞

Chapter 5: Security - A Brief Introduction

第五章: 安全-一篇简单介绍

In the previous chapter, we created our first table intended to store business data.
在上一章节,我们创建了我们第一张表,目的在于存储业务数据
In a business application such as Odoo, one of the first questions to consider is who1 can access the data.
在一个例如Odoo的商业软件里面,首要考虑的问题之一是谁[1]可以访问数据
Odoo provides a security mechanism to allow access to the data for specific groups of users.
odoo为特定用户组提供了一个安全的访问机制去允许访问数据

The topic of security is covered in more detail in Advanced B: ACL and Record Rules.
安全主题在高级B:ACL和记录规则中包含了更多细节

This chapter aims to cover the minimum required for our new module.
这一章旨在涵盖我们这个新模块的最小需求

Data Files (CSV)

数据文件(CSV)

Odoo is a highly data driven system.
Odoo是一个高数据驱动的系统
Although behavior is customized using Python code, part of a module’s value is in the data it sets up when loaded.
尽管行为通过Python代码定制,模块值的一部分存在于启动时候加载的数据中
One way to load data is through a CSV file.
加载数据的一种方式是通过CSV文件

One example is the list of country states which is loaded at installation of the base module.
一个例子是国家列表,它就是在base 模块启动的时候加载的

"id","country_id:id","name","code"
state_us_1,us,"Alabama","AL"
state_us_2,us,"Alaska","AK"
state_us_3,us,"Arizona","AZ"
state_us_4,us,"Arkansas","AR"
...

• id is an external identifier. It can be used to refer to the record (without knowing its in-database identifier).

• id是一个外键.它可以用于指向记录(无需知道它在数据库中的d)

• country_id:id refers to the country by using its external identifier.

• 国家id, 通过外键指向国家

• name is the name of the state.

• 名称是国家的名称

• code is the code of the state.

• 代码是国家的代码

These three fields are defined in the res.country.state model.
这三个字段都被定义在res.contry.state模块

By convention, a file importing data is located in the data folder of a module.
按照惯例,一个导入数据的文件位于一个模块的data文件夹
When the data is related to security, it is located in the security folder.
当数据和安全相关,它则位于security 文件夹
When the data is related to views and actions (we will cover this later), it is located in the views folder.
当数据和视图或者动作相关(之后我们会涵盖到),它将位于视图文件夹
Additionally, all of these files must be declared in the data list within the manifest.py file.
另外,所有这些文件必须在__manifest__.py文件的datalist中申明.
Our example file is defined in the manifest of the base module.
我们的示范文件在base module的manifest中定义

Also note that the content of the data files is only loaded when a module is installed or updated.
也要记住,data文件的内容只在安装或者更新的时候被加载

Warning

警告

The data files are sequentially loaded following their order in the manifest.py file.
数据文件按照他们在__manifest中的顺序被顺序加载
This means that if data A refers to data B, you must make sure that B is loaded before A.
这意味着,如果数据A引用了数据B,你必须确认B在A之前被加载

In the case of the country states, you will note that the list of countries is loaded before the list of country states.
在国家的例子中,你将会注意到了,国家列表在国家状态之前被加载
This is because the states refer to the countries.
这是因为状态引用了国家

Why is all this important for security?
为什么所有这些对安全都很重要
Because all the security configuration of a model is loaded through data files, as we’ll see in the next section.
因为一个模块的所有安全配置通过data文件加载,就像我们在下一节看到的一样

Access Rights

Reference: the documentation related to this topic can be found in Access Rights.
引用: 和这个主体相关的文档可以在访问权中被发现

Note

记住:

Goal: at the end of this section, the following warning should not appear anymore:
目标: 在这一节结束,下面的警告不应该再出现:
WARNING rd-demo odoo.modules.loading: The model estate.property has no access rules…

When no access rights are defined on a model, Odoo determines that no users can access the data. It is even notified in the log:
当在一个模块中没有定义访问权,odoo定义没有用户可以访问数据.它甚至在日志中提醒:

WARNING rd-demo odoo.modules.loading: The model estate.property has no access rules, consider adding one. E.g. access_estate_property,access_estate_property,model_estate_property,base.group_user,1,0,0,0

Access rights are defined as records of the model ir.model.access.
访问权被定义成模型ir.model.access的记录值
Each access right is associated with a model, a group (or no group for global access) and a set of permissions: create, read, write and unlink2. Such access rights are usually defined in a CSV file named ir.model.access.csv.
每一个访问权是一个模型,一个组(或者对于通用访问来说没有组),和一组权限(创建,阅读,写,删除[2])的关联关系.这些访问权限通常定义在csv文件中,命名为ir.model.access.csv

Here is an example for our previous test.model:
这里是我们前一张test.model准备的一个例子

id,name,model_id/id,group_id/id,perm_read,perm_write,perm_create,perm_unlink
access_test_model,access_test_model,model_test_model,base.group_user,1,0,0,0

• id is an external identifier.

• id是一个外键

• name is the name of the ir.model.access.
  *名称是ir.model.access的名称

• model_id/id refers to the model which the access right applies to. The standard way to refer to the model is model_<model_name>, where <model_name> is the _name of the model with the . replaced by _. Seems cumbersome? Indeed it is…
  *model_id/id 指向访问权限应用的模型.指向模型的标准方式是模型的model_name,model_name是mode的_name字段看起来很麻烦?确实是

• group_id/id refers to the group which the access right applies to. We will cover the concept of groups in the advanced topic dedicated to the security.

• group_id/id指的是访问权限适用的组.我们将会在致力于安全的高级主体中涵盖这个概念

• perm_read,perm_write,perm_create,perm_unlink: read, write, create and unlink permissions

• perm_read,perm_write,perm_create,perm_unlink: 读权限,写权限,增加权限,删除权限

Exercise

练习

Add access rights.
增加访问权限
Create the ir.model.access.csv file in the appropriate folder and define it in the manifest.py file.
在适当的文件夹下面创建ir.model.access.csv文件并且在__manifest__.py文件中定义

Give the read, write, create and unlink permissions to the group base.group_user.
给读,写,增,删,权限到base.group_user用户组

Tip: the warning message in the log gives you most of the solution 😉
贴士:警告日志给了你几乎所有的解决方案

Restart the server and the warning message should have disappeared!
重启服务,警告应该消失
It’s now time to finally interact with the UI!
现在是和UI交互的时间了
1

meaning which Odoo user (or group of users)
意味着odoo用户(或者用户组)

2

‘unlink’ is the equivalent of ‘delete’

unlink和delete相同