abdallah
/
server-env
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[REF] Server Environment: restrict access to server config to allowed users 

New security group restricting access to server config
Admin is part of the group by default
This commit is contained in:
Thomas Binsfeld 2018-10-08 11:45:13 +02:00 committed by Maxime Franco
parent fee58c7681
commit c7a09c0224
4 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server_environment/README.rst
View File

@ -18,7 +18,8 @@ an environment variable with a fallback on default values in the database.
The configuration read from the files are visible under the Configuration The configuration read from the files are visible under the Configuration
menu. If you are not in the 'dev' environment you will not be able to menu. If you are not in the 'dev' environment you will not be able to
see the values contained in keys named '*passw*'. see the values contained in the defined secret keys
(by default : '*passw*', '*key*', '*secret*' and '*token*').
Installation Installation
============ ============

1
server_environment/__manifest__.py
View File

@ -31,6 +31,7 @@
"license": "GPL-3 or any later version", "license": "GPL-3 or any later version",
"category": "Tools", "category": "Tools",
"data": [ "data": [
'security/res_groups.xml',
'serv_config.xml', 'serv_config.xml',
], ],
'installable': True, 'installable': True,

10
server_environment/security/res_groups.xml Normal file
View File

@ -0,0 +1,10 @@
<?xml version="1.0"?>
<odoo>
<record model="res.groups" id="has_server_configuration_access">
<field name="name">View Server Environment Configuration</field>
<field name="users" eval="[(4, ref('base.user_root'))]"/>
</record>
</odoo>

17
server_environment/serv_config.py
View File

@ -24,7 +24,7 @@ import configparser
from lxml import etree from lxml import etree
from itertools import chain from itertools import chain
from odoo import api, fields, models from odoo import api, models, fields
from odoo.tools.config import config as system_base_config from odoo.tools.config import config as system_base_config
from .system_info import get_server_environment from .system_info import get_server_environment
@ -283,11 +283,24 @@ class ServerConfiguration(models.TransientModel):
res['fields'] = xfields res['fields'] = xfields
return res return res
@api.model
def _is_secret(self, key):
"""
This method is intended to be inherited to defined which keywords
should be secret.
:return: list of secret keywords
"""
secret_keys = ['passw', 'key', 'secret', 'token']
return any(secret_key in key for secret_key in secret_keys)
@api.model @api.model
def default_get(self, fields_list): def default_get(self, fields_list):
res = {} res = {}
if not self.env.user.has_group(
'server_environment.has_server_configuration_access'):
return res
for key in self._conf_defaults: for key in self._conf_defaults:
if 'passw' in key and not self.show_passwords: if not self.show_passwords and self._is_secret(key=key):
res[key] = '**********' res[key] = '**********'
else: else:
res[key] = self._conf_defaults[key]() res[key] = self._conf_defaults[key]()