oca/oca-ocb-security
2
0
Fork 0
mirror of https://github.com/bringout/oca-ocb-security.git synced 2026-04-23 06:32:01 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Initial commit: Security packages

Browse source
This commit is contained in:
Ernad Husremovic 2025-08-29 15:20:51 +02:00
commit bb469e4763
1399 changed files with 278378 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
odoo-bringout-oca-ocb-auth_totp/auth_totp/security/ir.model.access.csv Normal file
View file

@ -0,0 +1,3 @@
"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
"access_auth_totp_device_access_employee","TOTP Device access employees","model_auth_totp_device","base.group_user",1,0,0,0
"access_auth_totp_device_access_portal","TOTP Device access portal","model_auth_totp_device","base.group_portal",1,0,0,0
1 id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
2 access_auth_totp_device_access_employee TOTP Device access employees model_auth_totp_device base.group_user 1 0 0 0
3 access_auth_totp_device_access_portal TOTP Device access portal model_auth_totp_device base.group_portal 1 0 0 0

39
odoo-bringout-oca-ocb-auth_totp/auth_totp/security/security.xml Normal file
View file

@ -0,0 +1,39 @@
<odoo>
<record model="ir.model.access" id="access_auth_totp_wizard">
<field name="name">auth_totp wizard access rules</field>
<field name="model_id" ref="model_auth_totp_wizard"/>
<field name="group_id" ref="base.group_user"/>
<field name="perm_read">1</field>
<field name="perm_write">1</field>
<field name="perm_create">1</field>
<field name="perm_unlink">1</field>
</record>
<record model="ir.rule" id="rule_auth_totp_wizard">
<field name="name">Users can only access their own wizard</field>
<field name="model_id" ref="model_auth_totp_wizard"/>
<field name="domain_force">[('user_id', '=', user.id)]</field>
</record>
<!-- rules for API token -->
<record id="api_key_public" model="ir.rule">
<field name="name">Public users can't interact with keys at all</field>
<field name="model_id" ref="model_auth_totp_device"/>
<field name="domain_force">[(0, '=', 1)]</field>
<field name="groups" eval="[Command.link(ref('base.group_public'))]"/>
</record>
<record id="api_key_user" model="ir.rule">
<field name="name">Users can read and delete their own keys</field>
<field name="model_id" ref="model_auth_totp_device"/>
<field name="domain_force">[('user_id', '=', user.id)]</field>
<field name="groups" eval="[
Command.link(ref('base.group_portal')),
Command.link(ref('base.group_user')),
]"/>
</record>
<record id="api_key_admin" model="ir.rule">
<field name="name">Administrators can view user keys to revoke them</field>
<field name="model_id" ref="model_auth_totp_device"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[Command.link(ref('base.group_system'))]"/>
</record>
</odoo>