initial commit 2

2 files changed, 122 insertions, 0 deletions

diff --git a/addons/website/security/ir.model.access.csv b/addons/website/security/ir.model.access.csv
new file mode 100644
index 00000000..c3bcd6aa
--- /dev/null
+++ b/addons/website/security/ir.model.access.csv
@@ -0,0 +1,25 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_website_public,website.public,website.model_website,,1,0,0,0
+access_website_designer,website.website.designer,website.model_website,group_website_designer,1,1,1,1
+access_website_menu,access_website_menu,model_website_menu,,1,0,0,0
+access_website_menu_designer,Web Menu Manager,model_website_menu,group_website_designer,1,1,1,1
+access_website_rewrite,access_website_rewrite,model_website_rewrite,,0,0,0,0
+access_website_rewrite_designer,Web Rewrite Manager,model_website_rewrite,group_website_designer,1,1,1,1
+access_website_page,access_website_page,model_website_page,,0,0,0,0
+access_website_page_designer,Web Page Manager,model_website_page,group_website_designer,1,1,1,1
+access_website_ir_ui_view_publisher,access_website_ir_ui_view_publisher,model_ir_ui_view,group_website_publisher,1,0,0,0
+access_website_ir_ui_view_designer,access_website_ir_ui_view_designer,model_ir_ui_view,group_website_designer,1,1,1,1
+access_seo_public,access_seo_public,model_website_seo_metadata,,1,0,0,0
+access_seo_designer,access_seo_designer,model_website_seo_metadata,group_website_designer,1,1,1,1
+access_website_visitor_designer,access_website_visitor_designer,model_website_visitor,website.group_website_designer,1,1,0,1
+access_website_visitor_system,access_website_visitor_system,model_website_visitor,base.group_system,1,1,0,1
+access_website_track_designer,access_website_track_designer,model_website_track,website.group_website_designer,1,1,1,1
+access_website_track_system,access_website_track_system,model_website_track,base.group_system,1,1,1,1
+access_website_route_designer,access_website_designer_route,model_website_route,group_website_designer,1,1,1,1
+access_theme_ir_ui_view,access_theme_ir_ui_view,model_theme_ir_ui_view,base.group_system,1,1,1,1
+access_theme_ir_attachment,access_theme_ir_attachment,model_theme_ir_attachment,base.group_system,1,1,1,1
+access_theme_website_menu,access_theme_website_menu,model_theme_website_menu,base.group_system,1,1,1,1
+access_theme_website_page,access_theme_website_page,model_theme_website_page,base.group_system,1,1,1,1
+access_website_robots,access.website.robots,model_website_robots,website.group_website_designer,1,1,1,0
+access_website_dynamic_filter_public,access_website_dynamic_filter,model_website_snippet_filter,,0,0,0,0
+access_website_dynamic_filter_system,access_website_dynamic_filter,model_website_snippet_filter,base.group_system,1,1,1,1
diff --git a/addons/website/security/website_security.xml b/addons/website/security/website_security.xml
new file mode 100644
index 00000000..60948552
--- /dev/null
+++ b/addons/website/security/website_security.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+    <record model="ir.module.category" id="base.module_category_website_website">
+        <field name="sequence">23</field>
+    </record>
+
+    <record id="group_website_publisher" model="res.groups">
+        <field name="name">Restricted Editor</field>
+        <field name="category_id" ref="base.module_category_website_website"/>
+    </record>
+    <record id="group_website_designer" model="res.groups">
+        <field name="name">Editor and Designer</field>
+        <field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>
+        <field name="implied_ids" eval="[(4, ref('group_website_publisher'))]"/>
+        <field name="category_id" ref="base.module_category_website_website"/>
+    </record>
+
+    <record id="base.default_user" model="res.users">
+        <field name="groups_id" eval="[(4, ref('group_website_designer'))]"/>
+    </record>
+    <!-- FIXME: groups on existing users should probably be updated when implied_ids is, or existing users don't get the relevant implied groups on module installation... -->
+    <record id="base.user_admin" model="res.users">
+        <field name="groups_id" eval="[(4, ref('website.group_website_designer'))]"/>
+    </record>
+
+    <record id="base.group_system" model="res.groups">
+        <field name="implied_ids" eval="[(4, ref('website.group_website_designer'))]"/>
+    </record>
+
+    <data noupdate="1">
+
+    <record id="website_menu" model="ir.rule">
+        <field name="name">Website menu: group_ids</field>
+        <field name="model_id" ref="model_website_menu"/>
+        <field name="domain_force">['|', ('group_ids', '=', False), ('group_ids', 'in', user.groups_id.ids)]</field>
+    </record>
+
+    <record id="website_designer_edit_qweb" model="ir.rule">
+        <field name="name">website_designer: Manage Website and qWeb view</field>
+        <field name="model_id" ref="base.model_ir_ui_view"/>
+        <field name="domain_force">[('type', '=', 'qweb')]</field>
+        <field name="groups" eval="[(4, ref('group_website_designer'))]"/>
+        <field name="perm_read" eval="True"/>
+        <field name="perm_write" eval="True"/>
+        <field name="perm_create" eval="True"/>
+        <field name="perm_unlink" eval="True"/>
+    </record>
+    <record id="website_designer_view" model="ir.rule">
+        <field name="name">website_designer: global view</field>
+        <field name="model_id" ref="base.model_ir_ui_view"/>
+        <field name="domain_force">[('type', '!=', 'qweb')]</field>
+        <field name="groups" eval="[(4, ref('group_website_designer'))]"/>
+        <field name="perm_read" eval="True"/>
+        <field name="perm_write" eval="False"/>
+        <field name="perm_create" eval="False"/>
+        <field name="perm_unlink" eval="False"/>
+    </record>
+    <record id="website_group_system_edit_all_views" model="ir.rule">
+        <field name="name">Administration Settings: Manage all views</field>
+        <field name="model_id" ref="base.model_ir_ui_view"/>
+        <field name="domain_force">[(1, '=', 1)]</field>
+        <field name="groups" eval="[(4, ref('base.group_system'))]"/>
+        <field name="perm_read" eval="True"/>
+        <field name="perm_write" eval="True"/>
+        <field name="perm_create" eval="True"/>
+        <field name="perm_unlink" eval="True"/>
+    </record>
+    <record id="website_page_rule_public" model="ir.rule">
+        <field name="name">website.page: portal/public: read published pages</field>
+        <field name="model_id" ref="website.model_website_page"/>
+        <field name="domain_force">[('website_published', '=', True)]</field>
+        <field name="groups" eval="[(4, ref('base.group_portal')), (4, ref('base.group_public'))]"/>
+    </record>
+
+    <record id="view_rule_visibility_public" model="ir.rule">
+        <field name="name">Website View Visibility Public</field>
+        <field name="model_id" ref="base.model_ir_ui_view"/>
+        <field name="domain_force">['|', ('type', '!=', 'qweb'), ('visibility', 'in', ('public', False))]</field>
+        <field name="perm_read" eval="True"/>
+        <field name="perm_write" eval="False"/>
+        <field name="perm_create" eval="False"/>
+        <field name="perm_unlink" eval="False"/>
+        <field name="groups" eval="[(4, ref('base.group_public'))]"/>
+    </record>
+    <record id="view_rule_visibility_connected" model="ir.rule">
+        <field name="name">Website View Visibility Connected</field>
+        <field name="model_id" ref="base.model_ir_ui_view"/>
+        <field name="domain_force">['|', ('type', '!=', 'qweb'), ('visibility', 'in', ('public', 'connected', False))]</field>
+        <field name="perm_read" eval="True"/>
+        <field name="perm_write" eval="False"/>
+        <field name="perm_create" eval="False"/>
+        <field name="perm_unlink" eval="False"/>
+        <field name="groups" eval="[(4, ref('base.group_portal'))]"/>
+    </record>
+
+    </data>
+</odoo>