如何保护Odoo默认管理员帐户?
以下描述的问题在Odoo 12 CE上出现 创建数据库时创建的默认管理员类型为Administrator/Settings。为简单起见,我们将其命名为User1。User1创建User2。User1将管理员/访问权限授予User2。现在User2能够:如何保护Odoo默认管理员帐户?,odoo,Odoo,以下描述的问题在Odoo 12 CE上出现 创建数据库时创建的默认管理员类型为Administrator/Settings。为简单起见,我们将其命名为User1。User1创建User2。User1将管理员/访问权限授予User2。现在User2能够: 删除用户1 自我升级到管理员/设置 我们如何防止User2执行上述两种操作,从而保护User1 提前感谢您的建议。这是一个好问题。超级用户(或您所称的管理员或用户1)仅受激活/停用和删除的保护。但是,您可以从超级用户的权限中删除管理员/访问权
- 删除用户1
- 自我升级到管理员/设置
提前感谢您的建议。这是一个好问题。
超级用户
(或您所称的管理员
或用户1
)仅受激活/停用和删除的保护。但是,您可以从超级用户的权限中删除管理员/访问权限
我们可以在(用户
类)中查看为保护超级用户
所做的工作:
编辑记录方法:
@api.multi
def write(self, values):
if values.get('active') and SUPERUSER_ID in self._ids:
raise UserError(_("You cannot activate the superuser."))
if values.get('active') == False and self._uid in self._ids:
raise UserError(_("You cannot deactivate the user you're currently logged in as."))
...
@api.multi
def unlink(self):
if SUPERUSER_ID in self.ids:
raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
db = self._cr.dbname
for id in self.ids:
self.__uid_cache[db].pop(id, None)
self._invalidate_session_cache()
return super(Users, self).unlink()
删除记录方法:
@api.multi
def write(self, values):
if values.get('active') and SUPERUSER_ID in self._ids:
raise UserError(_("You cannot activate the superuser."))
if values.get('active') == False and self._uid in self._ids:
raise UserError(_("You cannot deactivate the user you're currently logged in as."))
...
@api.multi
def unlink(self):
if SUPERUSER_ID in self.ids:
raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
db = self._cr.dbname
for id in self.ids:
self.__uid_cache[db].pop(id, None)
self._invalidate_session_cache()
return super(Users, self).unlink()
我们可以做些什么来进一步确保安全?:
@api.multi
def write(self, values):
if values.get('active') and SUPERUSER_ID in self._ids:
raise UserError(_("You cannot activate the superuser."))
if values.get('active') == False and self._uid in self._ids:
raise UserError(_("You cannot deactivate the user you're currently logged in as."))
...
@api.multi
def unlink(self):
if SUPERUSER_ID in self.ids:
raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
db = self._cr.dbname
for id in self.ids:
self.__uid_cache[db].pop(id, None)
self._invalidate_session_cache()
return super(Users, self).unlink()
为了防止任何人(除了超级用户
本身)触摸超级用户
,您可以在用户
类中的写入
方法的开头添加以下代码(在前面提到的路径中):
这是个好问题。
超级用户
(或您所称的管理员
或用户1
)仅受激活/停用和删除的保护。但是,您可以从超级用户的权限中删除管理员/访问权限
我们可以在(用户
类)中查看为保护超级用户
所做的工作:
编辑记录方法:
@api.multi
def write(self, values):
if values.get('active') and SUPERUSER_ID in self._ids:
raise UserError(_("You cannot activate the superuser."))
if values.get('active') == False and self._uid in self._ids:
raise UserError(_("You cannot deactivate the user you're currently logged in as."))
...
@api.multi
def unlink(self):
if SUPERUSER_ID in self.ids:
raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
db = self._cr.dbname
for id in self.ids:
self.__uid_cache[db].pop(id, None)
self._invalidate_session_cache()
return super(Users, self).unlink()
删除记录方法:
@api.multi
def write(self, values):
if values.get('active') and SUPERUSER_ID in self._ids:
raise UserError(_("You cannot activate the superuser."))
if values.get('active') == False and self._uid in self._ids:
raise UserError(_("You cannot deactivate the user you're currently logged in as."))
...
@api.multi
def unlink(self):
if SUPERUSER_ID in self.ids:
raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
db = self._cr.dbname
for id in self.ids:
self.__uid_cache[db].pop(id, None)
self._invalidate_session_cache()
return super(Users, self).unlink()
我们可以做些什么来进一步确保安全?:
@api.multi
def write(self, values):
if values.get('active') and SUPERUSER_ID in self._ids:
raise UserError(_("You cannot activate the superuser."))
if values.get('active') == False and self._uid in self._ids:
raise UserError(_("You cannot deactivate the user you're currently logged in as."))
...
@api.multi
def unlink(self):
if SUPERUSER_ID in self.ids:
raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
db = self._cr.dbname
for id in self.ids:
self.__uid_cache[db].pop(id, None)
self._invalidate_session_cache()
return super(Users, self).unlink()
为了防止任何人(除了超级用户
本身)触摸超级用户
,您可以在用户
类中的写入
方法的开头添加以下代码(在前面提到的路径中):
不要忘记正确识别新代码并重新启动服务器以使更改生效。不要忘记正确识别新代码并重新启动服务器以使更改生效。