Fatal编程技术网
  • odoo/
  • 如何保护Odoo默认管理员帐户?

如何保护Odoo默认管理员帐户?

odoo

如何保护Odoo默认管理员帐户?,odoo,Odoo,以下描述的问题在Odoo 12 CE上出现 创建数据库时创建的默认管理员类型为Administrator/Settings。为简单起见,我们将其命名为User1。User1创建User2。User1将管理员/访问权限授予User2。现在User2能够: 删除用户1 自我升级到管理员/设置 我们如何防止User2执行上述两种操作,从而保护User1 提前感谢您的建议。这是一个好问题。超级用户(或您所称的管理员或用户1)仅受激活/停用和删除的保护。但是,您可以从超级用户的权限中删除管理员/访问权

以下描述的问题在Odoo 12 CE上出现

创建数据库时创建的默认管理员类型为Administrator/Settings。为简单起见,我们将其命名为User1。User1创建User2。User1将管理员/访问权限授予User2。现在User2能够:

  • 删除用户1

  • 自我升级到管理员/设置

我们如何防止User2执行上述两种操作,从而保护User1

提前感谢您的建议。

这是一个好问题。
超级用户
(或您所称的
管理员
用户1
)仅受激活/停用删除的保护。但是,您可以从超级用户的权限中删除管理员/访问权限

我们可以在(
用户
类)中查看为保护
超级用户
所做的工作:

编辑记录方法:

@api.multi
def write(self, values):
    if values.get('active') and SUPERUSER_ID in self._ids:
        raise UserError(_("You cannot activate the superuser."))
    if values.get('active') == False and self._uid in self._ids:
        raise UserError(_("You cannot deactivate the user you're currently logged in as."))
    ...

@api.multi
def unlink(self):
    if SUPERUSER_ID in self.ids:
        raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
    db = self._cr.dbname
    for id in self.ids:
        self.__uid_cache[db].pop(id, None)
    self._invalidate_session_cache()
    return super(Users, self).unlink()
删除记录方法:

@api.multi
def write(self, values):
    if values.get('active') and SUPERUSER_ID in self._ids:
        raise UserError(_("You cannot activate the superuser."))
    if values.get('active') == False and self._uid in self._ids:
        raise UserError(_("You cannot deactivate the user you're currently logged in as."))
    ...

@api.multi
def unlink(self):
    if SUPERUSER_ID in self.ids:
        raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
    db = self._cr.dbname
    for id in self.ids:
        self.__uid_cache[db].pop(id, None)
    self._invalidate_session_cache()
    return super(Users, self).unlink()
我们可以做些什么来进一步确保安全?:

@api.multi
def write(self, values):
    if values.get('active') and SUPERUSER_ID in self._ids:
        raise UserError(_("You cannot activate the superuser."))
    if values.get('active') == False and self._uid in self._ids:
        raise UserError(_("You cannot deactivate the user you're currently logged in as."))
    ...

@api.multi
def unlink(self):
    if SUPERUSER_ID in self.ids:
        raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
    db = self._cr.dbname
    for id in self.ids:
        self.__uid_cache[db].pop(id, None)
    self._invalidate_session_cache()
    return super(Users, self).unlink()
为了防止任何人(除了
超级用户
本身)触摸
超级用户
,您可以在
用户
类中的
写入
方法的开头添加以下代码(在前面提到的路径中):

这是个好问题。
超级用户
(或您所称的
管理员
用户1
)仅受激活/停用删除的保护。但是,您可以从超级用户的权限中删除管理员/访问权限

我们可以在(
用户
类)中查看为保护
超级用户
所做的工作:

编辑记录方法:

@api.multi
def write(self, values):
    if values.get('active') and SUPERUSER_ID in self._ids:
        raise UserError(_("You cannot activate the superuser."))
    if values.get('active') == False and self._uid in self._ids:
        raise UserError(_("You cannot deactivate the user you're currently logged in as."))
    ...

@api.multi
def unlink(self):
    if SUPERUSER_ID in self.ids:
        raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
    db = self._cr.dbname
    for id in self.ids:
        self.__uid_cache[db].pop(id, None)
    self._invalidate_session_cache()
    return super(Users, self).unlink()
删除记录方法:

@api.multi
def write(self, values):
    if values.get('active') and SUPERUSER_ID in self._ids:
        raise UserError(_("You cannot activate the superuser."))
    if values.get('active') == False and self._uid in self._ids:
        raise UserError(_("You cannot deactivate the user you're currently logged in as."))
    ...

@api.multi
def unlink(self):
    if SUPERUSER_ID in self.ids:
        raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
    db = self._cr.dbname
    for id in self.ids:
        self.__uid_cache[db].pop(id, None)
    self._invalidate_session_cache()
    return super(Users, self).unlink()
我们可以做些什么来进一步确保安全?:

@api.multi
def write(self, values):
    if values.get('active') and SUPERUSER_ID in self._ids:
        raise UserError(_("You cannot activate the superuser."))
    if values.get('active') == False and self._uid in self._ids:
        raise UserError(_("You cannot deactivate the user you're currently logged in as."))
    ...

@api.multi
def unlink(self):
    if SUPERUSER_ID in self.ids:
        raise UserError(_('You can not remove the admin user as it is used internally for resources created by Odoo (updates, module installation, ...)'))
    db = self._cr.dbname
    for id in self.ids:
        self.__uid_cache[db].pop(id, None)
    self._invalidate_session_cache()
    return super(Users, self).unlink()
为了防止任何人(除了
超级用户
本身)触摸
超级用户
,您可以在
用户
类中的
写入
方法的开头添加以下代码(在前面提到的路径中):

不要忘记正确识别新代码并重新启动服务器以使更改生效。不要忘记正确识别新代码并重新启动服务器以使更改生效。