@api.multi
def button_cancel(self):
for move in self:
if not move.journal_id.update_posted:
raise UserError(_('You cannot modify a posted entry of this journal.
First you should set the journal to allow cancelling entries.'))
# We remove all the analytics entries for this journal
move.mapped('line_ids.analytic_line_ids').unlink()
if self.ids:
self.check_access_rights('write') #调用函数
self.check_access_rule('write') #调用函数
self._check_lock_date()
self._cr.execute('UPDATE account_move '
'SET state=%s '
'WHERE id IN %s', ('draft', tuple(self.ids),))
self.invalidate_cache()
self._check_lock_date()
return True
@api.model
def check_access_rights(self, operation, raise_exception=True):
""" Verifies that the operation given by ``operation`` is allowed for
the current user according to the access rights.
"""
return self.env['ir.model.access'].check(self._name, operation, raise_exception)
@api.multi
def check_access_rule(self, operation):
""" Verifies that the operation given by ``operation`` is allowed for
the current user according to ir.rules.
:param operation: one of ``write``, ``unlink``
:raise UserError: * if current ir.rules do not permit this operation.
:return: None if the operation is allowed
"""
if self._uid == SUPERUSER_ID:
return
invalid = self - self._filter_access_rules(operation) # ???????
if not invalid:
return
forbidden = invalid.exists()
if forbidden:
# the invalid records are (partially) hidden by access rules
if self.is_transient():
raise AccessError(_('For this kind of document, you may only access records you created yourself.
(Document type: %s)') % (self._description,))
else:
_logger.info('Access Denied by record rules for operation: %s on record ids: %r, uid: %s, model: %s', operation, forbidden.ids, self._uid, self._name)
raise AccessError(_('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: %s, Operation: %s)') %
(self._description, operation))
# If we get here, the invalid records are not in the database.
if operation in ('read', 'unlink'):
# No need to warn about deleting an already deleted record.
# And no error when reading a record that was deleted, to prevent spurious
# errors for non-transactional search/read sequences coming from clients.
return
_logger.info('Failed operation on deleted record(s): %s, uid: %s, model: %s', operation, self._uid, self._name)
raise MissingError(_('Missing document(s)') + ':' + _('One of the documents you are trying to access has been deleted, please try again after refreshing.'))