Tiny ERP Security Enhancements

I am happy to write that, i enhance security feature for tiny Field Based ACL, in the previous development i have done the field based security on the view side. so developer can write from the view as follows

<string="Extra Info" groups="base.group_admin">
<name="active" select="2"/>
...
...

So, in Partner form when other user which is not inside the Admin groups they can not able to access / view the "Extra Info" page, so this way developer can implement the security from the view side.

I make an enhancement in that to have the security for the read / write based on the fields. till now we work with the Access Control, and Record rules for the Security. using the Access Control one can apply the security on whole Tiny Object, new enhancement in that is Record rules then we can have a security based on the records, means we can have the record based security. and now a great feature that tiny have is Field based Security.

Developer can define the security depends on the fields while developing the Tiny Module. they can give security for read and for write permission separately.
developer just have to define fields with security parameter as follows

class res_partner(osv.osv): _description='Partner' _name = "res.partner" _order = "name" _columns = { 'name': fields.char('Name', size=128,
required=True, select=True, write=['base.group_admin'], read=['base.group_admin']), }
res_partner()

This means that only admin group members have the permission to read and write the name field on the partner object.

so other user have the screen like as follows.



Some of the places other user which is not in the admin can see the data like "=No Permission=
this is because for the read=['base.group_admin']
Same way if write=['base.group_admin'] given so user which is not in the admin grous can not be able to change value for that field.