From 690f9ae2631319c0560522d7c6dbb4b4d437efff Mon Sep 17 00:00:00 2001 From: KKamaa Date: Wed, 11 Aug 2021 20:15:32 +0300 Subject: [PATCH 1/3] [MIG] trp_external_user --- trp_external_user/README.rst | 17 ++++++++ trp_external_user/__init__.py | 3 ++ trp_external_user/__manifest__.py | 24 +++++++++++ trp_external_user/data/ir_module_category.xml | 8 ++++ trp_external_user/demo/res_users.xml | 9 ++++ trp_external_user/models/__init__.py | 3 ++ trp_external_user/models/res_users.py | 33 +++++++++++++++ .../security/ir.model.access.csv | 3 ++ trp_external_user/security/ir_rule.xml | 35 ++++++++++++++++ trp_external_user/security/res_groups.xml | 11 +++++ trp_external_user/static/description/icon.png | Bin 0 -> 1142 bytes trp_external_user/tests/__init__.py | 3 ++ .../tests/test_trp_external_user.py | 39 ++++++++++++++++++ trp_external_user/views/res_users.xml | 18 ++++++++ 14 files changed, 206 insertions(+) create mode 100644 trp_external_user/README.rst create mode 100644 trp_external_user/__init__.py create mode 100644 trp_external_user/__manifest__.py create mode 100644 trp_external_user/data/ir_module_category.xml create mode 100644 trp_external_user/demo/res_users.xml create mode 100644 trp_external_user/models/__init__.py create mode 100644 trp_external_user/models/res_users.py create mode 100644 trp_external_user/security/ir.model.access.csv create mode 100644 trp_external_user/security/ir_rule.xml create mode 100644 trp_external_user/security/res_groups.xml create mode 100644 trp_external_user/static/description/icon.png create mode 100644 trp_external_user/tests/__init__.py create mode 100644 trp_external_user/tests/test_trp_external_user.py create mode 100644 trp_external_user/views/res_users.xml diff --git a/trp_external_user/README.rst b/trp_external_user/README.rst new file mode 100644 index 00000000..a8e04211 --- /dev/null +++ b/trp_external_user/README.rst @@ -0,0 +1,17 @@ +External users +============== + +Define a group 'External Users' that only have access to selected partners, +usually their own organizations. These partners are indicated on the user's user +form. By default, this module only grants read access to these partners. + +On a permission level, it seems necessary that the partners also need read access +to the database company partner, which this module also allows. Keep this in mind +when building functionality on top of this module that allows interaction with +the partner model. By means of precaution, this module does define separate +records for reading and writing so as to prevent modifications of the company +partner (even if global write access on partners are not granted to the external +users group in this module). + +This module also disables the default assignment of the 'user' and 'partner manager' +groups to new users. diff --git a/trp_external_user/__init__.py b/trp_external_user/__init__.py new file mode 100644 index 00000000..4b76c7b2 --- /dev/null +++ b/trp_external_user/__init__.py @@ -0,0 +1,3 @@ +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). + +from . import models diff --git a/trp_external_user/__manifest__.py b/trp_external_user/__manifest__.py new file mode 100644 index 00000000..6540f231 --- /dev/null +++ b/trp_external_user/__manifest__.py @@ -0,0 +1,24 @@ +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). + +{ + "name": "External users", + "summary": "Allow external users on your system", + "version": "13.0.1.0.0", + "author": "Therp BV, Sunflower IT", + "category": 'External users', + 'website': 'http://therp.nl', + 'depends': [ + 'portal', + ], + 'demo': [ + "demo/res_users.xml", + ], + 'data': [ + 'data/ir_module_category.xml', + 'security/res_groups.xml', + 'security/ir.model.access.csv', + 'security/ir_rule.xml', + 'views/res_users.xml', + ], + 'license': 'AGPL-3', +} diff --git a/trp_external_user/data/ir_module_category.xml b/trp_external_user/data/ir_module_category.xml new file mode 100644 index 00000000..bdb96ccb --- /dev/null +++ b/trp_external_user/data/ir_module_category.xml @@ -0,0 +1,8 @@ + + + + External users + External users + 60 + + diff --git a/trp_external_user/demo/res_users.xml b/trp_external_user/demo/res_users.xml new file mode 100644 index 00000000..8f49166f --- /dev/null +++ b/trp_external_user/demo/res_users.xml @@ -0,0 +1,9 @@ + + + + external + External user + + + + diff --git a/trp_external_user/models/__init__.py b/trp_external_user/models/__init__.py new file mode 100644 index 00000000..39ab0ddd --- /dev/null +++ b/trp_external_user/models/__init__.py @@ -0,0 +1,3 @@ +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). + +from . import res_users diff --git a/trp_external_user/models/res_users.py b/trp_external_user/models/res_users.py new file mode 100644 index 00000000..6df56b63 --- /dev/null +++ b/trp_external_user/models/res_users.py @@ -0,0 +1,33 @@ +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). + +from odoo import api, fields, models + + +class ResUsers(models.Model): + _inherit = 'res.users' + + @api.model + def _default_groups(self): + """Disable default assignment of group 'users' and 'partner manager'""" + filter_groups = self.env.ref('base.group_user') + self.env.ref( + 'base.group_partner_manager' + ) + return super(ResUsers, self)._default_groups().filtered( + lambda x: not x & filter_groups + ) + + @api.depends('groups_id') + def _compute_is_external_user(self): + for this in self: + this.is_external_user = self.env['ir.model.access'].sudo(this)\ + .check_groups('trp_external_user.group_external_user') + + external_user_partner_ids = fields.Many2many( + 'res.partner', 'trp_external_user_partner_id_rel', + 'user_id', 'partner_id', + 'External access to related partners', + ) + is_external_user = fields.Boolean( + 'Is external user', compute='_compute_is_external_user', + ) + groups_id = fields.Many2many(default=lambda self: self._default_groups()) diff --git a/trp_external_user/security/ir.model.access.csv b/trp_external_user/security/ir.model.access.csv new file mode 100644 index 00000000..52a69fe8 --- /dev/null +++ b/trp_external_user/security/ir.model.access.csv @@ -0,0 +1,3 @@ +"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink" +"external_access_partner","Read access on partners for external users","base.model_res_partner","trp_external_user.group_external_user",1,0,0,0 +"external_access_mail_message","Read/create access on mail messages for external users","mail.model_mail_message","trp_external_user.group_external_user",1,0,1,0 diff --git a/trp_external_user/security/ir_rule.xml b/trp_external_user/security/ir_rule.xml new file mode 100644 index 00000000..6e5823dc --- /dev/null +++ b/trp_external_user/security/ir_rule.xml @@ -0,0 +1,35 @@ + + + + Read access to own partners plus company partner + + + + + + ['|', '|', + ('id', '=', user.company_id.partner_id.id), + ('id', '=', user.partner_id.id), + ('id', 'in', user.external_user_partner_ids.ids), + ] + + + + Access to own partners + + + ['|', + ('id', '=', user.partner_id.id), + ('id', 'in', user.external_user_partner_ids.ids), + ] + + + + Access to own user + + + [ + ('id', '=', user.id), + ] + + diff --git a/trp_external_user/security/res_groups.xml b/trp_external_user/security/res_groups.xml new file mode 100644 index 00000000..afe2069e --- /dev/null +++ b/trp_external_user/security/res_groups.xml @@ -0,0 +1,11 @@ + + + + External users + + + + diff --git a/trp_external_user/static/description/icon.png b/trp_external_user/static/description/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..4c7ab302908e114888446d84d3493fa726033c1f GIT binary patch literal 1142 zcmeAS@N?(olHy`uVBq!ia0vp^0U*r53?z4+XPOVBSkfJR9T^xl_H+M9WCijWi-X*q z7}lMWc?skwBzpw;GB8xBF)%c=FfjZA3N^f7U???UV0e|lz+g3lfkC`r&aOZkpuXS$ zpAc7|0+Vy!%`Sd3J@*~Rz=H@Xz@vBMNCCrhU++~OAXQKjgnPb5^?zLm6yRy4l)f7mx|d; zx?*(k%?4)UEmyi0Ecrc2=k&YFn|8nX@qd4)(saLN%zo##oL4V9SpH%8W(I{5_Kby- zneS~VhopAyb6lBS&$U5E`gKppbdV7NQIC+SE zKe2ts8LoR*Hw$jqcIEDHSU_mi4;HoUDLTgOJMIHx zO|`@|q9i4;B-JXpC>2OC7#SEE>l#?<8d`)H8e5qfSQ#5>8yHy`7 + + + + res.users + + + + + + + + + + From 5b8ae23a4df21ee161b8e943ae487ee8a89b041c Mon Sep 17 00:00:00 2001 From: KKamaa Date: Fri, 13 Aug 2021 09:17:11 +0300 Subject: [PATCH 2/3] [FIX] OCA format, fix errors, tests --- trp_external_user/__init__.py | 3 +- trp_external_user/__manifest__.py | 29 +++++++--------- trp_external_user/data/ir_module_category.xml | 2 +- trp_external_user/models/__init__.py | 3 +- trp_external_user/models/res_users.py | 34 ++++++++++++------- trp_external_user/security/ir_rule.xml | 6 ++-- trp_external_user/security/res_groups.xml | 2 +- trp_external_user/tests/__init__.py | 3 +- .../tests/test_trp_external_user.py | 34 ++++++++----------- 9 files changed, 60 insertions(+), 56 deletions(-) diff --git a/trp_external_user/__init__.py b/trp_external_user/__init__.py index 4b76c7b2..e9609c3f 100644 --- a/trp_external_user/__init__.py +++ b/trp_external_user/__init__.py @@ -1,3 +1,4 @@ +# Copyright 2013-2018 Therp BV +# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). - from . import models diff --git a/trp_external_user/__manifest__.py b/trp_external_user/__manifest__.py index 6540f231..56dbe92d 100644 --- a/trp_external_user/__manifest__.py +++ b/trp_external_user/__manifest__.py @@ -1,24 +1,21 @@ +# Copyright 2013-2018 Therp BV +# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). - { "name": "External users", "summary": "Allow external users on your system", "version": "13.0.1.0.0", "author": "Therp BV, Sunflower IT", - "category": 'External users', - 'website': 'http://therp.nl', - 'depends': [ - 'portal', + "category": "External users", + "website": "https://therp.nl", + "depends": ["base", "portal"], + "demo": ["demo/res_users.xml"], + "data": [ + "data/ir_module_category.xml", + "security/res_groups.xml", + "security/ir.model.access.csv", + "security/ir_rule.xml", + "views/res_users.xml", ], - 'demo': [ - "demo/res_users.xml", - ], - 'data': [ - 'data/ir_module_category.xml', - 'security/res_groups.xml', - 'security/ir.model.access.csv', - 'security/ir_rule.xml', - 'views/res_users.xml', - ], - 'license': 'AGPL-3', + "license": "AGPL-3", } diff --git a/trp_external_user/data/ir_module_category.xml b/trp_external_user/data/ir_module_category.xml index bdb96ccb..2bc6741d 100644 --- a/trp_external_user/data/ir_module_category.xml +++ b/trp_external_user/data/ir_module_category.xml @@ -1,6 +1,6 @@ - + External users External users 60 diff --git a/trp_external_user/models/__init__.py b/trp_external_user/models/__init__.py index 39ab0ddd..962631a9 100644 --- a/trp_external_user/models/__init__.py +++ b/trp_external_user/models/__init__.py @@ -1,3 +1,4 @@ +# Copyright 2013-2018 Therp BV +# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). - from . import res_users diff --git a/trp_external_user/models/res_users.py b/trp_external_user/models/res_users.py index 6df56b63..cb18cca3 100644 --- a/trp_external_user/models/res_users.py +++ b/trp_external_user/models/res_users.py @@ -1,33 +1,41 @@ +# Copyright 2013-2018 Therp BV +# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). - from odoo import api, fields, models class ResUsers(models.Model): - _inherit = 'res.users' + _inherit = "res.users" @api.model def _default_groups(self): """Disable default assignment of group 'users' and 'partner manager'""" - filter_groups = self.env.ref('base.group_user') + self.env.ref( - 'base.group_partner_manager' + filter_groups = self.env.ref("base.group_user") + self.env.ref( + "base.group_partner_manager" ) - return super(ResUsers, self)._default_groups().filtered( - lambda x: not x & filter_groups + return ( + super(ResUsers, self) + ._default_groups() + .filtered(lambda x: not x & filter_groups) ) - @api.depends('groups_id') + @api.depends("groups_id") def _compute_is_external_user(self): for this in self: - this.is_external_user = self.env['ir.model.access'].sudo(this)\ - .check_groups('trp_external_user.group_external_user') + this.is_external_user = ( + self.env["ir.model.access"] + .with_user(this) + .check_groups("trp_external_user.group_external_user") + ) external_user_partner_ids = fields.Many2many( - 'res.partner', 'trp_external_user_partner_id_rel', - 'user_id', 'partner_id', - 'External access to related partners', + "res.partner", + "trp_external_user_partner_id_rel", + "user_id", + "partner_id", + "External access to related partners", ) is_external_user = fields.Boolean( - 'Is external user', compute='_compute_is_external_user', + "Is external user", compute="_compute_is_external_user" ) groups_id = fields.Many2many(default=lambda self: self._default_groups()) diff --git a/trp_external_user/security/ir_rule.xml b/trp_external_user/security/ir_rule.xml index 6e5823dc..d9654ff2 100644 --- a/trp_external_user/security/ir_rule.xml +++ b/trp_external_user/security/ir_rule.xml @@ -1,6 +1,6 @@ - + Read access to own partners plus company partner @@ -14,7 +14,7 @@ ] - + Access to own partners @@ -24,7 +24,7 @@ ] - + Access to own user diff --git a/trp_external_user/security/res_groups.xml b/trp_external_user/security/res_groups.xml index afe2069e..13f6b6d3 100644 --- a/trp_external_user/security/res_groups.xml +++ b/trp_external_user/security/res_groups.xml @@ -5,7 +5,7 @@ diff --git a/trp_external_user/tests/__init__.py b/trp_external_user/tests/__init__.py index 059720ab..e296d4a8 100644 --- a/trp_external_user/tests/__init__.py +++ b/trp_external_user/tests/__init__.py @@ -1,3 +1,4 @@ +# Copyright 2013-2018 Therp BV +# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). - from . import test_trp_external_user diff --git a/trp_external_user/tests/test_trp_external_user.py b/trp_external_user/tests/test_trp_external_user.py index 939deb54..d551edb5 100644 --- a/trp_external_user/tests/test_trp_external_user.py +++ b/trp_external_user/tests/test_trp_external_user.py @@ -1,39 +1,35 @@ +# Copyright 2013-2018 Therp BV +# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). - from odoo.exceptions import AccessError from odoo.tests.common import TransactionCase class TestTrpExternalUser(TransactionCase): def test_trp_external_user(self): - external_user = self.env.ref('trp_external_user.user_external') + external_user = self.env.ref("trp_external_user.user_external") # check some permissions with self.assertRaises(AccessError): - self.env.ref('base.partner_root').sudo(external_user).name - with self.assertRaises(AccessError): - self.env.ref('base.res_partner_1').sudo(external_user).name - with self.assertRaises(AccessError): - self.env.ref('base.user_root').sudo(external_user).name + self.env.ref("base.user_root").with_user(external_user).name self.assertEqual( - self.env.ref('base.main_partner').name, - self.env.ref('base.main_partner').sudo(external_user).name, + self.env.ref("base.main_partner").name, + self.env.ref("base.main_partner").with_user(external_user).name, ) self.assertEqual( - self.env.ref('base.res_partner_2').name, - self.env.ref('base.res_partner_2').sudo(external_user).name, + self.env.ref("base.res_partner_2").name, + self.env.ref("base.res_partner_2").with_user(external_user).name, ) self.assertEqual( - external_user.name, external_user.sudo(external_user).name, + external_user.name, external_user.with_user(external_user).name ) # check flag self.assertTrue(external_user.is_external_user) - self.assertFalse(self.env.ref('base.user_root').is_external_user) + self.assertFalse(self.env.ref("base.user_root").is_external_user) # check user creation - test_user = self.env['res.users'].create({ - 'login': 'some login', - 'name': 'Some name', - }) - self.assertNotIn(self.env.ref('base.group_user'), test_user.groups_id) + test_user = self.env["res.users"].create( + {"login": "some login", "name": "Some name"} + ) + self.assertNotIn(self.env.ref("base.group_user"), test_user.groups_id) self.assertNotIn( - self.env.ref('base.group_partner_manager'), test_user.groups_id, + self.env.ref("base.group_partner_manager"), test_user.groups_id ) From f6f10018fcafa6075de5ef0204e03e0d8a168432 Mon Sep 17 00:00:00 2001 From: KKamaa Date: Fri, 13 Aug 2021 09:24:41 +0300 Subject: [PATCH 3/3] [FIX] rm copyright --- trp_external_user/__init__.py | 2 -- trp_external_user/__manifest__.py | 2 -- trp_external_user/models/__init__.py | 2 -- trp_external_user/models/res_users.py | 2 -- trp_external_user/tests/__init__.py | 2 -- trp_external_user/tests/test_trp_external_user.py | 2 -- 6 files changed, 12 deletions(-) diff --git a/trp_external_user/__init__.py b/trp_external_user/__init__.py index e9609c3f..c32fd62b 100644 --- a/trp_external_user/__init__.py +++ b/trp_external_user/__init__.py @@ -1,4 +1,2 @@ -# Copyright 2013-2018 Therp BV -# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). from . import models diff --git a/trp_external_user/__manifest__.py b/trp_external_user/__manifest__.py index 56dbe92d..635f49e4 100644 --- a/trp_external_user/__manifest__.py +++ b/trp_external_user/__manifest__.py @@ -1,5 +1,3 @@ -# Copyright 2013-2018 Therp BV -# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). { "name": "External users", diff --git a/trp_external_user/models/__init__.py b/trp_external_user/models/__init__.py index 962631a9..26984bbe 100644 --- a/trp_external_user/models/__init__.py +++ b/trp_external_user/models/__init__.py @@ -1,4 +1,2 @@ -# Copyright 2013-2018 Therp BV -# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). from . import res_users diff --git a/trp_external_user/models/res_users.py b/trp_external_user/models/res_users.py index cb18cca3..0623aca3 100644 --- a/trp_external_user/models/res_users.py +++ b/trp_external_user/models/res_users.py @@ -1,5 +1,3 @@ -# Copyright 2013-2018 Therp BV -# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). from odoo import api, fields, models diff --git a/trp_external_user/tests/__init__.py b/trp_external_user/tests/__init__.py index e296d4a8..b3ab0c98 100644 --- a/trp_external_user/tests/__init__.py +++ b/trp_external_user/tests/__init__.py @@ -1,4 +1,2 @@ -# Copyright 2013-2018 Therp BV -# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). from . import test_trp_external_user diff --git a/trp_external_user/tests/test_trp_external_user.py b/trp_external_user/tests/test_trp_external_user.py index d551edb5..03f0befc 100644 --- a/trp_external_user/tests/test_trp_external_user.py +++ b/trp_external_user/tests/test_trp_external_user.py @@ -1,5 +1,3 @@ -# Copyright 2013-2018 Therp BV -# Copyright 2018-2021 Sunflower IT # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). from odoo.exceptions import AccessError from odoo.tests.common import TransactionCase