From b10c84902662103d06ccafc915d52e0269f57af4 Mon Sep 17 00:00:00 2001
From: eLBati <lb@takobi.online>
Date: Wed, 1 Jul 2020 08:21:19 +0200
Subject: [PATCH] ADD pos_user_restriction Restrict some users to only access
 their assigned points of sale

---
 pos_user_restriction/__init__.py              |  1 +
 pos_user_restriction/__manifest__.py          | 23 ++++++++
 pos_user_restriction/i18n/it.po               | 53 +++++++++++++++++++
 pos_user_restriction/models/__init__.py       |  1 +
 pos_user_restriction/models/pos_config.py     | 10 ++++
 pos_user_restriction/readme/CONFIGURE.rst     |  3 ++
 pos_user_restriction/readme/CONTRIBUTORS.rst  |  1 +
 pos_user_restriction/readme/DESCRIPTION.rst   |  1 +
 .../security/ir.model.access.csv              | 24 +++++++++
 .../security/pos_security.xml                 | 52 ++++++++++++++++++
 pos_user_restriction/tests/__init__.py        |  1 +
 .../tests/test_pos_user_restriction.py        | 52 ++++++++++++++++++
 .../views/pos_config_views.xml                | 28 ++++++++++
 .../odoo/addons/pos_user_restriction          |  1 +
 setup/pos_user_restriction/setup.py           |  6 +++
 15 files changed, 257 insertions(+)
 create mode 100644 pos_user_restriction/__init__.py
 create mode 100644 pos_user_restriction/__manifest__.py
 create mode 100644 pos_user_restriction/i18n/it.po
 create mode 100644 pos_user_restriction/models/__init__.py
 create mode 100644 pos_user_restriction/models/pos_config.py
 create mode 100644 pos_user_restriction/readme/CONFIGURE.rst
 create mode 100644 pos_user_restriction/readme/CONTRIBUTORS.rst
 create mode 100644 pos_user_restriction/readme/DESCRIPTION.rst
 create mode 100644 pos_user_restriction/security/ir.model.access.csv
 create mode 100644 pos_user_restriction/security/pos_security.xml
 create mode 100644 pos_user_restriction/tests/__init__.py
 create mode 100644 pos_user_restriction/tests/test_pos_user_restriction.py
 create mode 100644 pos_user_restriction/views/pos_config_views.xml
 create mode 120000 setup/pos_user_restriction/odoo/addons/pos_user_restriction
 create mode 100644 setup/pos_user_restriction/setup.py

diff --git a/pos_user_restriction/__init__.py b/pos_user_restriction/__init__.py
new file mode 100644
index 00000000..0650744f
--- /dev/null
+++ b/pos_user_restriction/__init__.py
@@ -0,0 +1 @@
+from . import models
diff --git a/pos_user_restriction/__manifest__.py b/pos_user_restriction/__manifest__.py
new file mode 100644
index 00000000..1fbad035
--- /dev/null
+++ b/pos_user_restriction/__manifest__.py
@@ -0,0 +1,23 @@
+# Copyright 2020 Lorenzo Battistini @ TAKOBI
+# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl).
+{
+    "name": "Point of Sale - Restrict users",
+    "summary": "Restrict some users to see and use only certain points of sale",
+    "version": "12.0.1.0.0",
+    "development_status": "Beta",
+    "category": "Point of Sale",
+    "website": "https://github.com/OCA/pos",
+    "author": "TAKOBI, Odoo Community Association (OCA)",
+    "maintainers": ["eLBati"],
+    "license": "LGPL-3",
+    "application": False,
+    "installable": True,
+    "depends": [
+        "point_of_sale",
+    ],
+    "data": [
+        "security/pos_security.xml",
+        "views/pos_config_views.xml",
+        "security/ir.model.access.csv",
+    ],
+}
diff --git a/pos_user_restriction/i18n/it.po b/pos_user_restriction/i18n/it.po
new file mode 100644
index 00000000..a194265b
--- /dev/null
+++ b/pos_user_restriction/i18n/it.po
@@ -0,0 +1,53 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+#	* pos_user_restriction
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 12.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2020-07-07 04:49+0000\n"
+"PO-Revision-Date: 2020-07-07 04:49+0000\n"
+"Last-Translator: <>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: pos_user_restriction
+#: model:ir.model.fields,field_description:pos_user_restriction.field_pos_config__assigned_user_ids
+msgid "Assigned users"
+msgstr "Utenti assegnati"
+
+#. module: pos_user_restriction
+#: model:ir.model,name:pos_user_restriction.model_pos_config
+msgid "Point of Sale Configuration"
+msgstr "Configurazione punto vendita"
+
+#. module: pos_user_restriction
+#: model:ir.model.fields,help:pos_user_restriction.field_pos_config__assigned_user_ids
+#: model_terms:ir.ui.view,arch_db:pos_user_restriction.pos_config_view_form_users
+msgid "Restrict some users to only access their assigned points of sale. In order to apply the restriction, the user needs the 'User: Assigned POS Only' group"
+msgstr "Limitare alcuni utenti ad accedere solamente ai loro punti vendita assegnati. Per applicare la restrizione, l'utente necessita il gruppo 'Utente: solamente POS assegnati'"
+
+#. module: pos_user_restriction
+#: model:res.groups,comment:pos_user_restriction.group_assigned_points_of_sale_user
+msgid "The user will have access to her assigned points of sale."
+msgstr "L'utente avrà accesso ai propri punti vendita assegnati."
+
+#. module: pos_user_restriction
+#: model:res.groups,name:pos_user_restriction.group_assigned_points_of_sale_user
+msgid "User: Assigned POS Only"
+msgstr "Utente: solamente POS assegnati"
+
+#. module: pos_user_restriction
+#: model_terms:ir.ui.view,arch_db:pos_user_restriction.pos_config_view_form_users
+msgid "Users"
+msgstr "Utenti"
+
+#. module: pos_user_restriction
+#: model_terms:ir.ui.view,arch_db:pos_user_restriction.pos_config_view_form_users
+msgid "Users assigned to this point of sale"
+msgstr "Utenti assegnati a questo punto vendita"
+
diff --git a/pos_user_restriction/models/__init__.py b/pos_user_restriction/models/__init__.py
new file mode 100644
index 00000000..db8634ad
--- /dev/null
+++ b/pos_user_restriction/models/__init__.py
@@ -0,0 +1 @@
+from . import pos_config
diff --git a/pos_user_restriction/models/pos_config.py b/pos_user_restriction/models/pos_config.py
new file mode 100644
index 00000000..7daa5cbb
--- /dev/null
+++ b/pos_user_restriction/models/pos_config.py
@@ -0,0 +1,10 @@
+from odoo import models, fields
+
+
+class PosConfig(models.Model):
+    _inherit = 'pos.config'
+    assigned_user_ids = fields.Many2many(
+        "res.users", string="Assigned users",
+        help="Restrict some users to only access their assigned points of sale. "
+             "In order to apply the restriction, the user needs the "
+             "'User: Assigned POS Only' group")
diff --git a/pos_user_restriction/readme/CONFIGURE.rst b/pos_user_restriction/readme/CONFIGURE.rst
new file mode 100644
index 00000000..13be1437
--- /dev/null
+++ b/pos_user_restriction/readme/CONFIGURE.rst
@@ -0,0 +1,3 @@
+With a POS Manager, open a point of sale configration (pos.config) and set "Assigned users" field.
+
+Then, assign "User: Assigned POS Only" group to users who should be able to access to their assigned points of sale only.
diff --git a/pos_user_restriction/readme/CONTRIBUTORS.rst b/pos_user_restriction/readme/CONTRIBUTORS.rst
new file mode 100644
index 00000000..b27b50b5
--- /dev/null
+++ b/pos_user_restriction/readme/CONTRIBUTORS.rst
@@ -0,0 +1 @@
+* Lorenzo Battistini (https://takobi.online)
diff --git a/pos_user_restriction/readme/DESCRIPTION.rst b/pos_user_restriction/readme/DESCRIPTION.rst
new file mode 100644
index 00000000..c6756576
--- /dev/null
+++ b/pos_user_restriction/readme/DESCRIPTION.rst
@@ -0,0 +1 @@
+Restrict some users to only access their assigned points of sale.
diff --git a/pos_user_restriction/security/ir.model.access.csv b/pos_user_restriction/security/ir.model.access.csv
new file mode 100644
index 00000000..59d274ae
--- /dev/null
+++ b/pos_user_restriction/security/ir.model.access.csv
@@ -0,0 +1,24 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_pos_order,pos.order,point_of_sale.model_pos_order,group_assigned_points_of_sale_user,1,1,1,1
+access_pos_order_line,pos.order.line,point_of_sale.model_pos_order_line,group_assigned_points_of_sale_user,1,1,1,1
+access_pos_pack_operation_lot,pos.pack.operation.lot,point_of_sale.model_pos_pack_operation_lot,group_assigned_points_of_sale_user,1,1,1,1
+access_stock_picking_pos_user,stock.picking pos_user,stock.model_stock_picking,group_assigned_points_of_sale_user,1,1,1,1
+access_stock_warehouse_pos_user,stock.warehouse pos_user,stock.model_stock_warehouse,group_assigned_points_of_sale_user,1,0,0,0
+access_stock_move_pos_user,stock.move pos_user,stock.model_stock_move,group_assigned_points_of_sale_user,1,1,1,1
+access_report_pos_order,report.pos.order,point_of_sale.model_report_pos_order,group_assigned_points_of_sale_user,1,1,1,1
+access_account_journal_pos_user,account.journal pos_user,account.model_account_journal,group_assigned_points_of_sale_user,1,0,0,0
+access_account_bank_statement,account.bank.statement,account.model_account_bank_statement,group_assigned_points_of_sale_user,1,1,1,0
+access_account_bank_statement_line,account.bank.statement.line,account.model_account_bank_statement_line,group_assigned_points_of_sale_user,1,1,1,0
+access_product_product,product.product,product.model_product_product,group_assigned_points_of_sale_user,1,0,0,0
+access_product_template_pos_user,product.template pos user,product.model_product_template,group_assigned_points_of_sale_user,1,0,0,0
+access_product_product_supplierinfo_user,product.supplierinfo user,product.model_product_supplierinfo,group_assigned_points_of_sale_user,1,0,0,0
+access_product_product_packaging_user,product.packaging user,product.model_product_packaging,group_assigned_points_of_sale_user,1,0,0,0
+access_product_pricelist_user,product.pricelist user,product.model_product_pricelist,group_assigned_points_of_sale_user,1,0,0,0
+access_pos_session_user,pos.session user,point_of_sale.model_pos_session,group_assigned_points_of_sale_user,1,1,1,0
+access_pos_config_user,pos.config user,point_of_sale.model_pos_config,group_assigned_points_of_sale_user,1,1,0,0
+access_product_category_pos_user,pos.category user,point_of_sale.model_pos_category,group_assigned_points_of_sale_user,1,0,0,0
+access_barcode_nomenclature_pos_user,barcode.nomenclature.pos.user,barcodes.model_barcode_nomenclature,group_assigned_points_of_sale_user,1,0,0,0
+access_barcode_rule_pos_user,barcode.rule.pos.user,barcodes.model_barcode_rule,group_assigned_points_of_sale_user,1,0,0,0
+access_bank_statement_cashbox_user,account.bank.statement.cashbox user,account.model_account_bank_statement_cashbox,group_assigned_points_of_sale_user,1,1,1,0
+access_account_cashbox_line_user,account.cashbox.line user,account.model_account_cashbox_line,group_assigned_points_of_sale_user,1,1,1,0
+access_account_cash_rounding_pos_user,account.cash.rounding.pos.user,account.model_account_cash_rounding,group_assigned_points_of_sale_user,1,0,0,0
diff --git a/pos_user_restriction/security/pos_security.xml b/pos_user_restriction/security/pos_security.xml
new file mode 100644
index 00000000..2bfb2ca1
--- /dev/null
+++ b/pos_user_restriction/security/pos_security.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+    <record id="group_assigned_points_of_sale_user" model="res.groups">
+        <field name="name">User: Assigned POS Only</field>
+        <field name="category_id" ref="base.module_category_point_of_sale"/>
+        <field name="comment">The user will have access to her assigned points of sale.</field>
+    </record>
+    <record id="point_of_sale.group_pos_user" model="res.groups">
+        <field name="implied_ids" eval="[(4, ref('group_assigned_points_of_sale_user'))]"/>
+    </record>
+
+<data noupdate="1">
+    <record id="pos_config_assigned_users" model="ir.rule">
+        <field name="name">Assigned points of sale</field>
+        <field ref="point_of_sale.model_pos_config" name="model_id"/>
+        <field name="domain_force">['|',('assigned_user_ids','in',user.id),('assigned_user_ids','=',False)]</field>
+        <field name="groups" eval="[(4, ref('group_assigned_points_of_sale_user'))]"/>
+    </record>
+    <record id="pos_session_assigned_users" model="ir.rule">
+        <field name="name">Assigned POS sessions</field>
+        <field ref="point_of_sale.model_pos_session" name="model_id"/>
+        <field name="domain_force">['|',('config_id.assigned_user_ids','in',user.id),('config_id.assigned_user_ids','=',False)]</field>
+        <field name="groups" eval="[(4, ref('group_assigned_points_of_sale_user'))]"/>
+    </record>
+    <record id="pos_order_assigned_users" model="ir.rule">
+        <field name="name">Assigned POS orders</field>
+        <field ref="point_of_sale.model_pos_order" name="model_id"/>
+        <field name="domain_force">['|',('session_id.config_id.assigned_user_ids','in',user.id),('session_id.config_id.assigned_user_ids','=',False)]</field>
+        <field name="groups" eval="[(4, ref('group_assigned_points_of_sale_user'))]"/>
+    </record>
+
+    <record id="pos_config_see_all" model="ir.rule">
+        <field name="name">All points of sale</field>
+        <field ref="point_of_sale.model_pos_config" name="model_id"/>
+        <field name="domain_force">[(1,'=',1)]</field>
+        <field name="groups" eval="[(4, ref('point_of_sale.group_pos_user'))]"/>
+    </record>
+    <record id="pos_session_see_all" model="ir.rule">
+        <field name="name">All POS sessions</field>
+        <field ref="point_of_sale.model_pos_session" name="model_id"/>
+        <field name="domain_force">[(1,'=',1)]</field>
+        <field name="groups" eval="[(4, ref('point_of_sale.group_pos_user'))]"/>
+    </record>
+    <record id="pos_order_see_all" model="ir.rule">
+        <field name="name">All POS orders</field>
+        <field ref="point_of_sale.model_pos_order" name="model_id"/>
+        <field name="domain_force">[(1,'=',1)]</field>
+        <field name="groups" eval="[(4, ref('point_of_sale.group_pos_user'))]"/>
+    </record>
+</data>
+
+</odoo>
diff --git a/pos_user_restriction/tests/__init__.py b/pos_user_restriction/tests/__init__.py
new file mode 100644
index 00000000..056bb441
--- /dev/null
+++ b/pos_user_restriction/tests/__init__.py
@@ -0,0 +1 @@
+from . import test_pos_user_restriction
diff --git a/pos_user_restriction/tests/test_pos_user_restriction.py b/pos_user_restriction/tests/test_pos_user_restriction.py
new file mode 100644
index 00000000..05bf2b37
--- /dev/null
+++ b/pos_user_restriction/tests/test_pos_user_restriction.py
@@ -0,0 +1,52 @@
+from odoo.tests.common import SavepointCase
+
+
+class TestUserRestriction(SavepointCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.env = cls.env(context=dict(
+            cls.env.context,
+            tracking_disable=True,
+            no_reset_password=True,
+        ))
+        cls.pos_user = cls.env['res.users'].create({
+            'login': 'pos_user',
+            'name': 'pos_user',
+            'groups_id': [(6, 0, [cls.env.ref('point_of_sale.group_pos_user').id])]
+        })
+        cls.pos_user_assigned_pos = cls.env['res.users'].create({
+            'login': 'pos_user_assigned_pos',
+            'name': 'pos_user_assigned_pos',
+            'groups_id': [(6, 0, [cls.env.ref(
+                'pos_user_restriction.group_assigned_points_of_sale_user').id])]
+        })
+        cls.pos_config_main = cls.env.ref('point_of_sale.pos_config_main')
+        cls.pos_config_model = cls.env['pos.config']
+
+    def test_access_pos(self):
+        # assigned_user_ids is not set: both users can read
+        pos_configs = self.pos_config_model.sudo(self.pos_user.id).search([])
+        self.assertTrue(pos_configs)
+        pos_configs = self.pos_config_model.sudo(
+            self.pos_user_assigned_pos.id).search([])
+        self.assertTrue(pos_configs)
+
+        self.pos_config_main.assigned_user_ids = [
+            (6, 0, [self.pos_user_assigned_pos.id])]
+        # assigned_user_ids is set with pos_user_assigned_pos: both users can read
+        pos_configs = self.pos_config_model.sudo(self.pos_user.id).search([])
+        self.assertTrue(pos_configs)
+        pos_configs = self.pos_config_model.sudo(
+            self.pos_user_assigned_pos.id).search([])
+        self.assertTrue(pos_configs)
+
+        self.pos_config_main.assigned_user_ids = [
+            (6, 0, [self.pos_user.id])]
+        # assigned_user_ids is set with pos_user: only pos_user can read
+        pos_configs = self.pos_config_model.sudo(self.pos_user.id).search([])
+        self.assertTrue(pos_configs)
+        pos_configs = self.pos_config_model.sudo(
+            self.pos_user_assigned_pos.id).search([])
+        self.assertFalse(pos_configs)
diff --git a/pos_user_restriction/views/pos_config_views.xml b/pos_user_restriction/views/pos_config_views.xml
new file mode 100644
index 00000000..60a26298
--- /dev/null
+++ b/pos_user_restriction/views/pos_config_views.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+    <record id="pos_config_view_form_users" model="ir.ui.view">
+        <field name="name">pos_config_view_form_users</field>
+        <field name="model">pos.config</field>
+        <field name="inherit_id" ref="point_of_sale.pos_config_view_form"/>
+        <field name="arch" type="xml">
+            <xpath expr="//sheet/div[last()]" position="after">
+                <h2 groups="point_of_sale.group_pos_manager">Users</h2>
+                <div class="row mt16 o_settings_container" groups="point_of_sale.group_pos_manager">
+                    <div class="col-12 col-lg-6 o_setting_box">
+                        <div class="o_setting_right_pane">
+                            <div class="text-muted">
+                                Users assigned to this point of sale
+                            </div>
+                            <div class="content-group">
+                                <div class="row mt16" title="Restrict some users to only access their assigned points of sale. In order to apply the restriction, the user needs the 'User: Assigned POS Only' group">
+                                    <label for="assigned_user_ids" class="col-lg-3 o_light_label" />
+                                    <field name="assigned_user_ids" widget="many2many_tags" options="{'no_create': True}"/>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </xpath>
+        </field>
+    </record>
+</odoo>
diff --git a/setup/pos_user_restriction/odoo/addons/pos_user_restriction b/setup/pos_user_restriction/odoo/addons/pos_user_restriction
new file mode 120000
index 00000000..e391ab2c
--- /dev/null
+++ b/setup/pos_user_restriction/odoo/addons/pos_user_restriction
@@ -0,0 +1 @@
+../../../../pos_user_restriction
\ No newline at end of file
diff --git a/setup/pos_user_restriction/setup.py b/setup/pos_user_restriction/setup.py
new file mode 100644
index 00000000..28c57bb6
--- /dev/null
+++ b/setup/pos_user_restriction/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)