130 lines
4.9 KiB

  1. # -*- coding: utf-8 -*-
  2. # Copyright 2017 LasLabs Inc.
  3. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
  4. import os
  5. from csv import reader
  6. from lxml import etree
  7. from odoo import SUPERUSER_ID, _, api, fields, models, registry
  8. from odoo.exceptions import AccessError, ValidationError
  9. from .ir_config_parameter import THRESHOLD_HIDE, MAX_DB_USER_PARAM
  10. from .res_groups import THRESHOLD_MANAGER
  11. class ResUsers(models.Model):
  12. _inherit = 'res.users'
  13. threshold_exempt = fields.Boolean(
  14. 'Exempt User From User Count Thresholds',
  15. )
  16. def __init__(self, pool, cr):
  17. """
  18. Override to check if env var to hide threshold configuration and
  19. reset the database state is set. If it is, run those actions
  20. """
  21. if THRESHOLD_HIDE:
  22. exempt_users_var = os.environ.get('USER_THRESHOLD_USER', '')
  23. exempt_users = reader([exempt_users_var])
  24. with api.Environment.manage():
  25. with registry(cr.dbname).cursor() as new_cr:
  26. new_env = api.Environment(new_cr, SUPERUSER_ID, {})
  27. installed = new_env['ir.module.module'].search_count([
  28. ('name', '=', 'user_threshold'),
  29. ('state', '=', 'installed'),
  30. ])
  31. if installed:
  32. users = new_env['res.users'].search([
  33. ('share', '=', False),
  34. ('threshold_exempt', '=', True),
  35. ])
  36. non_ex = users.filtered(
  37. lambda r: r.login not in exempt_users
  38. )
  39. for user in non_ex:
  40. user.threshold_exempt = False
  41. new_cr.commit()
  42. def _check_thresholds(self):
  43. """
  44. Check to see if any user thresholds are met
  45. Returns:
  46. False when the thresholds aren't met and True when they are
  47. """
  48. domain = [
  49. ('threshold_exempt', '=', False),
  50. ('share', '=', False),
  51. ]
  52. users = self.env['res.users'].search(domain)
  53. max_db_users = int(self.env['ir.config_parameter'].get_param(
  54. MAX_DB_USER_PARAM
  55. ))
  56. if max_db_users > 0 and len(users) >= max_db_users:
  57. return True
  58. company = self.env.user.company_id
  59. company_users = users.filtered(lambda r: r.company_id.id == company.id)
  60. if company.max_users > 0 and len(company_users) >= company.max_users:
  61. return True
  62. return False
  63. @api.multi
  64. def copy(self, default=None):
  65. """
  66. Override method to make sure the Thresholds aren't met before
  67. creating a new user
  68. """
  69. if self._check_thresholds():
  70. raise ValidationError(_(
  71. 'Cannot add user - Maximum number of allowed users reached'
  72. ))
  73. return super(ResUsers, self).copy(default=default)
  74. @api.multi
  75. def create(self, vals):
  76. """
  77. Override method to make sure the Thresholds aren't met before
  78. creating a new user
  79. """
  80. if self._check_thresholds():
  81. raise ValidationError(_(
  82. 'Cannot add user - Maximum number of allowed users reached'
  83. ))
  84. return super(ResUsers, self).create(vals)
  85. @api.model
  86. def fields_view_get(self, view_id=None, view_type='form', toolbar=False,
  87. submenu=False):
  88. """ Hide Max User Field when the env var to hide the field is set """
  89. res = super(ResUsers, self).fields_view_get(
  90. view_id, view_type, toolbar, submenu
  91. )
  92. if THRESHOLD_HIDE:
  93. doc = etree.XML(res['arch'])
  94. for node in doc.xpath("//group[@name='user_threshold']"):
  95. node.getparent().remove(node)
  96. res['arch'] = etree.tostring(doc, pretty_print=True)
  97. return res
  98. @api.multi
  99. def write(self, vals):
  100. """
  101. Override write to verify that membership of the Threshold Manager
  102. group is not able to be set by users outside that group
  103. """
  104. thold_group = self.env.ref(THRESHOLD_MANAGER, raise_if_not_found=False)
  105. if thold_group:
  106. user_is_manager = self.env.user.has_group(THRESHOLD_MANAGER)
  107. if vals.get('threshold_exempt') and not user_is_manager:
  108. raise AccessError(_(
  109. 'You must be a member of the `User Threshold Manager`'
  110. ' group to grant threshold exemptions.'
  111. ))
  112. is_add_group = vals.get('in_group_%s' % thold_group.id)
  113. if is_add_group and not user_is_manager:
  114. raise AccessError(_(
  115. 'You must be a member of the `User Threshold Manager`'
  116. ' group to grant access to it.'
  117. ))
  118. return super(ResUsers, self).write(vals)