diff --git a/base_user_role_company/__init__.py b/base_user_role_company/__init__.py new file mode 100644 index 000000000..bb83730e9 --- /dev/null +++ b/base_user_role_company/__init__.py @@ -0,0 +1,4 @@ +# Copyright (C) 2021 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +from . import models diff --git a/base_user_role_company/__manifest__.py b/base_user_role_company/__manifest__.py new file mode 100644 index 000000000..5b1af0981 --- /dev/null +++ b/base_user_role_company/__manifest__.py @@ -0,0 +1,19 @@ +# Copyright (C) 2021 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +{ + "name": "User roles by company", + "version": "14.0.1.0.0", + "category": "Tools", + "author": "Open Source Integrators, Odoo Community Association (OCA)", + "license": "AGPL-3", + "website": "https://github.com/OCA/server-backend", + "depends": ["base_user_role"], + "data": [ + "views/role.xml", + ], + "installable": True, + "auto_install": True, + "maintainer": "dreispt", + "development_status": "Beta", +} diff --git a/base_user_role_company/models/__init__.py b/base_user_role_company/models/__init__.py new file mode 100644 index 000000000..d38a0acf7 --- /dev/null +++ b/base_user_role_company/models/__init__.py @@ -0,0 +1,5 @@ +# Copyright (C) 2021 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +from . import role +from . import ir_http diff --git a/base_user_role_company/models/ir_http.py b/base_user_role_company/models/ir_http.py new file mode 100644 index 000000000..7eaca704a --- /dev/null +++ b/base_user_role_company/models/ir_http.py @@ -0,0 +1,23 @@ +# Copyright (C) 2021 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +from odoo import models +from odoo.http import request + + +class IrHttp(models.AbstractModel): + _inherit = "ir.http" + + def session_info(self): + """ + Based on the selected companies (cids), + calculate the roles to enable. + A role should be enabled only when it applies to all selected companies. + """ + result = super(IrHttp, self).session_info() + if self.env.user.role_line_ids: + cids_str = request.httprequest.cookies.get("cids", str(self.env.company.id)) + cids = [int(cid) for cid in cids_str.split(",")] + self.env.user._set_session_active_roles(cids) + self.env.user.set_groups_from_roles() + return result diff --git a/base_user_role_company/models/role.py b/base_user_role_company/models/role.py new file mode 100644 index 000000000..c6702494c --- /dev/null +++ b/base_user_role_company/models/role.py @@ -0,0 +1,65 @@ +# Copyright (C) 2021 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +from odoo import _, api, fields, models +from odoo.exceptions import ValidationError + + +class ResUsersRoleLine(models.Model): + _inherit = "res.users.role.line" + + company_id = fields.Many2one( + "res.company", + "Company", + help="If set, this role only applies when this is the main company selected." + " Otherwise it applies to all companies.", + ) + active_role = fields.Boolean(string="Active Role", default=True) + + @api.constrains("user_id", "company_id") + def _check_company(self): + for record in self: + if ( + record.company_id + and record.company_id != record.user_id.company_id + and record.company_id not in record.user_id.company_ids + ): + raise ValidationError( + _('User "{}" does not have access to the company "{}"').format( + record.user_id.name, record.company_id.name + ) + ) + + _sql_constraints = [ + ( + "user_role_uniq", + "unique (user_id,role_id,company_id)", + "Roles can be assigned to a user only once at a time", + ) + ] + + +class ResUsers(models.Model): + _inherit = "res.users" + + def _get_enabled_roles(self): + res = super()._get_enabled_roles() + return res.filtered("active_role") + + @api.model + def _set_session_active_roles(self, cids): + """ + Based on the selected companies (cids), + calculate the roles to enable. + A role should be enabled only when it applies to all selected companies. + """ + for role_line in self.env.user.role_line_ids: + if not role_line.company_id: + role_line.active_role = True + elif role_line.company_id.id in cids: + is_on_companies = self.env.user.role_line_ids.filtered( + lambda x: x.role_id == role_line.role_id and x.company_id.id in cids + ) + role_line.active_role = len(is_on_companies) == len(cids) + else: + role_line.active_role = False diff --git a/base_user_role_company/readme/CONFIGURE.rst b/base_user_role_company/readme/CONFIGURE.rst new file mode 100644 index 000000000..c50bf9fec --- /dev/null +++ b/base_user_role_company/readme/CONFIGURE.rst @@ -0,0 +1,6 @@ +Roles are set on the User form. + +The "Company" additional column allows to set a Role as only valid for specific companies. + +There is also a "Active Role" techincal field, only visible in developer mode. +It shows what roles are active, after applying the company selection rules. diff --git a/base_user_role_company/readme/CONTRIBUTORS.rst b/base_user_role_company/readme/CONTRIBUTORS.rst new file mode 100644 index 000000000..c259741d2 --- /dev/null +++ b/base_user_role_company/readme/CONTRIBUTORS.rst @@ -0,0 +1,4 @@ +`Open Source Integrators `_ + + * Daniel Reis + * Chandresh Thakkar diff --git a/base_user_role_company/readme/DESCRIPTION.rst b/base_user_role_company/readme/DESCRIPTION.rst new file mode 100644 index 000000000..68507f1e4 --- /dev/null +++ b/base_user_role_company/readme/DESCRIPTION.rst @@ -0,0 +1,9 @@ +Enable User Roles depending on the Companies selected. + +A company specific Role will only be enabled +if it is set for **all** the currently selected companies. + +For example, if a user is "Sales Manager" only for Company A, +it will see that role enabled only if Company A is selected. +If the user selects Company A and Company B, +then the "Sales Manager" role won't be enabled. diff --git a/base_user_role_company/readme/USAGE.rst b/base_user_role_company/readme/USAGE.rst new file mode 100644 index 000000000..88dce6bc7 --- /dev/null +++ b/base_user_role_company/readme/USAGE.rst @@ -0,0 +1,17 @@ +Select the active companies from the web client widget, near the top right corner. +When doing so, the User's security Groups are recomputed, based on the Roles. + +When the user changes the company selection, only the groups available to all active companies will be activated. + +For example: + +* A "SALES PERSON" and a "SALES MANAGER" roles are created. + +* A user is assigned to the roles: + * "SALES PERSON", with no specific company assigned (meaning all) + * "SALES MANAGER" only to "My Company (Chicago)" + +* When selecting active companies from the UI widget: + * If only "My Company (San Francisco)" is active, "SALES PERSON" will be active. + * If only "My Company (Chicago)" is active, "SALES PERSON" and "SALES MANAGER" will be active. + * If both "My Company (San Francisco)" and "My Company (Chicago)" is active, "SALES PERSON" will be active. diff --git a/base_user_role_company/tests/__init__.py b/base_user_role_company/tests/__init__.py new file mode 100644 index 000000000..cd7f7833f --- /dev/null +++ b/base_user_role_company/tests/__init__.py @@ -0,0 +1 @@ +from . import test_role_per_company diff --git a/base_user_role_company/tests/test_role_per_company.py b/base_user_role_company/tests/test_role_per_company.py new file mode 100644 index 000000000..14cb869bf --- /dev/null +++ b/base_user_role_company/tests/test_role_per_company.py @@ -0,0 +1,62 @@ +# Copyright 2021 Open Source Integrators +# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl). + +from odoo.tests.common import TransactionCase + + +class TestUserRoleCompany(TransactionCase): + def setUp(self): + super().setUp() + # COMPANIES + self.Company = self.env["res.company"] + self.company1 = self.env.ref("base.main_company") + self.company2 = self.Company.create({"name": "company2"}) + # ROLES + self.Role = self.env["res.users.role"] + self.roleA = self.Role.create({"name": "ROLE All Companies"}) + self.roleB = self.Role.create({"name": "ROLE Company 1"}) + self.roleC = self.Role.create({"name": "ROLE Company 1 and 2"}) + # USER + # ==Role=== ==Company== C1 C2 C1+C2 + # Role A Yes Yes Yes + # Role B Company1 Yes + # Role C Company1 Yes Yes + # Role C Company2 Yes Yes + self.User = self.env["res.users"] + user_vals = { + "name": "ROLES TEST USER", + "login": "test_user", + "company_ids": [(6, 0, [self.company1.id, self.company2.id])], + "role_line_ids": [ + (0, 0, {"role_id": self.roleA.id}), + (0, 0, {"role_id": self.roleB.id, "company_id": self.company1.id}), + (0, 0, {"role_id": self.roleC.id, "company_id": self.company1.id}), + (0, 0, {"role_id": self.roleC.id, "company_id": self.company2.id}), + ], + } + self.test_user = self.User.create(user_vals) + self.User = self.User.with_user(self.test_user) + + def test_110_company_1(self): + "Company 1 selected: Tech and Settings roles are activated" + self.User._set_session_active_roles([self.company1.id]) + active_roles = self.test_user.role_line_ids.filtered("active_role").mapped( + "role_id" + ) + self.assertEqual(active_roles, self.roleA | self.roleB | self.roleC) + + def test_120_company_2(self): + "Company 2 selected: only Tech role enabled" + self.User._set_session_active_roles([self.company2.id]) + active_roles = self.test_user.role_line_ids.filtered("active_role").mapped( + "role_id" + ) + self.assertEqual(active_roles, self.roleA | self.roleC) + + def test_130_company_1_2(self): + "Settings Role enabled for Company 1 and 2" + self.User._set_session_active_roles([self.company1.id, self.company2.id]) + active_roles = self.test_user.role_line_ids.filtered("active_role").mapped( + "role_id" + ) + self.assertEqual(active_roles, self.roleA | self.roleC) diff --git a/base_user_role_company/views/role.xml b/base_user_role_company/views/role.xml new file mode 100644 index 000000000..bfcb01e8f --- /dev/null +++ b/base_user_role_company/views/role.xml @@ -0,0 +1,14 @@ + + + + res.users.form.inherit.company + res.users + + + + + + + + + diff --git a/setup/base_user_role_company/odoo/addons/base_user_role_company b/setup/base_user_role_company/odoo/addons/base_user_role_company new file mode 120000 index 000000000..0f73b249c --- /dev/null +++ b/setup/base_user_role_company/odoo/addons/base_user_role_company @@ -0,0 +1 @@ +../../../../base_user_role_company \ No newline at end of file diff --git a/setup/base_user_role_company/setup.py b/setup/base_user_role_company/setup.py new file mode 100644 index 000000000..28c57bb64 --- /dev/null +++ b/setup/base_user_role_company/setup.py @@ -0,0 +1,6 @@ +import setuptools + +setuptools.setup( + setup_requires=['setuptools-odoo'], + odoo_addon=True, +)