From 0e757884ce5990a50220a99904f4d074a2047893 Mon Sep 17 00:00:00 2001 From: Pierrick Brun Date: Tue, 29 Jan 2019 16:03:06 +0100 Subject: [PATCH] [IMP] make base_user_role_line company dependent --- base_user_role/models/role.py | 17 ++++++++++- base_user_role/models/user.py | 9 ++++-- base_user_role/tests/test_user_role.py | 40 ++++++++++++++++++++++++++ base_user_role/views/role.xml | 1 + base_user_role/views/user.xml | 1 + 5 files changed, 64 insertions(+), 4 deletions(-) diff --git a/base_user_role/models/role.py b/base_user_role/models/role.py index 8fd56eca4..e6b7e1f60 100644 --- a/base_user_role/models/role.py +++ b/base_user_role/models/role.py @@ -3,8 +3,9 @@ import datetime import logging -from odoo import api, fields, models +from odoo import _, api, fields, models from odoo import SUPERUSER_ID +from odoo.exceptions import ValidationError _logger = logging.getLogger(__name__) @@ -82,6 +83,20 @@ class ResUsersRoleLine(models.Model): date_from = fields.Date("From") date_to = fields.Date("To") is_enabled = fields.Boolean("Enabled", compute='_compute_is_enabled') + company_id = fields.Many2one( + 'res.company', 'Company', + default=lambda self: self.env.user.company_id) + + @api.multi + @api.constrains('user_id', 'company_id') + def _check_company(self): + for record in self: + if (self.company_id and + self.company_id != self.user_id.company_id and + self.company_id not in self.user_id.company_ids): + raise ValidationError( + _('User "{}" does not have access to the company "{}"') + .format(self.user_id.name, self.company_id.name)) @api.multi @api.depends('date_from', 'date_to') diff --git a/base_user_role/models/user.py b/base_user_role/models/user.py index 2346ae94d..56b173cc2 100644 --- a/base_user_role/models/user.py +++ b/base_user_role/models/user.py @@ -50,6 +50,11 @@ class ResUsers(models.Model): return res @api.multi + def _get_enabled_roles(self): + return self.role_line_ids.filtered( + lambda rec: rec.is_enabled and + (not rec.company_id or rec.company_id == rec.user_id.company_id)) + def set_groups_from_roles(self, force=False): """Set (replace) the groups following the roles defined on users. If no role is defined on the user, its groups are let untouched unless @@ -66,9 +71,7 @@ class ResUsers(models.Model): if not user.role_line_ids and not force: continue group_ids = [] - role_lines = user.role_line_ids.filtered( - lambda rec: rec.is_enabled) - for role_line in role_lines: + for role_line in user._get_enabled_roles(): role = role_line.role_id group_ids += role_groups[role] group_ids = list(set(group_ids)) # Remove duplicates IDs diff --git a/base_user_role/tests/test_user_role.py b/base_user_role/tests/test_user_role.py index 9745c1412..62bb04bc1 100644 --- a/base_user_role/tests/test_user_role.py +++ b/base_user_role/tests/test_user_role.py @@ -41,6 +41,11 @@ class TestUserRole(TransactionCase): self.group_settings_id.id])], } self.role2_id = self.role_model.create(vals) + self.company1 = self.env.ref('base.main_company') + self.company2 = self.env['res.company'].create({'name': 'company2'}) + self.user_id.write( + {'company_ids': [ + (4, self.company1.id, 0), (4, self.company2.id, 0)]}) def test_role_1(self): self.user_id.write( @@ -162,3 +167,38 @@ class TestUserRole(TransactionCase): }) roles = self.role_model.browse([self.role1_id.id, self.role2_id.id]) self.assertEqual(user.role_ids, roles) + + def test_user_role_different_company(self): + self.user_id.write({'company_id': self.company1.id}) + self.user_id.write({'role_line_ids': [(0, 0, { + 'role_id': self.role2_id.id, + 'company_id': self.company2.id})]}) + # Check that user does not have any groups + self.assertEquals( + self.user_id.groups_id, self.env['res.groups'].browse()) + + def test_user_role_same_company(self): + self.user_id.write({'company_id': self.company1.id}) + self.user_id.write({'role_line_ids': [(0, 0, { + 'role_id': self.role1_id.id, + 'company_id': self.company1.id})]}) + user_group_ids = sorted(set( + [group.id for group in self.user_id.groups_id])) + role_group_ids = self.role1_id.trans_implied_ids.ids + role_group_ids.append(self.role1_id.group_id.id) + role_group_ids = sorted(set(role_group_ids)) + # Check that user have groups implied by role 1 + self.assertEqual(user_group_ids, role_group_ids) + + def test_user_role_no_company(self): + self.user_id.write({'company_id': self.company1.id}) + self.user_id.write({'role_line_ids': [(0, 0, { + 'role_id': self.role2_id.id, + 'company_id': False})]}) + user_group_ids = sorted(set( + [group.id for group in self.user_id.groups_id])) + role_group_ids = self.role2_id.trans_implied_ids.ids + role_group_ids.append(self.role2_id.group_id.id) + role_group_ids = sorted(set(role_group_ids)) + # Check that user have groups implied by role 2 + self.assertEqual(user_group_ids, role_group_ids) diff --git a/base_user_role/views/role.xml b/base_user_role/views/role.xml index 242aab5cb..2ffa054d8 100644 --- a/base_user_role/views/role.xml +++ b/base_user_role/views/role.xml @@ -25,6 +25,7 @@ + diff --git a/base_user_role/views/user.xml b/base_user_role/views/user.xml index 9a914625d..bc02787ea 100644 --- a/base_user_role/views/user.xml +++ b/base_user_role/views/user.xml @@ -17,6 +17,7 @@ +