diff --git a/base_user_role/__manifest__.py b/base_user_role/__manifest__.py
index 17deb1f9d..90e3f2c84 100644
--- a/base_user_role/__manifest__.py
+++ b/base_user_role/__manifest__.py
@@ -5,7 +5,7 @@
{
'name': 'User roles',
- 'version': '10.0.1.0.2',
+ 'version': '10.0.1.0.3',
'category': 'Tools',
'author': 'ABF OSIELL, Odoo Community Association (OCA)',
'license': 'LGPL-3',
diff --git a/base_user_role/models/role.py b/base_user_role/models/role.py
index 41552a06c..3023a366f 100644
--- a/base_user_role/models/role.py
+++ b/base_user_role/models/role.py
@@ -6,8 +6,9 @@
import datetime
import logging
-from odoo import api, fields, models
+from odoo import _, api, fields, models
from odoo import SUPERUSER_ID
+from odoo.exceptions import ValidationError
_logger = logging.getLogger(__name__)
@@ -66,12 +67,27 @@ class ResUsersRoleLine(models.Model):
_description = 'Users associated to a role'
role_id = fields.Many2one(
- 'res.users.role', string=u"Role", ondelete='cascade')
+ 'res.users.role', required=True, string=u"Role", ondelete='cascade')
user_id = fields.Many2one(
- 'res.users', string=u"User", domain=[('id', '!=', SUPERUSER_ID)])
+ 'res.users', required=True, string=u"User",
+ domain=[('id', '!=', SUPERUSER_ID)], ondelete='cascade')
date_from = fields.Date(u"From")
date_to = fields.Date(u"To")
is_enabled = fields.Boolean(u"Enabled", compute='_compute_is_enabled')
+ company_id = fields.Many2one(
+ 'res.company', 'Company',
+ default=lambda self: self.env.user.company_id)
+
+ @api.multi
+ @api.constrains('user_id', 'company_id')
+ def _check_company(self):
+ for record in self:
+ if (record.company_id and
+ record.company_id != record.user_id.company_id and
+ record.company_id not in record.user_id.company_ids):
+ raise ValidationError(
+ _('User "{}" does not have access to the company "{}"')
+ .format(record.user_id.name, record.company_id.name))
@api.multi
@api.depends('date_from', 'date_to')
diff --git a/base_user_role/models/user.py b/base_user_role/models/user.py
index 6fe9133e8..6b0522c55 100644
--- a/base_user_role/models/user.py
+++ b/base_user_role/models/user.py
@@ -49,6 +49,11 @@ class ResUsers(models.Model):
self.sudo().set_groups_from_roles()
return res
+ def _get_enabled_roles(self):
+ return self.role_line_ids.filtered(
+ lambda rec: rec.is_enabled and
+ (not rec.company_id or rec.company_id == rec.user_id.company_id))
+
@api.multi
def set_groups_from_roles(self):
"""Set (replace) the groups following the roles defined on users.
@@ -58,13 +63,10 @@ class ResUsers(models.Model):
if not user.role_line_ids:
continue
group_ids = []
- role_lines = user.role_line_ids.filtered(
- lambda rec: rec.is_enabled)
- for role_line in role_lines:
+ for role_line in user._get_enabled_roles():
role = role_line.role_id
- if role:
- group_ids.append(role.group_id.id)
- group_ids.extend(role.implied_ids.ids)
+ group_ids.append(role.group_id.id)
+ group_ids.extend(role.implied_ids.ids)
group_ids = list(set(group_ids)) # Remove duplicates IDs
vals = {
'groups_id': [(6, 0, group_ids)],
diff --git a/base_user_role/tests/test_user_role.py b/base_user_role/tests/test_user_role.py
index 1e3f2eeac..a78e4fd42 100644
--- a/base_user_role/tests/test_user_role.py
+++ b/base_user_role/tests/test_user_role.py
@@ -41,6 +41,11 @@ class TestUserRole(TransactionCase):
self.group_settings_id.id])],
}
self.role2_id = self.role_model.create(vals)
+ self.company1 = self.env.ref('base.main_company')
+ self.company2 = self.env['res.company'].create({'name': 'company2'})
+ self.user_id.write(
+ {'company_ids': [
+ (4, self.company1.id, 0), (4, self.company2.id, 0)]})
def test_role_1(self):
self.user_id.write(
@@ -114,3 +119,38 @@ class TestUserRole(TransactionCase):
})
roles = self.role_model.browse([self.role1_id.id, self.role2_id.id])
self.assertEqual(user.role_ids, roles)
+
+ def test_user_role_different_company(self):
+ self.user_id.write({'company_id': self.company1.id})
+ self.user_id.write({'role_line_ids': [(0, 0, {
+ 'role_id': self.role2_id.id,
+ 'company_id': self.company2.id})]})
+ # Check that user does not have any groups
+ self.assertEquals(
+ self.user_id.groups_id, self.env['res.groups'].browse())
+
+ def test_user_role_same_company(self):
+ self.user_id.write({'company_id': self.company1.id})
+ self.user_id.write({'role_line_ids': [(0, 0, {
+ 'role_id': self.role1_id.id,
+ 'company_id': self.company1.id})]})
+ user_group_ids = sorted(set(
+ [group.id for group in self.user_id.groups_id]))
+ role_group_ids = self.role1_id.trans_implied_ids.ids
+ role_group_ids.append(self.role1_id.group_id.id)
+ role_group_ids = sorted(set(role_group_ids))
+ # Check that user have groups implied by role 1
+ self.assertEqual(user_group_ids, role_group_ids)
+
+ def test_user_role_no_company(self):
+ self.user_id.write({'company_id': self.company1.id})
+ self.user_id.write({'role_line_ids': [(0, 0, {
+ 'role_id': self.role2_id.id,
+ 'company_id': False})]})
+ user_group_ids = sorted(set(
+ [group.id for group in self.user_id.groups_id]))
+ role_group_ids = self.role2_id.trans_implied_ids.ids
+ role_group_ids.append(self.role2_id.group_id.id)
+ role_group_ids = sorted(set(role_group_ids))
+ # Check that user have groups implied by role 2
+ self.assertEqual(user_group_ids, role_group_ids)
diff --git a/base_user_role/views/role.xml b/base_user_role/views/role.xml
index 242aab5cb..2ffa054d8 100644
--- a/base_user_role/views/role.xml
+++ b/base_user_role/views/role.xml
@@ -25,6 +25,7 @@
+
diff --git a/base_user_role/views/user.xml b/base_user_role/views/user.xml
index a2582caf2..bc02787ea 100644
--- a/base_user_role/views/user.xml
+++ b/base_user_role/views/user.xml
@@ -13,10 +13,11 @@
-
+
+