From c6116c30ba69880523b4455624ef2966942a425f Mon Sep 17 00:00:00 2001 From: Pierrick Brun Date: Tue, 29 Jan 2019 14:27:05 +0100 Subject: [PATCH 1/4] Revert "[FIX] Crash in base_user_role when role_id is not set on res.users.role.line" This reverts commit b537941d5a2d1fcb3fbacc602124c1b3f6e1d495. --- base_user_role/models/user.py | 5 ++--- base_user_role/views/user.xml | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/base_user_role/models/user.py b/base_user_role/models/user.py index 6fe9133e8..9a10926ee 100644 --- a/base_user_role/models/user.py +++ b/base_user_role/models/user.py @@ -62,9 +62,8 @@ class ResUsers(models.Model): lambda rec: rec.is_enabled) for role_line in role_lines: role = role_line.role_id - if role: - group_ids.append(role.group_id.id) - group_ids.extend(role.implied_ids.ids) + group_ids.append(role.group_id.id) + group_ids.extend(role.implied_ids.ids) group_ids = list(set(group_ids)) # Remove duplicates IDs vals = { 'groups_id': [(6, 0, group_ids)], diff --git a/base_user_role/views/user.xml b/base_user_role/views/user.xml index a2582caf2..9a914625d 100644 --- a/base_user_role/views/user.xml +++ b/base_user_role/views/user.xml @@ -13,7 +13,7 @@ - + From b19fa2398df6e7a2eebe5fb80363ceb96690906f Mon Sep 17 00:00:00 2001 From: Pierrick Brun Date: Tue, 29 Jan 2019 14:32:51 +0100 Subject: [PATCH 2/4] Make user_id and role_id required in base_user_role_line --- base_user_role/models/role.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/base_user_role/models/role.py b/base_user_role/models/role.py index 41552a06c..bd60e3fd3 100644 --- a/base_user_role/models/role.py +++ b/base_user_role/models/role.py @@ -66,9 +66,10 @@ class ResUsersRoleLine(models.Model): _description = 'Users associated to a role' role_id = fields.Many2one( - 'res.users.role', string=u"Role", ondelete='cascade') + 'res.users.role', required=True, string=u"Role", ondelete='cascade') user_id = fields.Many2one( - 'res.users', string=u"User", domain=[('id', '!=', SUPERUSER_ID)]) + 'res.users', required=True, string=u"User", + domain=[('id', '!=', SUPERUSER_ID)], ondelete='cascade') date_from = fields.Date(u"From") date_to = fields.Date(u"To") is_enabled = fields.Boolean(u"Enabled", compute='_compute_is_enabled') From 840c2c1119460424230c935da24ec42f95c21122 Mon Sep 17 00:00:00 2001 From: Pierrick Brun Date: Tue, 29 Jan 2019 16:03:06 +0100 Subject: [PATCH 3/4] [IMP] make base_user_role_line company dependent --- base_user_role/__manifest__.py | 2 +- base_user_role/models/role.py | 17 ++++++++++- base_user_role/models/user.py | 9 ++++-- base_user_role/tests/test_user_role.py | 40 ++++++++++++++++++++++++++ base_user_role/views/role.xml | 1 + base_user_role/views/user.xml | 1 + 6 files changed, 65 insertions(+), 5 deletions(-) diff --git a/base_user_role/__manifest__.py b/base_user_role/__manifest__.py index 17deb1f9d..90e3f2c84 100644 --- a/base_user_role/__manifest__.py +++ b/base_user_role/__manifest__.py @@ -5,7 +5,7 @@ { 'name': 'User roles', - 'version': '10.0.1.0.2', + 'version': '10.0.1.0.3', 'category': 'Tools', 'author': 'ABF OSIELL, Odoo Community Association (OCA)', 'license': 'LGPL-3', diff --git a/base_user_role/models/role.py b/base_user_role/models/role.py index bd60e3fd3..d36271ea5 100644 --- a/base_user_role/models/role.py +++ b/base_user_role/models/role.py @@ -6,8 +6,9 @@ import datetime import logging -from odoo import api, fields, models +from odoo import _, api, fields, models from odoo import SUPERUSER_ID +from odoo.exceptions import ValidationError _logger = logging.getLogger(__name__) @@ -73,6 +74,20 @@ class ResUsersRoleLine(models.Model): date_from = fields.Date(u"From") date_to = fields.Date(u"To") is_enabled = fields.Boolean(u"Enabled", compute='_compute_is_enabled') + company_id = fields.Many2one( + 'res.company', 'Company', + default=lambda self: self.env.user.company_id) + + @api.multi + @api.constrains('user_id', 'company_id') + def _check_company(self): + for record in self: + if (self.company_id and + self.company_id != self.user_id.company_id and + self.company_id not in self.user_id.company_ids): + raise ValidationError( + _('User "{}" does not have access to the company "{}"') + .format(self.user_id.name, self.company_id.name)) @api.multi @api.depends('date_from', 'date_to') diff --git a/base_user_role/models/user.py b/base_user_role/models/user.py index 9a10926ee..6b0522c55 100644 --- a/base_user_role/models/user.py +++ b/base_user_role/models/user.py @@ -49,6 +49,11 @@ class ResUsers(models.Model): self.sudo().set_groups_from_roles() return res + def _get_enabled_roles(self): + return self.role_line_ids.filtered( + lambda rec: rec.is_enabled and + (not rec.company_id or rec.company_id == rec.user_id.company_id)) + @api.multi def set_groups_from_roles(self): """Set (replace) the groups following the roles defined on users. @@ -58,9 +63,7 @@ class ResUsers(models.Model): if not user.role_line_ids: continue group_ids = [] - role_lines = user.role_line_ids.filtered( - lambda rec: rec.is_enabled) - for role_line in role_lines: + for role_line in user._get_enabled_roles(): role = role_line.role_id group_ids.append(role.group_id.id) group_ids.extend(role.implied_ids.ids) diff --git a/base_user_role/tests/test_user_role.py b/base_user_role/tests/test_user_role.py index 1e3f2eeac..a78e4fd42 100644 --- a/base_user_role/tests/test_user_role.py +++ b/base_user_role/tests/test_user_role.py @@ -41,6 +41,11 @@ class TestUserRole(TransactionCase): self.group_settings_id.id])], } self.role2_id = self.role_model.create(vals) + self.company1 = self.env.ref('base.main_company') + self.company2 = self.env['res.company'].create({'name': 'company2'}) + self.user_id.write( + {'company_ids': [ + (4, self.company1.id, 0), (4, self.company2.id, 0)]}) def test_role_1(self): self.user_id.write( @@ -114,3 +119,38 @@ class TestUserRole(TransactionCase): }) roles = self.role_model.browse([self.role1_id.id, self.role2_id.id]) self.assertEqual(user.role_ids, roles) + + def test_user_role_different_company(self): + self.user_id.write({'company_id': self.company1.id}) + self.user_id.write({'role_line_ids': [(0, 0, { + 'role_id': self.role2_id.id, + 'company_id': self.company2.id})]}) + # Check that user does not have any groups + self.assertEquals( + self.user_id.groups_id, self.env['res.groups'].browse()) + + def test_user_role_same_company(self): + self.user_id.write({'company_id': self.company1.id}) + self.user_id.write({'role_line_ids': [(0, 0, { + 'role_id': self.role1_id.id, + 'company_id': self.company1.id})]}) + user_group_ids = sorted(set( + [group.id for group in self.user_id.groups_id])) + role_group_ids = self.role1_id.trans_implied_ids.ids + role_group_ids.append(self.role1_id.group_id.id) + role_group_ids = sorted(set(role_group_ids)) + # Check that user have groups implied by role 1 + self.assertEqual(user_group_ids, role_group_ids) + + def test_user_role_no_company(self): + self.user_id.write({'company_id': self.company1.id}) + self.user_id.write({'role_line_ids': [(0, 0, { + 'role_id': self.role2_id.id, + 'company_id': False})]}) + user_group_ids = sorted(set( + [group.id for group in self.user_id.groups_id])) + role_group_ids = self.role2_id.trans_implied_ids.ids + role_group_ids.append(self.role2_id.group_id.id) + role_group_ids = sorted(set(role_group_ids)) + # Check that user have groups implied by role 2 + self.assertEqual(user_group_ids, role_group_ids) diff --git a/base_user_role/views/role.xml b/base_user_role/views/role.xml index 242aab5cb..2ffa054d8 100644 --- a/base_user_role/views/role.xml +++ b/base_user_role/views/role.xml @@ -25,6 +25,7 @@ + diff --git a/base_user_role/views/user.xml b/base_user_role/views/user.xml index 9a914625d..bc02787ea 100644 --- a/base_user_role/views/user.xml +++ b/base_user_role/views/user.xml @@ -17,6 +17,7 @@ + From 7460424209072935f666608202fea8b36e2dfc27 Mon Sep 17 00:00:00 2001 From: Pierrick Brun Date: Thu, 14 Feb 2019 17:12:08 +0100 Subject: [PATCH 4/4] FIX check_company --- base_user_role/models/role.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/base_user_role/models/role.py b/base_user_role/models/role.py index d36271ea5..3023a366f 100644 --- a/base_user_role/models/role.py +++ b/base_user_role/models/role.py @@ -82,12 +82,12 @@ class ResUsersRoleLine(models.Model): @api.constrains('user_id', 'company_id') def _check_company(self): for record in self: - if (self.company_id and - self.company_id != self.user_id.company_id and - self.company_id not in self.user_id.company_ids): + if (record.company_id and + record.company_id != record.user_id.company_id and + record.company_id not in record.user_id.company_ids): raise ValidationError( _('User "{}" does not have access to the company "{}"') - .format(self.user_id.name, self.company_id.name)) + .format(record.user_id.name, record.company_id.name)) @api.multi @api.depends('date_from', 'date_to')