[ADD] 8.0 - New module 'base_user_role' to manage user roles efficiently (#608)

* [ADD] New module 'base_user_role'

* [FIX] base_user_role - Review

* [FIX] base_user_role - Review s/is_active/is_enabled/

* [FIX] base_user_role - Review s/is_active/is_enabled/

* [IMP] base_user_role - Translations updated (template + FR)

* [FIX] base_user_role - Lint

base_user_role/README.rst

@@ -0,0 +1,82 @@
+.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
+   :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+   :alt: License: AGPL-3
+
+==========
+User roles
+==========
+
+This module was written to extend the standard functionality regarding users
+and groups management.
+It helps creating well-defined user roles and associating them to users.
+
+It can become very hard to maintain a large number of user profiles over time,
+juggling with many technical groups. For this purpose, this module will help
+you to:
+
+  * define functional roles by aggregating low-level groups,
+  * set user accounts with the predefined roles (roles are cumulative),
+  * update groups of all relevant user accounts (all at once),
+  * ensure that user accounts will have the groups defined in their roles
+    (nothing more, nothing less). In other words, you can not set groups
+    manually on a user as long as there is roles configured on it,
+  * activate/deactivate roles depending on the date (useful to plan holidays, etc)
+  * get a quick overview of roles and the related user accounts.
+
+That way you make clear the different responsabilities within a company, and
+are able to add and update user accounts in a scalable and reliable way.
+
+Configuration
+=============
+
+To configure this module, you need to go to *Configuration / Users / Roles*,
+and create a new role. From there, you can add groups to compose your role,
+and then associate users to it.
+
+Roles:
+
+.. image:: /base_user_role/static/description/roles.png
+
+Add groups:
+
+.. image:: /base_user_role/static/description/role_groups.png
+
+Add users (with dates or not):
+
+.. image:: /base_user_role/static/description/role_users.png
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues
+<https://github.com/OCA/server-tools/issues>`_. In case of trouble, please
+check there if your issue has already been reported. If you spotted it first,
+help us smashing it by providing a detailed and welcomed feedback.
+
+Credits
+=======
+
+Images
+------
+
+* Oxygen Team: `Icon <http://www.iconarchive.com/show/oxygen-icons-by-oxygen-icons.org/Actions-user-group-new-icon.html>`_ (LGPL)
+
+Contributors
+------------
+
+* Sébastien Alix <sebastien.alix@osiell.com>
+
+Maintainer
+----------
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+This module is maintained by the OCA.
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+To contribute to this module, please visit https://odoo-community.org.

base_user_role/__init__.py

@@ -0,0 +1,3 @@
+# -*- coding: utf-8 -*-
+
+from . import models

base_user_role/__openerp__.py

@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 ABF OSIELL <http://osiell.com>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    'name': 'User roles',
+    'version': '8.0.1.1.0',
+    'category': 'Tools',
+    'author': 'ABF OSIELL, Odoo Community Association (OCA)',
+    'license': 'AGPL-3',
+    'maintainer': 'ABF OSIELL',
+    'website': 'http://www.osiell.com',
+    'depends': [
+        'base',
+    ],
+    'data': [
+        'security/ir.model.access.csv',
+        'data/ir_cron.xml',
+        'views/role.xml',
+        'views/user.xml',
+    ],
+    'installable': True,
+    'auto_install': False,
+}

base_user_role/data/ir_cron.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2016 ABF OSIELL <http://osiell.com>
+     License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<openerp>
+    <data noupdate="1">
+
+        <record model="ir.cron" id="cron_update_users">
+            <field name='name'>Update user roles</field>
+            <field name='interval_number'>3</field>
+            <field name='interval_type'>hours</field>
+            <field name="numbercall">-1</field>
+            <field name="active">True</field>
+            <field name="doall" eval="False" />
+            <field name="model">res.users.role</field>
+            <field name="function">cron_update_users</field>
+            <field name="args">()</field>
+        </record>
+
+    </data>
+</openerp>

base_user_role/i18n/base_user_role.pot

@@ -0,0 +1,189 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+#	* base_user_role
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 8.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2016-11-18 11:58+0000\n"
+"PO-Revision-Date: 2016-11-18 11:58+0000\n"
+"Last-Translator: <>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: base_user_role
+#: field:res.users.role,model_access:0
+msgid "Access Controls"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,menu_access:0
+msgid "Access Menu"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role.line,is_enabled:0
+msgid "Enabled"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,category_id:0
+msgid "Application"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,group_id:0
+msgid "Associated group"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,comment:0
+msgid "Comment"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,create_uid:0
+#: field:res.users.role.line,create_uid:0
+msgid "Created by"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,create_date:0
+#: field:res.users.role.line,create_date:0
+msgid "Created on"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,display_name:0
+#: field:res.users.role.line,display_name:0
+msgid "Display Name"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role.line,date_from:0
+msgid "From"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,full_name:0
+msgid "Group Name"
+msgstr ""
+
+#. module: base_user_role
+#: view:res.users.role:base_user_role.view_res_users_role_form
+msgid "Groups"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,id:0
+#: field:res.users.role.line,id:0
+msgid "ID"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,implied_ids:0
+msgid "Inherits"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,__last_update:0
+#: field:res.users.role.line,__last_update:0
+msgid "Last Modified on"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,write_uid:0
+#: field:res.users.role.line,write_uid:0
+msgid "Last Updated by"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,write_date:0
+#: field:res.users.role.line,write_date:0
+msgid "Last Updated on"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,name:0
+msgid "Name"
+msgstr ""
+
+#. module: base_user_role
+#: view:res.users.role:base_user_role.view_res_users_role_form
+#: view:res.users.role:base_user_role.view_res_users_role_tree
+#: field:res.users.role.line,role_id:0
+msgid "Role"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users,role_line_ids:0
+msgid "Role lines"
+msgstr ""
+
+#. module: base_user_role
+#: model:ir.actions.act_window,name:base_user_role.action_res_users_role_tree
+#: model:ir.ui.menu,name:base_user_role.menu_action_res_users_role_tree
+#: view:res.users:base_user_role.view_res_users_form_inherit
+#: field:res.users,role_ids:0
+#: view:res.users.role:base_user_role.view_res_users_role_search
+msgid "Roles"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,rule_groups:0
+msgid "Rules"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users,scoring:0
+msgid "Scoring (%)"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role.line,date_to:0
+msgid "To"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,trans_implied_ids:0
+msgid "Transitively inherits"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role.line,user_id:0
+msgid "User"
+msgstr ""
+
+#. module: base_user_role
+#: model:ir.model,name:base_user_role.model_res_users_role
+msgid "User role"
+msgstr ""
+
+#. module: base_user_role
+#: model:ir.model,name:base_user_role.model_res_users
+#: view:res.users.role:base_user_role.view_res_users_role_form
+#: field:res.users.role,line_ids:0
+#: field:res.users.role,user_ids:0
+#: field:res.users.role,users:0
+msgid "Users"
+msgstr ""
+
+#. module: base_user_role
+#: model:ir.model,name:base_user_role.model_res_users_role_line
+msgid "Users associated to a role"
+msgstr ""
+
+#. module: base_user_role
+#: help:res.users.role,implied_ids:0
+msgid "Users of this group automatically inherit those groups"
+msgstr ""
+
+#. module: base_user_role
+#: field:res.users.role,view_access:0
+msgid "Views"
+msgstr ""
+

base_user_role/i18n/fr.po

@@ -0,0 +1,189 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+#	* base_user_role
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 8.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2016-11-18 12:03+0000\n"
+"PO-Revision-Date: 2016-11-18 12:03+0000\n"
+"Last-Translator: <>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: base_user_role
+#: field:res.users.role,model_access:0
+msgid "Access Controls"
+msgstr "Access Controls"
+
+#. module: base_user_role
+#: field:res.users.role,menu_access:0
+msgid "Access Menu"
+msgstr "Access Menu"
+
+#. module: base_user_role
+#: field:res.users.role.line,is_enabled:0
+msgid "Enabled"
+msgstr "Activé"
+
+#. module: base_user_role
+#: field:res.users.role,category_id:0
+msgid "Application"
+msgstr "Application"
+
+#. module: base_user_role
+#: field:res.users.role,group_id:0
+msgid "Associated group"
+msgstr "Groupe associé"
+
+#. module: base_user_role
+#: field:res.users.role,comment:0
+msgid "Comment"
+msgstr "Comment"
+
+#. module: base_user_role
+#: field:res.users.role,create_uid:0
+#: field:res.users.role.line,create_uid:0
+msgid "Created by"
+msgstr "Created by"
+
+#. module: base_user_role
+#: field:res.users.role,create_date:0
+#: field:res.users.role.line,create_date:0
+msgid "Created on"
+msgstr "Created on"
+
+#. module: base_user_role
+#: field:res.users.role,display_name:0
+#: field:res.users.role.line,display_name:0
+msgid "Display Name"
+msgstr "Display Name"
+
+#. module: base_user_role
+#: field:res.users.role.line,date_from:0
+msgid "From"
+msgstr "À partir du"
+
+#. module: base_user_role
+#: field:res.users.role,full_name:0
+msgid "Group Name"
+msgstr "Group Name"
+
+#. module: base_user_role
+#: view:res.users.role:base_user_role.view_res_users_role_form
+msgid "Groups"
+msgstr "Groupes"
+
+#. module: base_user_role
+#: field:res.users.role,id:0
+#: field:res.users.role.line,id:0
+msgid "ID"
+msgstr "ID"
+
+#. module: base_user_role
+#: field:res.users.role,implied_ids:0
+msgid "Inherits"
+msgstr "Inherits"
+
+#. module: base_user_role
+#: field:res.users.role,__last_update:0
+#: field:res.users.role.line,__last_update:0
+msgid "Last Modified on"
+msgstr "Last Modified on"
+
+#. module: base_user_role
+#: field:res.users.role,write_uid:0
+#: field:res.users.role.line,write_uid:0
+msgid "Last Updated by"
+msgstr "Last Updated by"
+
+#. module: base_user_role
+#: field:res.users.role,write_date:0
+#: field:res.users.role.line,write_date:0
+msgid "Last Updated on"
+msgstr "Last Updated on"
+
+#. module: base_user_role
+#: field:res.users.role,name:0
+msgid "Name"
+msgstr "Nom"
+
+#. module: base_user_role
+#: view:res.users.role:base_user_role.view_res_users_role_form
+#: view:res.users.role:base_user_role.view_res_users_role_tree
+#: field:res.users.role.line,role_id:0
+msgid "Role"
+msgstr "Rôle"
+
+#. module: base_user_role
+#: field:res.users,role_line_ids:0
+msgid "Role lines"
+msgstr "Role lines"
+
+#. module: base_user_role
+#: model:ir.actions.act_window,name:base_user_role.action_res_users_role_tree
+#: model:ir.ui.menu,name:base_user_role.menu_action_res_users_role_tree
+#: view:res.users:base_user_role.view_res_users_form_inherit
+#: field:res.users,role_ids:0
+#: view:res.users.role:base_user_role.view_res_users_role_search
+msgid "Roles"
+msgstr "Rôles"
+
+#. module: base_user_role
+#: field:res.users.role,rule_groups:0
+msgid "Rules"
+msgstr "Rules"
+
+#. module: base_user_role
+#: field:res.users,scoring:0
+msgid "Scoring (%)"
+msgstr "Scoring (%)"
+
+#. module: base_user_role
+#: field:res.users.role.line,date_to:0
+msgid "To"
+msgstr "Jusqu'au"
+
+#. module: base_user_role
+#: field:res.users.role,trans_implied_ids:0
+msgid "Transitively inherits"
+msgstr "Transitively inherits"
+
+#. module: base_user_role
+#: field:res.users.role.line,user_id:0
+msgid "User"
+msgstr "Utilisateur"
+
+#. module: base_user_role
+#: model:ir.model,name:base_user_role.model_res_users_role
+msgid "User role"
+msgstr "Rôle utilisateur"
+
+#. module: base_user_role
+#: model:ir.model,name:base_user_role.model_res_users
+#: view:res.users.role:base_user_role.view_res_users_role_form
+#: field:res.users.role,line_ids:0
+#: field:res.users.role,user_ids:0
+#: field:res.users.role,users:0
+msgid "Users"
+msgstr "Utilisateurs"
+
+#. module: base_user_role
+#: model:ir.model,name:base_user_role.model_res_users_role_line
+msgid "Users associated to a role"
+msgstr "Utilisateurs associés à un rôle"
+
+#. module: base_user_role
+#: help:res.users.role,implied_ids:0
+msgid "Users of this group automatically inherit those groups"
+msgstr "Users of this group automatically inherit those groups"
+
+#. module: base_user_role
+#: field:res.users.role,view_access:0
+msgid "Views"
+msgstr "Views"
+

base_user_role/migrations/8.0.1.1.0/post-migration.py

@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+# Copyright 2016 ABF OSIELL <http://osiell.com>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+from openerp import api, SUPERUSER_ID
+
+
+def migrate_res_users_role(env):
+    """Migrate user roles database schema.
+    ('res_users_role_user_rel' many2many table to 'res.users.role.line' model.
+    """
+    role_line_model = env['res.users.role.line']
+    query = "SELECT role_id, user_id FROM res_users_role_user_rel;"
+    env.cr.execute(query)
+    rows = env.cr.fetchall()
+    for row in rows:
+        vals = {
+            'role_id': row[0],
+            'user_id': row[1],
+        }
+        role_line_model.create(vals)
+
+
+def migrate(cr, version):
+    env = api.Environment(cr, SUPERUSER_ID, {})
+    migrate_res_users_role(env)

base_user_role/models/__init__.py

@@ -0,0 +1,4 @@
+# -*- coding: utf-8 -*-
+
+from . import role
+from . import user

base_user_role/models/role.py

@@ -0,0 +1,83 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 ABF OSIELL <http://osiell.com>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import datetime
+import logging
+
+from openerp import api, fields, models
+
+
+_logger = logging.getLogger(__name__)
+
+
+class ResUsersRole(models.Model):
+    _name = 'res.users.role'
+    _inherits = {'res.groups': 'group_id'}
+    _description = "User role"
+
+    group_id = fields.Many2one(
+        'res.groups', required=True, ondelete='cascade',
+        readonly=True, string=u"Associated group")
+    line_ids = fields.One2many(
+        'res.users.role.line', 'role_id', string=u"Users")
+    user_ids = fields.One2many(
+        'res.users', string=u"Users", compute='_compute_user_ids')
+
+    @api.multi
+    @api.depends('line_ids.user_id')
+    def _compute_user_ids(self):
+        for role in self:
+            role.user_ids = role.line_ids.mapped('user_id')
+
+    @api.model
+    def create(self, vals):
+        new_record = super(ResUsersRole, self).create(vals)
+        new_record.update_users()
+        return new_record
+
+    @api.multi
+    def write(self, vals):
+        res = super(ResUsersRole, self).write(vals)
+        self.update_users()
+        return res
+
+    @api.multi
+    def update_users(self):
+        """Update all the users concerned by the roles identified by `ids`."""
+        users = self.mapped('user_ids')
+        users.set_groups_from_roles()
+        return True
+
+    @api.model
+    def cron_update_users(self):
+        logging.info(u"Update user roles")
+        self.search([]).update_users()
+
+
+class ResUsersRoleLine(models.Model):
+    _name = 'res.users.role.line'
+    _description = 'Users associated to a role'
+
+    role_id = fields.Many2one(
+        'res.users.role', string=u"Role", ondelete='cascade')
+    user_id = fields.Many2one(
+        'res.users', string=u"User")
+    date_from = fields.Date(u"From")
+    date_to = fields.Date(u"To")
+    is_enabled = fields.Boolean(u"Enabled", compute='_compute_is_enabled')
+
+    @api.multi
+    @api.depends('date_from', 'date_to')
+    def _compute_is_enabled(self):
+        today = datetime.date.today()
+        for role_line in self:
+            role_line.is_enabled = True
+            if role_line.date_from:
+                date_from = fields.Date.from_string(role_line.date_from)
+                if date_from > today:
+                    role_line.is_enabled = False
+            if role_line.date_to:
+                date_to = fields.Date.from_string(role_line.date_to)
+                if today > date_to:
+                    role_line.is_enabled = False

base_user_role/models/user.py

@@ -0,0 +1,54 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 ABF OSIELL <http://osiell.com>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from openerp import api, fields, models
+
+
+class ResUsers(models.Model):
+    _inherit = 'res.users'
+
+    role_line_ids = fields.One2many(
+        'res.users.role.line', 'user_id', string=u"Role lines")
+    role_ids = fields.One2many(
+        'res.users.role', string=u"Roles", compute='_compute_role_ids')
+
+    @api.multi
+    @api.depends('role_line_ids.role_id')
+    def _compute_role_ids(self):
+        for user in self:
+            user.role_ids = user.role_line_ids.mapped('role_id')
+
+    @api.model
+    def create(self, vals):
+        new_record = super(ResUsers, self).create(vals)
+        new_record.set_groups_from_roles()
+        return new_record
+
+    @api.multi
+    def write(self, vals):
+        res = super(ResUsers, self).write(vals)
+        self.sudo().set_groups_from_roles()
+        return res
+
+    @api.multi
+    def set_groups_from_roles(self):
+        """Set (replace) the groups following the roles defined on users.
+        If no role is defined on the user, its groups are let untouched.
+        """
+        for user in self:
+            if not user.role_line_ids:
+                continue
+            group_ids = []
+            role_lines = user.role_line_ids.filtered(
+                lambda rec: rec.is_enabled)
+            for role_line in role_lines:
+                role = role_line.role_id
+                group_ids.append(role.group_id.id)
+                group_ids.extend(role.implied_ids.ids)
+            group_ids = list(set(group_ids))    # Remove duplicates IDs
+            vals = {
+                'groups_id': [(6, 0, group_ids)],
+            }
+            super(ResUsers, user).write(vals)
+        return True

base_user_role/security/ir.model.access.csv

@@ -0,0 +1,3 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_res_users_role,access_res_users_role,model_res_users_role,"base.group_erp_manager",1,1,1,1
+access_res_users_role_line,access_res_users_role_line,model_res_users_role_line,"base.group_erp_manager",1,1,1,1

base_user_role/tests/__init__.py

@@ -0,0 +1,3 @@
+# -*- coding: utf-8 -*-
+
+from . import test_user_role

base_user_role/tests/test_user_role.py

@@ -0,0 +1,107 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 ABF OSIELL <http://osiell.com>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import datetime
+
+from openerp.tools import DEFAULT_SERVER_DATE_FORMAT
+from openerp.tests.common import TransactionCase
+
+
+class TestUserRole(TransactionCase):
+
+    def setUp(self):
+        super(TestUserRole, self).setUp()
+        self.imd_model = self.registry('ir.model.data')
+        self.user_model = self.registry('res.users')
+        self.role_model = self.registry('res.users.role')
+
+        self.user_id = self.user_model.create(
+            self.cr, self.uid,
+            {'name': u"USER TEST (ROLES)", 'login': 'user_test_roles'})
+
+        # ROLE_1
+        self.group_user_id = self.imd_model.get_object_reference(
+            self.cr, self.uid, 'base', 'group_user')[1]
+        self.group_no_one_id = self.imd_model.get_object_reference(
+            self.cr, self.uid, 'base', 'group_no_one')[1]
+        vals = {
+            'name': u"ROLE_1",
+            'implied_ids': [6, 0, [self.group_user_id, self.group_no_one_id]],
+        }
+        self.role1_id = self.role_model.create(self.cr, self.uid, vals)
+
+        # ROLE_2
+        self.group_multi_currency_id = self.imd_model.get_object_reference(
+            self.cr, self.uid, 'base', 'group_multi_currency')[1]
+        self.group_sale_manager_id = self.imd_model.get_object_reference(
+            self.cr, self.uid, 'base', 'group_sale_manager')[1]
+        vals = {
+            'name': u"ROLE_2",
+            'implied_ids': [6, 0, [self.group_multi_currency_id,
+                                   self.group_sale_manager_id]],
+        }
+        self.role2_id = self.role_model.create(self.cr, self.uid, vals)
+
+    def test_role_1(self):
+        role1 = self.role_model.browse(self.cr, self.uid, self.role1_id)
+        self.user_model.write(
+            self.cr, self.uid, [self.user_id],
+            {'role_line_ids': [(0, 0, {'role_id': self.role1_id})]})
+        user = self.user_model.browse(self.cr, self.uid, self.user_id)
+        user_group_ids = sorted(set([group.id for group in user.groups_id]))
+        role_group_ids = role1.implied_ids.ids
+        role_group_ids.append(role1.group_id.id)
+        role_group_ids = sorted(set(role_group_ids))
+        self.assertEqual(user_group_ids, role_group_ids)
+
+    def test_role_2(self):
+        role2 = self.role_model.browse(self.cr, self.uid, self.role2_id)
+        self.user_model.write(
+            self.cr, self.uid, [self.user_id],
+            {'role_line_ids': [(0, 0, {'role_id': self.role2_id})]})
+        user = self.user_model.browse(self.cr, self.uid, self.user_id)
+        user_group_ids = sorted(set([group.id for group in user.groups_id]))
+        role_group_ids = role2.implied_ids.ids
+        role_group_ids.append(role2.group_id.id)
+        role_group_ids = sorted(set(role_group_ids))
+        self.assertEqual(user_group_ids, role_group_ids)
+
+    def test_role_1_2(self):
+        role1 = self.role_model.browse(self.cr, self.uid, self.role1_id)
+        role2 = self.role_model.browse(self.cr, self.uid, self.role2_id)
+        self.user_model.write(
+            self.cr, self.uid, [self.user_id],
+            {'role_line_ids': [
+                (0, 0, {'role_id': self.role1_id}),
+                (0, 0, {'role_id': self.role2_id}),
+            ]})
+        user = self.user_model.browse(self.cr, self.uid, self.user_id)
+        user_group_ids = sorted(set([group.id for group in user.groups_id]))
+        role1_group_ids = role1.implied_ids.ids
+        role1_group_ids.append(role1.group_id.id)
+        role2_group_ids = role2.implied_ids.ids
+        role2_group_ids.append(role2.group_id.id)
+        role_group_ids = sorted(set(role1_group_ids + role2_group_ids))
+        self.assertEqual(user_group_ids, role_group_ids)
+
+    def test_role_1_2_with_dates(self):
+        role1 = self.role_model.browse(self.cr, self.uid, self.role1_id)
+        today = datetime.date.today()
+        today_str = today.strftime(DEFAULT_SERVER_DATE_FORMAT)
+        yesterday = today - datetime.timedelta(days=1)
+        yesterday_str = yesterday.strftime(DEFAULT_SERVER_DATE_FORMAT)
+        self.user_model.write(
+            self.cr, self.uid, [self.user_id],
+            {'role_line_ids': [
+                # Role 1 should be enabled
+                (0, 0, {'role_id': self.role1_id, 'date_from': today_str}),
+                # Role 2 should be disabled
+                (0, 0, {'role_id': self.role2_id, 'date_to': yesterday_str}),
+            ]})
+        user = self.user_model.browse(self.cr, self.uid, self.user_id)
+        user_group_ids = sorted(set([group.id for group in user.groups_id]))
+        role1_group_ids = role1.implied_ids.ids
+        role1_group_ids.append(role1.group_id.id)
+        role_group_ids = sorted(set(role1_group_ids))
+        self.assertEqual(user_group_ids, role_group_ids)

base_user_role/views/role.xml

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2014 ABF OSIELL <http://osiell.com>
+     License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<openerp>
+    <data>
+
+        <record id="view_res_users_role_form" model="ir.ui.view">
+            <field name="name">res.users.role.form</field>
+            <field name="model">res.users.role</field>
+            <field name="arch" type="xml">
+                <form string="Role" version="7.0">
+                    <sheet>
+                        <group>
+                            <field name="name"/>
+                            <field name="group_id" required="0" readonly="1"/>
+                        </group>
+                        <notebook>
+                            <page string="Groups">
+                                <field name="implied_ids" nolabel="1"/>
+                            </page>
+                            <page string="Users">
+                                <field name="line_ids" nolabel="1">
+                                    <tree editable="bottom" colors="grey: not is_enabled;">
+                                        <field name="user_id"/>
+                                        <field name="date_from"/>
+                                        <field name="date_to"/>
+                                        <field name="is_enabled"/>
+                                    </tree>
+                                </field>
+                            </page>
+                        </notebook>
+                    </sheet>
+                </form>
+            </field>
+        </record>
+
+        <record id="view_res_users_role_tree" model="ir.ui.view">
+            <field name="name">res.users.role.tree</field>
+            <field name="model">res.users.role</field>
+            <field name="arch" type="xml">
+                <tree string="Role">
+                    <field name="name"/>
+                    <field name="user_ids"/>
+                </tree>
+            </field>
+        </record>
+
+        <record id="view_res_users_role_search" model="ir.ui.view">
+            <field name="name">res.users.role.search</field>
+            <field name="model">res.users.role</field>
+            <field name="arch" type="xml">
+                <search string="Roles">
+                    <field name="name"/>
+                    <field name="user_ids"/>
+                    <field name="implied_ids"/>
+                </search>
+            </field>
+        </record>
+
+        <record model="ir.actions.act_window" id="action_res_users_role_tree">
+            <field name="name">Roles</field>
+            <field name="type">ir.actions.act_window</field>
+            <field name="res_model">res.users.role</field>
+            <field name="view_type">form</field>
+            <field name="view_id" ref="view_res_users_role_tree"/>
+        </record>
+
+        <menuitem id="menu_action_res_users_role_tree"
+            parent="base.menu_users"
+            action="action_res_users_role_tree"/>
+
+    </data>
+</openerp>

base_user_role/views/user.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2014 ABF OSIELL <http://osiell.com>
+     License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
+<openerp>
+    <data>
+
+        <record id="view_res_users_form_inherit" model="ir.ui.view">
+            <field name="name">res.users.form.inherit</field>
+            <field name="model">res.users</field>
+            <field name="inherit_id" ref="base.view_users_form"/>
+            <field name="arch" type="xml">
+                <notebook position="inside">
+                    <page string="Roles">
+                        <field name="role_line_ids" nolabel="1">
+                            <tree editable="bottom" colors="grey: not is_enabled;">
+                                <field name="role_id"/>
+                                <field name="date_from"/>
+                                <field name="date_to"/>
+                                <field name="is_enabled"/>
+                            </tree>
+                        </field>
+                    </page>
+                </notebook>
+            </field>
+        </record>
+
+        <record id="view_res_users_search_inherit" model="ir.ui.view">
+            <field name="name">res.users.search.inherit</field>
+            <field name="model">res.users</field>
+            <field name="inherit_id" ref="base.view_users_search"/>
+            <field name="arch" type="xml">
+                <field name="company_ids" position="after">
+                    <field name="role_ids"/>
+                </field>
+            </field>
+        </record>
+
+    </data>
+</openerp>