[IMP] make base_user_role_line company dependent

6 years ago · 840c2c1119
6 changed files with 65 additions and 5 deletions
--- a/base_user_role/manifest.py
+++ b/base_user_role/manifest.py
@ -5,7 +5,7 @@

 {
    'name': 'User roles',
-    'version': '10.0.1.0.2',
+    'version': '10.0.1.0.3',
    'category': 'Tools',
    'author': 'ABF OSIELL, Odoo Community Association (OCA)',
    'license': 'LGPL-3',
--- a/base_user_role/models/role.py
+++ b/base_user_role/models/role.py
@ -6,8 +6,9 @@
 import datetime
 import logging

-from odoo import api, fields, models
+from odoo import _, api, fields, models
 from odoo import SUPERUSER_ID
+from odoo.exceptions import ValidationError


 _logger = logging.getLogger(__name__)
@ -73,6 +74,20 @@ class ResUsersRoleLine(models.Model):
    date_from = fields.Date(u"From")
    date_to = fields.Date(u"To")
    is_enabled = fields.Boolean(u"Enabled", compute='_compute_is_enabled')
+    company_id = fields.Many2one(
+        'res.company', 'Company',
+        default=lambda self: self.env.user.company_id)
+
+    @api.multi
+    @api.constrains('user_id', 'company_id')
+    def _check_company(self):
+        for record in self:
+            if (self.company_id and
+                    self.company_id != self.user_id.company_id and
+                    self.company_id not in self.user_id.company_ids):
+                raise ValidationError(
+                    _('User "{}" does not have access to the company "{}"')
+                    .format(self.user_id.name, self.company_id.name))

    @api.multi
    @api.depends('date_from', 'date_to')
--- a/base_user_role/models/user.py
+++ b/base_user_role/models/user.py
@ -49,6 +49,11 @@ class ResUsers(models.Model):
        self.sudo().set_groups_from_roles()
        return res

+    def _get_enabled_roles(self):
+        return self.role_line_ids.filtered(
+            lambda rec: rec.is_enabled and
+            (not rec.company_id or rec.company_id == rec.user_id.company_id))
+
    @api.multi
    def set_groups_from_roles(self):
        """Set (replace) the groups following the roles defined on users.
@ -58,9 +63,7 @@ class ResUsers(models.Model):
            if not user.role_line_ids:
                continue
            group_ids = []
-            role_lines = user.role_line_ids.filtered(
-                lambda rec: rec.is_enabled)
-            for role_line in role_lines:
+            for role_line in user._get_enabled_roles():
                role = role_line.role_id
                group_ids.append(role.group_id.id)
                group_ids.extend(role.implied_ids.ids)
--- a/base_user_role/tests/test_user_role.py
+++ b/base_user_role/tests/test_user_role.py
@ -41,6 +41,11 @@ class TestUserRole(TransactionCase):
                        self.group_settings_id.id])],
        }
        self.role2_id = self.role_model.create(vals)
+        self.company1 = self.env.ref('base.main_company')
+        self.company2 = self.env['res.company'].create({'name': 'company2'})
+        self.user_id.write(
+            {'company_ids': [
+                (4, self.company1.id, 0), (4, self.company2.id, 0)]})

    def test_role_1(self):
        self.user_id.write(
@ -114,3 +119,38 @@ class TestUserRole(TransactionCase):
        })
        roles = self.role_model.browse([self.role1_id.id, self.role2_id.id])
        self.assertEqual(user.role_ids, roles)
+
+    def test_user_role_different_company(self):
+        self.user_id.write({'company_id': self.company1.id})
+        self.user_id.write({'role_line_ids': [(0, 0, {
+            'role_id': self.role2_id.id,
+            'company_id': self.company2.id})]})
+        # Check that user does not have any groups
+        self.assertEquals(
+            self.user_id.groups_id, self.env['res.groups'].browse())
+
+    def test_user_role_same_company(self):
+        self.user_id.write({'company_id': self.company1.id})
+        self.user_id.write({'role_line_ids': [(0, 0, {
+            'role_id': self.role1_id.id,
+            'company_id': self.company1.id})]})
+        user_group_ids = sorted(set(
+            [group.id for group in self.user_id.groups_id]))
+        role_group_ids = self.role1_id.trans_implied_ids.ids
+        role_group_ids.append(self.role1_id.group_id.id)
+        role_group_ids = sorted(set(role_group_ids))
+        # Check that user have groups implied by role 1
+        self.assertEqual(user_group_ids, role_group_ids)
+
+    def test_user_role_no_company(self):
+        self.user_id.write({'company_id': self.company1.id})
+        self.user_id.write({'role_line_ids': [(0, 0, {
+            'role_id': self.role2_id.id,
+            'company_id': False})]})
+        user_group_ids = sorted(set(
+            [group.id for group in self.user_id.groups_id]))
+        role_group_ids = self.role2_id.trans_implied_ids.ids
+        role_group_ids.append(self.role2_id.group_id.id)
+        role_group_ids = sorted(set(role_group_ids))
+        # Check that user have groups implied by role 2
+        self.assertEqual(user_group_ids, role_group_ids)
--- a/base_user_role/views/role.xml
+++ b/base_user_role/views/role.xml
@ -25,6 +25,7 @@
                                <field name="date_from"/>
                                <field name="date_to"/>
                                <field name="is_enabled"/>
+                                <field name="company_id" groups="base.group_multi_company"/>
                            </tree>
                        </field>
                    </page>
--- a/base_user_role/views/user.xml
+++ b/base_user_role/views/user.xml
@ -17,6 +17,7 @@
                        <field name="date_from"/>
                        <field name="date_to"/>
                        <field name="is_enabled"/>
+                        <field name="company_id" groups="base.group_multi_company"/>
                    </tree>
                </field>
            </page>