From 840c2c1119460424230c935da24ec42f95c21122 Mon Sep 17 00:00:00 2001 From: Pierrick Brun Date: Tue, 29 Jan 2019 16:03:06 +0100 Subject: [PATCH] [IMP] make base_user_role_line company dependent --- base_user_role/__manifest__.py | 2 +- base_user_role/models/role.py | 17 ++++++++++- base_user_role/models/user.py | 9 ++++-- base_user_role/tests/test_user_role.py | 40 ++++++++++++++++++++++++++ base_user_role/views/role.xml | 1 + base_user_role/views/user.xml | 1 + 6 files changed, 65 insertions(+), 5 deletions(-) diff --git a/base_user_role/__manifest__.py b/base_user_role/__manifest__.py index 17deb1f9d..90e3f2c84 100644 --- a/base_user_role/__manifest__.py +++ b/base_user_role/__manifest__.py @@ -5,7 +5,7 @@ { 'name': 'User roles', - 'version': '10.0.1.0.2', + 'version': '10.0.1.0.3', 'category': 'Tools', 'author': 'ABF OSIELL, Odoo Community Association (OCA)', 'license': 'LGPL-3', diff --git a/base_user_role/models/role.py b/base_user_role/models/role.py index bd60e3fd3..d36271ea5 100644 --- a/base_user_role/models/role.py +++ b/base_user_role/models/role.py @@ -6,8 +6,9 @@ import datetime import logging -from odoo import api, fields, models +from odoo import _, api, fields, models from odoo import SUPERUSER_ID +from odoo.exceptions import ValidationError _logger = logging.getLogger(__name__) @@ -73,6 +74,20 @@ class ResUsersRoleLine(models.Model): date_from = fields.Date(u"From") date_to = fields.Date(u"To") is_enabled = fields.Boolean(u"Enabled", compute='_compute_is_enabled') + company_id = fields.Many2one( + 'res.company', 'Company', + default=lambda self: self.env.user.company_id) + + @api.multi + @api.constrains('user_id', 'company_id') + def _check_company(self): + for record in self: + if (self.company_id and + self.company_id != self.user_id.company_id and + self.company_id not in self.user_id.company_ids): + raise ValidationError( + _('User "{}" does not have access to the company "{}"') + .format(self.user_id.name, self.company_id.name)) @api.multi @api.depends('date_from', 'date_to') diff --git a/base_user_role/models/user.py b/base_user_role/models/user.py index 9a10926ee..6b0522c55 100644 --- a/base_user_role/models/user.py +++ b/base_user_role/models/user.py @@ -49,6 +49,11 @@ class ResUsers(models.Model): self.sudo().set_groups_from_roles() return res + def _get_enabled_roles(self): + return self.role_line_ids.filtered( + lambda rec: rec.is_enabled and + (not rec.company_id or rec.company_id == rec.user_id.company_id)) + @api.multi def set_groups_from_roles(self): """Set (replace) the groups following the roles defined on users. @@ -58,9 +63,7 @@ class ResUsers(models.Model): if not user.role_line_ids: continue group_ids = [] - role_lines = user.role_line_ids.filtered( - lambda rec: rec.is_enabled) - for role_line in role_lines: + for role_line in user._get_enabled_roles(): role = role_line.role_id group_ids.append(role.group_id.id) group_ids.extend(role.implied_ids.ids) diff --git a/base_user_role/tests/test_user_role.py b/base_user_role/tests/test_user_role.py index 1e3f2eeac..a78e4fd42 100644 --- a/base_user_role/tests/test_user_role.py +++ b/base_user_role/tests/test_user_role.py @@ -41,6 +41,11 @@ class TestUserRole(TransactionCase): self.group_settings_id.id])], } self.role2_id = self.role_model.create(vals) + self.company1 = self.env.ref('base.main_company') + self.company2 = self.env['res.company'].create({'name': 'company2'}) + self.user_id.write( + {'company_ids': [ + (4, self.company1.id, 0), (4, self.company2.id, 0)]}) def test_role_1(self): self.user_id.write( @@ -114,3 +119,38 @@ class TestUserRole(TransactionCase): }) roles = self.role_model.browse([self.role1_id.id, self.role2_id.id]) self.assertEqual(user.role_ids, roles) + + def test_user_role_different_company(self): + self.user_id.write({'company_id': self.company1.id}) + self.user_id.write({'role_line_ids': [(0, 0, { + 'role_id': self.role2_id.id, + 'company_id': self.company2.id})]}) + # Check that user does not have any groups + self.assertEquals( + self.user_id.groups_id, self.env['res.groups'].browse()) + + def test_user_role_same_company(self): + self.user_id.write({'company_id': self.company1.id}) + self.user_id.write({'role_line_ids': [(0, 0, { + 'role_id': self.role1_id.id, + 'company_id': self.company1.id})]}) + user_group_ids = sorted(set( + [group.id for group in self.user_id.groups_id])) + role_group_ids = self.role1_id.trans_implied_ids.ids + role_group_ids.append(self.role1_id.group_id.id) + role_group_ids = sorted(set(role_group_ids)) + # Check that user have groups implied by role 1 + self.assertEqual(user_group_ids, role_group_ids) + + def test_user_role_no_company(self): + self.user_id.write({'company_id': self.company1.id}) + self.user_id.write({'role_line_ids': [(0, 0, { + 'role_id': self.role2_id.id, + 'company_id': False})]}) + user_group_ids = sorted(set( + [group.id for group in self.user_id.groups_id])) + role_group_ids = self.role2_id.trans_implied_ids.ids + role_group_ids.append(self.role2_id.group_id.id) + role_group_ids = sorted(set(role_group_ids)) + # Check that user have groups implied by role 2 + self.assertEqual(user_group_ids, role_group_ids) diff --git a/base_user_role/views/role.xml b/base_user_role/views/role.xml index 242aab5cb..2ffa054d8 100644 --- a/base_user_role/views/role.xml +++ b/base_user_role/views/role.xml @@ -25,6 +25,7 @@ + diff --git a/base_user_role/views/user.xml b/base_user_role/views/user.xml index 9a914625d..bc02787ea 100644 --- a/base_user_role/views/user.xml +++ b/base_user_role/views/user.xml @@ -17,6 +17,7 @@ +