Browse Source

[IMP] auth_totp: Admin support

* Add MFA fields to normal res.users form view for admin access
* Update record rules to give admins read/unlink access to MFA authenticators
pull/703/head
Oleg Bulkin 8 years ago
parent
commit
8580b0db57
  1. 3
      auth_totp/models/res_users.py
  2. 15
      auth_totp/security/res_users_authenticator_security.xml
  3. 28
      auth_totp/views/res_users.xml

3
auth_totp/models/res_users.py

@ -26,7 +26,8 @@ class ResUsers(models.Model):
string='Authentication Apps/Devices', string='Authentication Apps/Devices',
help='To delete an authentication app, remove it from this list. To' help='To delete an authentication app, remove it from this list. To'
' add a new authentication app, please use the button to the' ' add a new authentication app, please use the button to the'
' right.',
' right. If the button is not present, you do not have the'
' permissions to do this.',
) )
mfa_login_token = fields.Char() mfa_login_token = fields.Char()
mfa_login_token_exp = fields.Datetime() mfa_login_token_exp = fields.Datetime()

15
auth_totp/security/res_users_authenticator_security.xml

@ -6,13 +6,24 @@
--> -->
<odoo> <odoo>
<record id="auth_access_owners_only" model="ir.rule">
<field name="name">MFA Authenticators - Owner Only</field>
<record id="auth_access_owners" model="ir.rule">
<field name="name">MFA Authenticators - Owner Access</field>
<field name="model_id" ref="model_res_users_authenticator"/> <field name="model_id" ref="model_res_users_authenticator"/>
<field name="domain_force">[('user_id', '=?', user.id)]</field> <field name="domain_force">[('user_id', '=?', user.id)]</field>
<field name="perm_read" eval="True"/> <field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/> <field name="perm_write" eval="True"/>
<field name="perm_create" eval="True"/> <field name="perm_create" eval="True"/>
<field name="perm_unlink" eval="True"/> <field name="perm_unlink" eval="True"/>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
</record>
<record id="auth_access_admins" model="ir.rule">
<field name="name">MFA Authenticators - Admin Read/Unlink</field>
<field name="model_id" ref="model_res_users_authenticator"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="True"/>
<field name="groups" eval="[(4, ref('base.group_erp_manager'))]"/>
</record> </record>
</odoo> </odoo>

28
auth_totp/views/res_users.xml

@ -6,6 +6,23 @@
--> -->
<odoo> <odoo>
<record id="view_users_form" model="ir.ui.view">
<field name="name">User Form - MFA Settings</field>
<field name="model">res.users</field>
<field name="inherit_id" ref="base.view_users_form"/>
<field name="arch" type="xml">
<xpath expr="//group[@name='messaging']" position="after">
<group string="MFA Settings" name="mfa_settings" col="8">
<p colspan="8">Note: Please have user add at least one authentication app/device before enabling MFA.</p>
<label for="mfa_enabled" colspan="3"/>
<field name="mfa_enabled" colspan="5" nolabel="1"/>
<label for="authenticator_ids" colspan="3"/>
<field name="authenticator_ids" widget="many2many_tags" options="{'no_create': True}" domain="[('user_id', '=', id)]" colspan="5" nolabel="1"/>
</group>
</xpath>
</field>
</record>
<record id="view_users_form_simple_modif" model="ir.ui.view"> <record id="view_users_form_simple_modif" model="ir.ui.view">
<field name="name">Change My Preferences - MFA Settings</field> <field name="name">Change My Preferences - MFA Settings</field>
<field name="model">res.users</field> <field name="model">res.users</field>
@ -13,12 +30,11 @@
<field name="arch" type="xml"> <field name="arch" type="xml">
<xpath expr="//footer" position="before"> <xpath expr="//footer" position="before">
<group string="MFA Settings" name="mfa_settings" col="8"> <group string="MFA Settings" name="mfa_settings" col="8">
<div colspan="8" class="oe_mb8">
<span>Note: Please add at least one authentication app/device before enabling MFA.</span>
</div>
<field name="mfa_enabled" readonly="0"/>
<newline/>
<field name="authenticator_ids" widget="many2many_tags" options="{'no_create': True}" colspan="7" readonly="0"/>
<p colspan="8">Note: Please add at least one authentication app/device before enabling MFA.</p>
<label for="mfa_enabled" colspan="3"/>
<field name="mfa_enabled" readonly="0" colspan="5" nolabel="1"/>
<label for="authenticator_ids" colspan="3"/>
<field name="authenticator_ids" widget="many2many_tags" options="{'no_create': True}" colspan="4" readonly="0" nolabel="1"/>
<button string="Add New App/Device" type="action" name="%(res_users_authenticator_create_action)d" colspan="1"/> <button string="Add New App/Device" type="action" name="%(res_users_authenticator_create_action)d" colspan="1"/>
</group> </group>
</xpath> </xpath>

Loading…
Cancel
Save