From 7351c764d70b1a978da101e60a9e7beb7dc54a5b Mon Sep 17 00:00:00 2001
From: Stefan Rijnhart <stefan@opener.am>
Date: Mon, 13 Nov 2017 11:54:10 +0100
Subject: [PATCH] [FIX] As an ERP manager, allow to reset users' passwords

---
 password_security/__manifest__.py                 |  2 +-
 .../security/res_users_pass_history.xml           |  7 +++++++
 password_security/tests/test_res_users.py         | 15 ++++++++++++++-
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/password_security/__manifest__.py b/password_security/__manifest__.py
index 0ec4e147b..871e79d58 100644
--- a/password_security/__manifest__.py
+++ b/password_security/__manifest__.py
@@ -5,7 +5,7 @@
 
     'name': 'Password Security',
     "summary": "Allow admin to set password security requirements.",
-    'version': '10.0.1.0.2',
+    'version': '10.0.1.1.0',
     'author': "LasLabs, Odoo Community Association (OCA)",
     'category': 'Base',
     'depends': [
diff --git a/password_security/security/res_users_pass_history.xml b/password_security/security/res_users_pass_history.xml
index 6d92311a1..b4e71877c 100644
--- a/password_security/security/res_users_pass_history.xml
+++ b/password_security/security/res_users_pass_history.xml
@@ -16,4 +16,11 @@
         ]</field>
     </record>
 
+    <record id="res_users_pass_history_rule_manager" model="ir.rule">
+        <field name="name">Res Users Pass History Access/Managers</field>
+        <field name="model_id" ref="password_security.model_res_users_pass_history"/>
+        <field name="groups" eval="[(4, ref('base.group_erp_manager'))]"/>
+        <field name="domain_force">[(1, '=', 1)]</field>
+    </record>
+
 </odoo>
diff --git a/password_security/tests/test_res_users.py b/password_security/tests/test_res_users.py
index 395c7278b..68b610d1e 100644
--- a/password_security/tests/test_res_users.py
+++ b/password_security/tests/test_res_users.py
@@ -13,6 +13,20 @@ class TestResUsers(TransactionCase):
 
     def setUp(self):
         super(TestResUsers, self).setUp()
+        self.main_comp = self.env.ref('base.main_company')
+        # Modify users as privileged, but non-root user
+        privileged_user = self.env['res.users'].create({
+            'name': 'Privileged User',
+            'login': 'privileged_user@example.com',
+            'company_id': self.main_comp.id,
+            'groups_id': [
+                (4, self.env.ref('base.group_erp_manager').id),
+                (4, self.env.ref('base.group_partner_manager').id),
+                (4, self.env.ref('base.group_user').id),
+            ],
+        })
+        privileged_user.email = privileged_user.login
+        self.env = self.env(user=privileged_user)
         self.login = 'foslabs@example.com'
         self.partner_vals = {
             'name': 'Partner',
@@ -20,7 +34,6 @@ class TestResUsers(TransactionCase):
             'email': self.login,
         }
         self.password = 'asdQWE123$%^'
-        self.main_comp = self.env.ref('base.main_company')
         self.vals = {
             'name': 'User',
             'login': self.login,