antonio
6 years ago
14 changed files with 105 additions and 172 deletions
-
69web_access_rule_buttons/README.rst
-
3web_access_rule_buttons/__init__.py
-
34web_access_rule_buttons/__manifest__.py
-
14web_access_rule_buttons/i18n/web_access_rule_buttons.pot
-
37web_access_rule_buttons/models.py
-
3web_access_rule_buttons/models/__init__.py
-
37web_access_rule_buttons/models/models.py
-
2web_access_rule_buttons/readme/CONTRIBUTORS.rst
-
2web_access_rule_buttons/readme/DESCRIPTION.rst
-
3web_access_rule_buttons/readme/USAGE.rst
-
BINweb_access_rule_buttons/static/description/icon.png
-
32web_access_rule_buttons/static/src/js/form_controller.js
-
31web_access_rule_buttons/static/src/js/web_access_rule_buttons.js
-
10web_access_rule_buttons/views/web_access_rule_buttons.xml
@ -1,68 +1 @@ |
|||
.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg |
|||
:target: http://www.gnu.org/licenses/agpl-3.0-standalone.html |
|||
:alt: License: AGPL-3 |
|||
|
|||
======================== |
|||
Web Access Rules Buttons |
|||
======================== |
|||
|
|||
This addon disables the Edit button on the form views if the user |
|||
cannot edit the current record according to the record access rules. |
|||
|
|||
|
|||
Usage |
|||
===== |
|||
|
|||
When using Odoo, even if a user has no rights to edit a record, the Edit button |
|||
is shown. The user can edit the record but won't be able to save his changes. |
|||
Now, the user won't be able to click on the Edit button. |
|||
|
|||
.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas |
|||
:alt: Try me on Runbot |
|||
:target: https://runbot.odoo-community.org/runbot/162/10.0 |
|||
|
|||
Known issues / Roadmap |
|||
====================== |
|||
|
|||
* Additional requests will be issued when a record is loaded in a form view in |
|||
order to check if the user has the access right. |
|||
|
|||
Bug Tracker |
|||
=========== |
|||
|
|||
Bugs are tracked on `GitHub Issues |
|||
<https://github.com/OCA/web/issues>`_. In case of trouble, please |
|||
check there if your issue has already been reported. If you spotted it first, |
|||
help us smashing it by providing a detailed and welcomed `feedback |
|||
<https://github.com/OCA/ |
|||
web/issues/new?body=module:%20 |
|||
web_access_rule_buttons%0Aversion:%20 |
|||
10.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_. |
|||
|
|||
Credits |
|||
======= |
|||
|
|||
Images |
|||
------ |
|||
|
|||
* Odoo Community Association: `Icon <https://github.com/OCA/maintainer-tools/blob/master/template/module/static/description/icon.svg>`_. |
|||
|
|||
Contributors |
|||
------------ |
|||
|
|||
* Guewen Baconnier <guewen.baconnier@camptocamp.com> |
|||
|
|||
Maintainer |
|||
---------- |
|||
|
|||
.. image:: https://odoo-community.org/logo.png |
|||
:alt: Odoo Community Association |
|||
:target: https://odoo-community.org |
|||
|
|||
This module is maintained by the OCA. |
|||
|
|||
OCA, or the Odoo Community Association, is a nonprofit organization whose |
|||
mission is to support the collaborative development of Odoo features and |
|||
promote its widespread use. |
|||
|
|||
To contribute to this module, please visit https://odoo-community.org. |
|||
**This file is going to be generated by oca-gen-addon-readme.** |
@ -1,2 +1,3 @@ |
|||
# -*- coding: utf-8 -*- |
|||
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). |
|||
|
|||
from . import models |
@ -1,17 +1,19 @@ |
|||
# -*- coding: utf-8 -*- |
|||
# © 2016 Camptocamp SA |
|||
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html) |
|||
# Copyright 2016 Camptocamp SA |
|||
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). |
|||
|
|||
{'name': 'Web Access Rules Buttons', |
|||
'summary': 'Disable Edit button if access rules prevent this action', |
|||
'version': '10.0.1.0.0', |
|||
'author': 'Camptocamp,Odoo Community Association (OCA)', |
|||
'license': 'AGPL-3', |
|||
'category': 'Web', |
|||
'depends': ['web', |
|||
], |
|||
'website': 'http://www.camptocamp.com', |
|||
'data': ['views/web_access_rule_buttons.xml', |
|||
], |
|||
'installable': True, |
|||
} |
|||
{ |
|||
"name": "Web Access Rules Buttons", |
|||
"summary": "Disable Edit button if access rules prevent this action", |
|||
"version": "11.0.1.0.0", |
|||
"author": "Camptocamp, Onestein, Odoo Community Association (OCA)", |
|||
"license": "AGPL-3", |
|||
"category": "Web", |
|||
"depends": [ |
|||
"web", |
|||
], |
|||
"website": "https://github.com/OCA/web/tree/11.0/web_access_rule_buttons", |
|||
"data": [ |
|||
"views/web_access_rule_buttons.xml", |
|||
], |
|||
"installable": True, |
|||
} |
@ -1,14 +0,0 @@ |
|||
# Translation of Odoo Server. |
|||
# This file contains the translation of the following modules: |
|||
# |
|||
msgid "" |
|||
msgstr "" |
|||
"Project-Id-Version: Odoo Server 10.0\n" |
|||
"Report-Msgid-Bugs-To: \n" |
|||
"Last-Translator: <>\n" |
|||
"Language-Team: \n" |
|||
"MIME-Version: 1.0\n" |
|||
"Content-Type: text/plain; charset=UTF-8\n" |
|||
"Content-Transfer-Encoding: \n" |
|||
"Plural-Forms: \n" |
|||
|
@ -1,37 +0,0 @@ |
|||
# -*- coding: utf-8 -*- |
|||
# © 2016 Camptocamp SA |
|||
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html) |
|||
|
|||
from odoo import models, api, exceptions |
|||
|
|||
|
|||
@api.multi |
|||
def check_access_rule_all(self, operations=None): |
|||
"""Verifies that the operation given by ``operations`` is allowed for the |
|||
user according to ir.rules. |
|||
|
|||
If ``operations`` is empty, it returns the result for all actions. |
|||
|
|||
:param operation: a list of ``read``, ``create``, ``write``, ``unlink`` |
|||
:return: {operation: access} (access is a boolean) |
|||
""" |
|||
if operations is None: |
|||
operations = ['read', 'create', 'write', 'unlink'] |
|||
result = {} |
|||
for operation in operations: |
|||
if self.is_transient() and not self.ids: |
|||
# If we call check_access_rule() without id, it will try to run a |
|||
# SELECT without ID which will crash, so we just blindly allow the |
|||
# operations |
|||
result[operation] = True |
|||
continue |
|||
try: |
|||
self.check_access_rule(operation) |
|||
except exceptions.AccessError: |
|||
result[operation] = False |
|||
else: |
|||
result[operation] = True |
|||
return result |
|||
|
|||
|
|||
models.BaseModel.check_access_rule_all = check_access_rule_all |
@ -0,0 +1,3 @@ |
|||
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). |
|||
|
|||
from . import models |
@ -0,0 +1,37 @@ |
|||
# Copyright 2016 Camptocamp SA |
|||
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). |
|||
|
|||
from odoo import models, api, exceptions |
|||
|
|||
|
|||
class Base(models.AbstractModel): |
|||
""" The base model, which is implicitly inherited by all models. """ |
|||
_inherit = 'base' |
|||
|
|||
@api.multi |
|||
def check_access_rule_all(self, operations=None): |
|||
"""Verifies that the operation given by ``operations`` is allowed for |
|||
the user according to ir.rules. |
|||
|
|||
If ``operations`` is empty, it returns the result for all actions. |
|||
|
|||
:param operation: a list of ``read``, ``create``, ``write``, ``unlink`` |
|||
:return: {operation: access} (access is a boolean) |
|||
""" |
|||
if operations or None: |
|||
operations = ['read', 'create', 'write', 'unlink'] |
|||
result = {} |
|||
for operation in operations: |
|||
if self.is_transient() and not self.ids: |
|||
# If we call check_access_rule() without id, it will try to |
|||
# run a SELECT without ID which will crash, so we just blindly |
|||
# allow the operations |
|||
result[operation] = True |
|||
continue |
|||
try: |
|||
self.check_access_rule(operation) |
|||
except exceptions.AccessError: |
|||
result[operation] = False |
|||
else: |
|||
result[operation] = True |
|||
return result |
@ -0,0 +1,2 @@ |
|||
* Guewen Baconnier <guewen.baconnier@camptocamp.com> |
|||
* Antonio Esposito <a.esposito@onestein.nl> |
@ -0,0 +1,2 @@ |
|||
This addon disables the Edit button on the form views if the user |
|||
cannot edit the current record according to the record access rules. |
@ -0,0 +1,3 @@ |
|||
When using Odoo, even if a user has no rights to edit a record, the Edit button |
|||
is shown. The user can edit the record but won't be able to save his changes. |
|||
Now, the user won't be able to click on the Edit button. |
Before Width: 128 | Height: 128 | Size: 9.2 KiB |
@ -0,0 +1,32 @@ |
|||
/* Copyright 2016 Camptocamp SA |
|||
* License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). */
|
|||
|
|||
odoo.define("web_access_rule_buttons.main", function (require) { |
|||
"use strict"; |
|||
var FormController = require("web.FormController"); |
|||
FormController.include({ |
|||
|
|||
_update: function (state) { |
|||
return this._super(state).then(this.show_hide_buttons(state)); |
|||
}, |
|||
show_hide_buttons : function (state) { |
|||
var self = this; |
|||
return self._rpc({ |
|||
model: this.modelName, |
|||
method: 'check_access_rule_all', |
|||
args: [[state.data.id], ["write"]], |
|||
}).then(function (accesses) { |
|||
self.show_hide_edit_button(accesses.write); |
|||
}); |
|||
}, |
|||
show_hide_edit_button : function (access) { |
|||
if (this.$buttons) { |
|||
var button = this.$buttons.find(".o_form_button_edit"); |
|||
if (button) { |
|||
button.prop("disabled", !access); |
|||
} |
|||
} |
|||
}, |
|||
|
|||
}); |
|||
}); |
@ -1,31 +0,0 @@ |
|||
/* |
|||
* © 2016 Camptocamp SA |
|||
* License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
|
|||
*/ |
|||
odoo.define("web_access_rule_buttons.main", function(require) { |
|||
"use strict"; |
|||
|
|||
var FormView = require("web.FormView"); |
|||
FormView.include({ |
|||
|
|||
load_record : function() { |
|||
return this._super.apply(this, arguments).then($.proxy(this.show_hide_buttons, this)); |
|||
}, |
|||
|
|||
show_hide_buttons : function() { |
|||
var self = this; |
|||
this.dataset.call("check_access_rule_all", [ [ this.datarecord.id ], [ "write" ] ]).then(function(accesses) { |
|||
self.show_hide_edit_button(accesses.write); |
|||
}); |
|||
}, |
|||
|
|||
show_hide_edit_button : function(access) { |
|||
if (this.$buttons) { |
|||
var button = this.$buttons.find(".o_form_button_edit"); |
|||
if (button) { |
|||
button.prop("disabled", !access); |
|||
} |
|||
} |
|||
} |
|||
}); |
|||
}); |
@ -1,8 +1,8 @@ |
|||
<?xml version="1.0" encoding="UTF-8"?> |
|||
<odoo> |
|||
<template id="assets_backend" name="web_access_rule_buttons assets" inherit_id="web.assets_backend"> |
|||
<xpath expr="." position="inside"> |
|||
<script type="text/javascript" src="/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js"></script> |
|||
</xpath> |
|||
</template> |
|||
<template id="assets_backend" name="web_access_rule_buttons assets" inherit_id="web.assets_backend"> |
|||
<xpath expr="." position="inside"> |
|||
<script type="text/javascript" src="/web_access_rule_buttons/static/src/js/form_controller.js"></script> |
|||
</xpath> |
|||
</template> |
|||
</odoo> |
Write
Preview
Loading…
Cancel
Save
Reference in new issue