diff --git a/web_access_rule_buttons/README.rst b/web_access_rule_buttons/README.rst index 671b1609..303882d1 100644 --- a/web_access_rule_buttons/README.rst +++ b/web_access_rule_buttons/README.rst @@ -1,68 +1 @@ -.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg - :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html - :alt: License: AGPL-3 - -======================== -Web Access Rules Buttons -======================== - -This addon disables the Edit button on the form views if the user -cannot edit the current record according to the record access rules. - - -Usage -===== - -When using Odoo, even if a user has no rights to edit a record, the Edit button -is shown. The user can edit the record but won't be able to save his changes. -Now, the user won't be able to click on the Edit button. - -.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas - :alt: Try me on Runbot - :target: https://runbot.odoo-community.org/runbot/162/10.0 - -Known issues / Roadmap -====================== - -* Additional requests will be issued when a record is loaded in a form view in - order to check if the user has the access right. - -Bug Tracker -=========== - -Bugs are tracked on `GitHub Issues -`_. In case of trouble, please -check there if your issue has already been reported. If you spotted it first, -help us smashing it by providing a detailed and welcomed `feedback -`_. - -Credits -======= - -Images ------- - -* Odoo Community Association: `Icon `_. - -Contributors ------------- - -* Guewen Baconnier - -Maintainer ----------- - -.. image:: https://odoo-community.org/logo.png - :alt: Odoo Community Association - :target: https://odoo-community.org - -This module is maintained by the OCA. - -OCA, or the Odoo Community Association, is a nonprofit organization whose -mission is to support the collaborative development of Odoo features and -promote its widespread use. - -To contribute to this module, please visit https://odoo-community.org. +**This file is going to be generated by oca-gen-addon-readme.** \ No newline at end of file diff --git a/web_access_rule_buttons/__init__.py b/web_access_rule_buttons/__init__.py index a0fdc10f..31660d6a 100644 --- a/web_access_rule_buttons/__init__.py +++ b/web_access_rule_buttons/__init__.py @@ -1,2 +1,3 @@ -# -*- coding: utf-8 -*- +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + from . import models diff --git a/web_access_rule_buttons/__manifest__.py b/web_access_rule_buttons/__manifest__.py index 3867cce0..291f999c 100644 --- a/web_access_rule_buttons/__manifest__.py +++ b/web_access_rule_buttons/__manifest__.py @@ -1,17 +1,19 @@ -# -*- coding: utf-8 -*- -# © 2016 Camptocamp SA -# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html) +# Copyright 2016 Camptocamp SA +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). -{'name': 'Web Access Rules Buttons', - 'summary': 'Disable Edit button if access rules prevent this action', - 'version': '10.0.1.0.0', - 'author': 'Camptocamp,Odoo Community Association (OCA)', - 'license': 'AGPL-3', - 'category': 'Web', - 'depends': ['web', - ], - 'website': 'http://www.camptocamp.com', - 'data': ['views/web_access_rule_buttons.xml', - ], - 'installable': True, - } +{ + "name": "Web Access Rules Buttons", + "summary": "Disable Edit button if access rules prevent this action", + "version": "11.0.1.0.0", + "author": "Camptocamp, Onestein, Odoo Community Association (OCA)", + "license": "AGPL-3", + "category": "Web", + "depends": [ + "web", + ], + "website": "https://github.com/OCA/web/tree/11.0/web_access_rule_buttons", + "data": [ + "views/web_access_rule_buttons.xml", + ], + "installable": True, +} diff --git a/web_access_rule_buttons/i18n/web_access_rule_buttons.pot b/web_access_rule_buttons/i18n/web_access_rule_buttons.pot deleted file mode 100644 index b662aad9..00000000 --- a/web_access_rule_buttons/i18n/web_access_rule_buttons.pot +++ /dev/null @@ -1,14 +0,0 @@ -# Translation of Odoo Server. -# This file contains the translation of the following modules: -# -msgid "" -msgstr "" -"Project-Id-Version: Odoo Server 10.0\n" -"Report-Msgid-Bugs-To: \n" -"Last-Translator: <>\n" -"Language-Team: \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: \n" -"Plural-Forms: \n" - diff --git a/web_access_rule_buttons/models.py b/web_access_rule_buttons/models.py deleted file mode 100644 index dc782feb..00000000 --- a/web_access_rule_buttons/models.py +++ /dev/null @@ -1,37 +0,0 @@ -# -*- coding: utf-8 -*- -# © 2016 Camptocamp SA -# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html) - -from odoo import models, api, exceptions - - -@api.multi -def check_access_rule_all(self, operations=None): - """Verifies that the operation given by ``operations`` is allowed for the - user according to ir.rules. - - If ``operations`` is empty, it returns the result for all actions. - - :param operation: a list of ``read``, ``create``, ``write``, ``unlink`` - :return: {operation: access} (access is a boolean) - """ - if operations is None: - operations = ['read', 'create', 'write', 'unlink'] - result = {} - for operation in operations: - if self.is_transient() and not self.ids: - # If we call check_access_rule() without id, it will try to run a - # SELECT without ID which will crash, so we just blindly allow the - # operations - result[operation] = True - continue - try: - self.check_access_rule(operation) - except exceptions.AccessError: - result[operation] = False - else: - result[operation] = True - return result - - -models.BaseModel.check_access_rule_all = check_access_rule_all diff --git a/web_access_rule_buttons/models/__init__.py b/web_access_rule_buttons/models/__init__.py new file mode 100644 index 00000000..31660d6a --- /dev/null +++ b/web_access_rule_buttons/models/__init__.py @@ -0,0 +1,3 @@ +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from . import models diff --git a/web_access_rule_buttons/models/models.py b/web_access_rule_buttons/models/models.py new file mode 100644 index 00000000..1d50743c --- /dev/null +++ b/web_access_rule_buttons/models/models.py @@ -0,0 +1,37 @@ +# Copyright 2016 Camptocamp SA +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from odoo import models, api, exceptions + + +class Base(models.AbstractModel): + """ The base model, which is implicitly inherited by all models. """ + _inherit = 'base' + + @api.multi + def check_access_rule_all(self, operations=None): + """Verifies that the operation given by ``operations`` is allowed for + the user according to ir.rules. + + If ``operations`` is empty, it returns the result for all actions. + + :param operation: a list of ``read``, ``create``, ``write``, ``unlink`` + :return: {operation: access} (access is a boolean) + """ + if operations or None: + operations = ['read', 'create', 'write', 'unlink'] + result = {} + for operation in operations: + if self.is_transient() and not self.ids: + # If we call check_access_rule() without id, it will try to + # run a SELECT without ID which will crash, so we just blindly + # allow the operations + result[operation] = True + continue + try: + self.check_access_rule(operation) + except exceptions.AccessError: + result[operation] = False + else: + result[operation] = True + return result diff --git a/web_access_rule_buttons/readme/CONTRIBUTORS.rst b/web_access_rule_buttons/readme/CONTRIBUTORS.rst new file mode 100644 index 00000000..37444b54 --- /dev/null +++ b/web_access_rule_buttons/readme/CONTRIBUTORS.rst @@ -0,0 +1,2 @@ +* Guewen Baconnier +* Antonio Esposito diff --git a/web_access_rule_buttons/readme/DESCRIPTION.rst b/web_access_rule_buttons/readme/DESCRIPTION.rst new file mode 100644 index 00000000..dd7a876d --- /dev/null +++ b/web_access_rule_buttons/readme/DESCRIPTION.rst @@ -0,0 +1,2 @@ +This addon disables the Edit button on the form views if the user +cannot edit the current record according to the record access rules. diff --git a/web_access_rule_buttons/readme/USAGE.rst b/web_access_rule_buttons/readme/USAGE.rst new file mode 100644 index 00000000..7a921d26 --- /dev/null +++ b/web_access_rule_buttons/readme/USAGE.rst @@ -0,0 +1,3 @@ +When using Odoo, even if a user has no rights to edit a record, the Edit button +is shown. The user can edit the record but won't be able to save his changes. +Now, the user won't be able to click on the Edit button. diff --git a/web_access_rule_buttons/static/description/icon.png b/web_access_rule_buttons/static/description/icon.png deleted file mode 100644 index 3a0328b5..00000000 Binary files a/web_access_rule_buttons/static/description/icon.png and /dev/null differ diff --git a/web_access_rule_buttons/static/src/js/form_controller.js b/web_access_rule_buttons/static/src/js/form_controller.js new file mode 100644 index 00000000..543023d2 --- /dev/null +++ b/web_access_rule_buttons/static/src/js/form_controller.js @@ -0,0 +1,32 @@ +/* Copyright 2016 Camptocamp SA + * License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). */ + +odoo.define("web_access_rule_buttons.main", function (require) { + "use strict"; + var FormController = require("web.FormController"); + FormController.include({ + + _update: function (state) { + return this._super(state).then(this.show_hide_buttons(state)); + }, + show_hide_buttons : function (state) { + var self = this; + return self._rpc({ + model: this.modelName, + method: 'check_access_rule_all', + args: [[state.data.id], ["write"]], + }).then(function (accesses) { + self.show_hide_edit_button(accesses.write); + }); + }, + show_hide_edit_button : function (access) { + if (this.$buttons) { + var button = this.$buttons.find(".o_form_button_edit"); + if (button) { + button.prop("disabled", !access); + } + } + }, + + }); +}); diff --git a/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js b/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js deleted file mode 100644 index d5fc53b7..00000000 --- a/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js +++ /dev/null @@ -1,31 +0,0 @@ -/* - * © 2016 Camptocamp SA - * License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html) - */ -odoo.define("web_access_rule_buttons.main", function(require) { - "use strict"; - - var FormView = require("web.FormView"); - FormView.include({ - - load_record : function() { - return this._super.apply(this, arguments).then($.proxy(this.show_hide_buttons, this)); - }, - - show_hide_buttons : function() { - var self = this; - this.dataset.call("check_access_rule_all", [ [ this.datarecord.id ], [ "write" ] ]).then(function(accesses) { - self.show_hide_edit_button(accesses.write); - }); - }, - - show_hide_edit_button : function(access) { - if (this.$buttons) { - var button = this.$buttons.find(".o_form_button_edit"); - if (button) { - button.prop("disabled", !access); - } - } - } - }); -}); diff --git a/web_access_rule_buttons/views/web_access_rule_buttons.xml b/web_access_rule_buttons/views/web_access_rule_buttons.xml index de7a0189..dd3af871 100644 --- a/web_access_rule_buttons/views/web_access_rule_buttons.xml +++ b/web_access_rule_buttons/views/web_access_rule_buttons.xml @@ -1,8 +1,8 @@ - +