From fe1848db2d72078bc0af40b680814d95c4ae503f Mon Sep 17 00:00:00 2001 From: Guewen Baconnier Date: Mon, 4 Jan 2016 16:23:01 +0100 Subject: [PATCH 1/4] Add web_access_rule_buttons Disable buttons which lead to action disallowed by record rules. --- web_access_rule_buttons/README.rst | 68 +++++++++++++++++++ web_access_rule_buttons/__init__.py | 2 + web_access_rule_buttons/__openerp__.py | 17 +++++ web_access_rule_buttons/models.py | 31 +++++++++ .../static/src/js/web_access_rule_buttons.js | 48 +++++++++++++ .../views/web_access_rule_buttons.xml | 10 +++ 6 files changed, 176 insertions(+) create mode 100644 web_access_rule_buttons/README.rst create mode 100644 web_access_rule_buttons/__init__.py create mode 100644 web_access_rule_buttons/__openerp__.py create mode 100644 web_access_rule_buttons/models.py create mode 100644 web_access_rule_buttons/static/src/js/web_access_rule_buttons.js create mode 100644 web_access_rule_buttons/views/web_access_rule_buttons.xml diff --git a/web_access_rule_buttons/README.rst b/web_access_rule_buttons/README.rst new file mode 100644 index 00000000..85d08853 --- /dev/null +++ b/web_access_rule_buttons/README.rst @@ -0,0 +1,68 @@ +.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 + +======================== +Web Access Rules Buttons +======================== + +This addon disables the Edit button on the form views if the user +cannot edit the current record according to the record access rules. + + +Usage +===== + +When using Odoo, even if a user has no rights to edit a record, the Edit button +is shown. The user can edit the record but won't be able to save his changes. +Now, the user won't be able to click on the Edit button. + +.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas + :alt: Try me on Runbot + :target: https://runbot.odoo-community.org/runbot/162/9.0 + +Known issues / Roadmap +====================== + +* Additional requests will be issued when a record is loaded in a form view in + order to check if the user has the access right. + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues +`_. In case of trouble, please +check there if your issue has already been reported. If you spotted it first, +help us smashing it by providing a detailed and welcomed `feedback +`_. + +Credits +======= + +Images +------ + +* Odoo Community Association: `Icon `_. + +Contributors +------------ + +* Guewen Baconnier + +Maintainer +---------- + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +This module is maintained by the OCA. + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +To contribute to this module, please visit https://odoo-community.org. diff --git a/web_access_rule_buttons/__init__.py b/web_access_rule_buttons/__init__.py new file mode 100644 index 00000000..a0fdc10f --- /dev/null +++ b/web_access_rule_buttons/__init__.py @@ -0,0 +1,2 @@ +# -*- coding: utf-8 -*- +from . import models diff --git a/web_access_rule_buttons/__openerp__.py b/web_access_rule_buttons/__openerp__.py new file mode 100644 index 00000000..cb5e5a2d --- /dev/null +++ b/web_access_rule_buttons/__openerp__.py @@ -0,0 +1,17 @@ +# -*- coding: utf-8 -*- +# © 2016 Camptocamp SA +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html) + +{'name': 'Web Access Rules Buttons', + 'summary': 'Disable Edit button if access rules prevent this action', + 'version': '9.0.1.0.0', + 'author': 'Camptocamp,Odoo Community Association (OCA)', + 'license': 'AGPL-3', + 'category': 'Web', + 'depends': ['web', + ], + 'website': 'http://www.camptocamp.com', + 'data': ['views/web_access_rule_buttons.xml', + ], + 'installable': True, + } diff --git a/web_access_rule_buttons/models.py b/web_access_rule_buttons/models.py new file mode 100644 index 00000000..a4ef8b18 --- /dev/null +++ b/web_access_rule_buttons/models.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +# © 2016 Camptocamp SA +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html) + +from openerp import models, api, exceptions + + +@api.multi +def check_access_rule_all(self, operations=None): + """Verifies that the operation given by ``operations`` is allowed for the + user according to ir.rules. + + If ``operations`` is empty, it returns the result for all actions. + + :param operation: a list of ``read``, ``create``, ``write``, ``unlink`` + :return: {operation: access} (access is a boolean) + """ + if operations is None: + operations = ['read', 'create', 'write', 'unlink'] + result = {} + for operation in operations: + try: + self.check_access_rule(operation) + except exceptions.AccessError: + result[operation] = False + else: + result[operation] = True + return result + + +models.BaseModel.check_access_rule_all = check_access_rule_all diff --git a/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js b/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js new file mode 100644 index 00000000..f189158c --- /dev/null +++ b/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js @@ -0,0 +1,48 @@ +/* + * © 2016 Camptocamp SA + * License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html) + */ +odoo.define('web_access_rule_buttons.main', function (require) { + "use strict"; + + var core = require('web.core'); + + var FormView = require('web.FormView'); + var ListView = require('web.ListView'); + + var QWeb = core.qweb; + + var _t = core._t; + + FormView.include({ + + load_record: function() { + var self = this; + return this._super.apply(this, arguments) + .then(function() { + self.show_hide_buttons() + }); + }, + + show_hide_buttons: function() { + var self = this; + this.dataset.call('check_access_rule_all', + [[this.datarecord.id], + ['write']]) + .then(function(accesses) { + self.show_hide_edit_button(accesses.write); + }); + }, + + show_hide_edit_button: function(access) { + var button = this.$buttons.find('.oe_form_button_edit'); + if(access) { + button.removeAttr('disabled'); + } else { + button.attr('disabled', true); + } + } + + }); + +}); diff --git a/web_access_rule_buttons/views/web_access_rule_buttons.xml b/web_access_rule_buttons/views/web_access_rule_buttons.xml new file mode 100644 index 00000000..98e03de8 --- /dev/null +++ b/web_access_rule_buttons/views/web_access_rule_buttons.xml @@ -0,0 +1,10 @@ + + + + + + From 0c1df28982c772d9b97c05b8dd319143748288f0 Mon Sep 17 00:00:00 2001 From: Yannick Vaucher Date: Tue, 5 Jan 2016 15:44:47 +0100 Subject: [PATCH 2/4] Check if buttons are set in case we are in a popup window --- .../static/src/js/web_access_rule_buttons.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js b/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js index f189158c..26279c68 100644 --- a/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js +++ b/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js @@ -35,11 +35,13 @@ odoo.define('web_access_rule_buttons.main', function (require) { }, show_hide_edit_button: function(access) { - var button = this.$buttons.find('.oe_form_button_edit'); - if(access) { - button.removeAttr('disabled'); - } else { - button.attr('disabled', true); + if (this.$buttons) { + var button = this.$buttons.find('.oe_form_button_edit'); + if(access) { + button.removeAttr('disabled'); + } else { + button.attr('disabled', true); + } } } From 36457bd54fa1bba7b9c4ed3d72c1d5ea6dfb49b2 Mon Sep 17 00:00:00 2001 From: Guewen Baconnier Date: Mon, 11 Jan 2016 11:57:32 +0100 Subject: [PATCH 3/4] Remove unused variables --- .../static/src/js/web_access_rule_buttons.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js b/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js index 26279c68..82422f33 100644 --- a/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js +++ b/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js @@ -10,10 +10,6 @@ odoo.define('web_access_rule_buttons.main', function (require) { var FormView = require('web.FormView'); var ListView = require('web.ListView'); - var QWeb = core.qweb; - - var _t = core._t; - FormView.include({ load_record: function() { From 38118ae32ad5359b26d5f65583f680fea26d6f9a Mon Sep 17 00:00:00 2001 From: Guewen Baconnier Date: Mon, 11 Jan 2016 12:02:39 +0100 Subject: [PATCH 4/4] Check if button is defined and use .prop() --- .../static/src/js/web_access_rule_buttons.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js b/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js index 82422f33..4d31aeb4 100644 --- a/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js +++ b/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js @@ -33,10 +33,8 @@ odoo.define('web_access_rule_buttons.main', function (require) { show_hide_edit_button: function(access) { if (this.$buttons) { var button = this.$buttons.find('.oe_form_button_edit'); - if(access) { - button.removeAttr('disabled'); - } else { - button.attr('disabled', true); + if(button) { + button.prop('disabled', !access); } } }