Add web_access_rule_buttons

Disable buttons which lead to action disallowed by record rules.

web_access_rule_buttons/README.rst

@@ -0,0 +1,68 @@
+.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
+   :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+   :alt: License: AGPL-3
+
+========================
+Web Access Rules Buttons
+========================
+
+This addon disables the Edit button on the form views if the user
+cannot edit the current record according to the record access rules.
+
+
+Usage
+=====
+
+When using Odoo, even if a user has no rights to edit a record, the Edit button
+is shown. The user can edit the record but won't be able to save his changes.
+Now, the user won't be able to click on the Edit button.
+
+.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas
+   :alt: Try me on Runbot
+   :target: https://runbot.odoo-community.org/runbot/162/9.0
+
+Known issues / Roadmap
+======================
+
+* Additional requests will be issued when a record is loaded in a form view in
+  order to check if the user has the access right.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues
+<https://github.com/OCA/web/issues>`_. In case of trouble, please
+check there if your issue has already been reported. If you spotted it first,
+help us smashing it by providing a detailed and welcomed `feedback
+<https://github.com/OCA/
+web/issues/new?body=module:%20
+web_access_rule_buttons%0Aversion:%20
+9.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Credits
+=======
+
+Images
+------
+
+* Odoo Community Association: `Icon <https://github.com/OCA/maintainer-tools/blob/master/template/module/static/description/icon.svg>`_.
+
+Contributors
+------------
+
+* Guewen Baconnier <guewen.baconnier@camptocamp.com>
+
+Maintainer
+----------
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+This module is maintained by the OCA.
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+To contribute to this module, please visit https://odoo-community.org.

web_access_rule_buttons/__init__.py

@@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+from . import models

web_access_rule_buttons/__openerp__.py

@@ -0,0 +1,17 @@
+# -*- coding: utf-8 -*-
+# © 2016 Camptocamp SA
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
+
+{'name': 'Web Access Rules Buttons',
+ 'summary': 'Disable Edit button if access rules prevent this action',
+ 'version': '9.0.1.0.0',
+ 'author': 'Camptocamp,Odoo Community Association (OCA)',
+ 'license': 'AGPL-3',
+ 'category': 'Web',
+ 'depends': ['web',
+             ],
+ 'website': 'http://www.camptocamp.com',
+ 'data': ['views/web_access_rule_buttons.xml',
+          ],
+ 'installable': True,
+ }

web_access_rule_buttons/models.py

@@ -0,0 +1,31 @@
+# -*- coding: utf-8 -*-
+# © 2016 Camptocamp SA
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
+
+from openerp import models, api, exceptions
+
+
+@api.multi
+def check_access_rule_all(self, operations=None):
+    """Verifies that the operation given by ``operations`` is allowed for the
+    user according to ir.rules.
+
+    If ``operations`` is empty, it returns the result for all actions.
+
+   :param operation: a list of ``read``, ``create``, ``write``, ``unlink``
+   :return: {operation: access} (access is a boolean)
+    """
+    if operations is None:
+        operations = ['read', 'create', 'write', 'unlink']
+    result = {}
+    for operation in operations:
+        try:
+            self.check_access_rule(operation)
+        except exceptions.AccessError:
+            result[operation] = False
+        else:
+            result[operation] = True
+    return result
+
+
+models.BaseModel.check_access_rule_all = check_access_rule_all

web_access_rule_buttons/static/src/js/web_access_rule_buttons.js

@@ -0,0 +1,48 @@
+/*
+ * © 2016 Camptocamp SA
+ * License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
+ */
+odoo.define('web_access_rule_buttons.main', function (require) {
+  "use strict";
+
+  var core = require('web.core');
+
+  var FormView = require('web.FormView');
+  var ListView = require('web.ListView');
+
+  var QWeb = core.qweb;
+
+  var _t = core._t;
+
+  FormView.include({
+
+    load_record: function() {
+      var self = this;
+      return this._super.apply(this, arguments)
+        .then(function() {
+          self.show_hide_buttons()
+        });
+    },
+
+    show_hide_buttons: function() {
+      var self = this;
+      this.dataset.call('check_access_rule_all',
+                        [[this.datarecord.id],
+                         ['write']])
+        .then(function(accesses) {
+          self.show_hide_edit_button(accesses.write);
+        });
+    },
+
+    show_hide_edit_button: function(access) {
+      var button = this.$buttons.find('.oe_form_button_edit');
+      if(access) {
+        button.removeAttr('disabled');
+      } else {
+        button.attr('disabled', true);
+      }
+    }
+
+  });
+
+});

web_access_rule_buttons/views/web_access_rule_buttons.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<openerp>
+  <data>
+    <template id="assets_backend" name="web_access_rule_buttons assets" inherit_id="web.assets_backend">
+      <xpath expr="." position="inside">
+        <script type="text/javascript" src="/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js"></script>
+      </xpath>
+    </template>
+  </data>
+</openerp>