Merge pull request #1243 from espo-tony/11.0-mig-web_access_rule_buttons

[11.0][MIG] web_access_rule_buttons

web_access_rule_buttons/README.rst

@@ -0,0 +1 @@
+**This file is going to be generated by oca-gen-addon-readme.**

web_access_rule_buttons/__init__.py

@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from . import models

web_access_rule_buttons/__manifest__.py

@@ -0,0 +1,19 @@
+# Copyright 2016 Camptocamp SA
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Web Access Rules Buttons",
+    "summary": "Disable Edit button if access rules prevent this action",
+    "version": "11.0.1.0.0",
+    "author": "Camptocamp, Onestein, Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "category": "Web",
+    "depends": [
+        "web",
+    ],
+    "website": "https://github.com/OCA/web/tree/11.0/web_access_rule_buttons",
+    "data": [
+        "views/web_access_rule_buttons.xml",
+    ],
+    "installable": True,
+}

web_access_rule_buttons/models/__init__.py

@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from . import models

web_access_rule_buttons/models/models.py

@@ -0,0 +1,37 @@
+# Copyright 2016 Camptocamp SA
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import models, api, exceptions
+
+
+class Base(models.AbstractModel):
+    """ The base model, which is implicitly inherited by all models. """
+    _inherit = 'base'
+
+    @api.multi
+    def check_access_rule_all(self, operations=None):
+        """Verifies that the operation given by ``operations`` is allowed for
+        the user according to ir.rules.
+
+        If ``operations`` is empty, it returns the result for all actions.
+
+       :param operation: a list of ``read``, ``create``, ``write``, ``unlink``
+       :return: {operation: access} (access is a boolean)
+        """
+        if not operations or not any(operations):
+            operations = ['read', 'create', 'write', 'unlink']
+        result = {}
+        for operation in operations:
+            if self.is_transient() or not self.ids:
+                # If we call check_access_rule() without id, it will try to
+                # run a SELECT without ID which will crash, so we just blindly
+                # allow the operations
+                result[operation] = True
+                continue
+            try:
+                self.check_access_rule(operation)
+            except exceptions.AccessError:
+                result[operation] = False
+            else:
+                result[operation] = True
+        return result

web_access_rule_buttons/readme/CONTRIBUTORS.rst

@@ -0,0 +1,2 @@
+* Guewen Baconnier <guewen.baconnier@camptocamp.com>
+* Antonio Esposito <a.esposito@onestein.nl>

web_access_rule_buttons/readme/DESCRIPTION.rst

@@ -0,0 +1,2 @@
+This addon disables the Edit button on the form views if the user
+cannot edit the current record according to the record access rules.

web_access_rule_buttons/readme/USAGE.rst

@@ -0,0 +1,3 @@
+When using Odoo, even if a user has no rights to edit a record, the Edit button
+is shown. The user can edit the record but won't be able to save his changes.
+Now, the user won't be able to click on the Edit button.

web_access_rule_buttons/static/src/js/form_controller.js

@@ -0,0 +1,32 @@
+/* Copyright 2016 Camptocamp SA
+ * License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). */
+
+odoo.define("web_access_rule_buttons.main", function (require) {
+    "use strict";
+    var FormController = require("web.FormController");
+    FormController.include({
+
+        _update: function (state) {
+            return this._super(state).then(this.show_hide_buttons(state));
+        },
+        show_hide_buttons : function (state) {
+            var self = this;
+            return self._rpc({
+                model: this.modelName,
+                method: 'check_access_rule_all',
+                args: [[state.data.id], ["write"]],
+            }).then(function (accesses) {
+                self.show_hide_edit_button(accesses.write);
+            });
+        },
+        show_hide_edit_button : function (access) {
+            if (this.$buttons) {
+                var button = this.$buttons.find(".o_form_button_edit");
+                if (button) {
+                    button.prop("disabled", !access);
+                }
+            }
+        },
+
+    });
+});

web_access_rule_buttons/tests/__init__.py

@@ -0,0 +1,3 @@
+# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl.html).
+
+from . import test_access_rule_buttons

web_access_rule_buttons/tests/test_access_rule_buttons.py

@@ -0,0 +1,19 @@
+# Copyright 2019 Onestein BV
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+from odoo.tests.common import TransactionCase
+
+
+class TestAccessRuleButtons(TransactionCase):
+    def setUp(self):
+        super(TestAccessRuleButtons, self).setUp()
+
+        self.curr_obj = self.env['res.currency']
+        self.curr_record = self.env.ref('base.USD')
+
+    def test_check_access_rule_1(self):
+        res = self.curr_obj.check_access_rule_all(['write'])
+        self.assertTrue(res['write'])
+
+    def test_check_access_rule_2(self):
+        res = self.curr_record.check_access_rule_all(['write'])
+        self.assertTrue(res['write'])

web_access_rule_buttons/views/web_access_rule_buttons.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<odoo>
+    <template id="assets_backend" name="web_access_rule_buttons assets" inherit_id="web.assets_backend">
+        <xpath expr="." position="inside">
+            <script type="text/javascript" src="/web_access_rule_buttons/static/src/js/form_controller.js"></script>
+        </xpath>
+    </template>
+</odoo>