Browse Source

Add web_access_rule_buttons

Disable buttons which lead to action disallowed by record rules.
pull/284/head
Guewen Baconnier 9 years ago
parent
commit
fe1848db2d
  1. 68
      web_access_rule_buttons/README.rst
  2. 2
      web_access_rule_buttons/__init__.py
  3. 17
      web_access_rule_buttons/__openerp__.py
  4. 31
      web_access_rule_buttons/models.py
  5. 48
      web_access_rule_buttons/static/src/js/web_access_rule_buttons.js
  6. 10
      web_access_rule_buttons/views/web_access_rule_buttons.xml

68
web_access_rule_buttons/README.rst

@ -0,0 +1,68 @@
.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
:target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
:alt: License: AGPL-3
========================
Web Access Rules Buttons
========================
This addon disables the Edit button on the form views if the user
cannot edit the current record according to the record access rules.
Usage
=====
When using Odoo, even if a user has no rights to edit a record, the Edit button
is shown. The user can edit the record but won't be able to save his changes.
Now, the user won't be able to click on the Edit button.
.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas
:alt: Try me on Runbot
:target: https://runbot.odoo-community.org/runbot/162/9.0
Known issues / Roadmap
======================
* Additional requests will be issued when a record is loaded in a form view in
order to check if the user has the access right.
Bug Tracker
===========
Bugs are tracked on `GitHub Issues
<https://github.com/OCA/web/issues>`_. In case of trouble, please
check there if your issue has already been reported. If you spotted it first,
help us smashing it by providing a detailed and welcomed `feedback
<https://github.com/OCA/
web/issues/new?body=module:%20
web_access_rule_buttons%0Aversion:%20
9.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
Credits
=======
Images
------
* Odoo Community Association: `Icon <https://github.com/OCA/maintainer-tools/blob/master/template/module/static/description/icon.svg>`_.
Contributors
------------
* Guewen Baconnier <guewen.baconnier@camptocamp.com>
Maintainer
----------
.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org
This module is maintained by the OCA.
OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.
To contribute to this module, please visit https://odoo-community.org.

2
web_access_rule_buttons/__init__.py

@ -0,0 +1,2 @@
# -*- coding: utf-8 -*-
from . import models

17
web_access_rule_buttons/__openerp__.py

@ -0,0 +1,17 @@
# -*- coding: utf-8 -*-
# © 2016 Camptocamp SA
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
{'name': 'Web Access Rules Buttons',
'summary': 'Disable Edit button if access rules prevent this action',
'version': '9.0.1.0.0',
'author': 'Camptocamp,Odoo Community Association (OCA)',
'license': 'AGPL-3',
'category': 'Web',
'depends': ['web',
],
'website': 'http://www.camptocamp.com',
'data': ['views/web_access_rule_buttons.xml',
],
'installable': True,
}

31
web_access_rule_buttons/models.py

@ -0,0 +1,31 @@
# -*- coding: utf-8 -*-
# © 2016 Camptocamp SA
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
from openerp import models, api, exceptions
@api.multi
def check_access_rule_all(self, operations=None):
"""Verifies that the operation given by ``operations`` is allowed for the
user according to ir.rules.
If ``operations`` is empty, it returns the result for all actions.
:param operation: a list of ``read``, ``create``, ``write``, ``unlink``
:return: {operation: access} (access is a boolean)
"""
if operations is None:
operations = ['read', 'create', 'write', 'unlink']
result = {}
for operation in operations:
try:
self.check_access_rule(operation)
except exceptions.AccessError:
result[operation] = False
else:
result[operation] = True
return result
models.BaseModel.check_access_rule_all = check_access_rule_all

48
web_access_rule_buttons/static/src/js/web_access_rule_buttons.js

@ -0,0 +1,48 @@
/*
* © 2016 Camptocamp SA
* License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html)
*/
odoo.define('web_access_rule_buttons.main', function (require) {
"use strict";
var core = require('web.core');
var FormView = require('web.FormView');
var ListView = require('web.ListView');
var QWeb = core.qweb;
var _t = core._t;
FormView.include({
load_record: function() {
var self = this;
return this._super.apply(this, arguments)
.then(function() {
self.show_hide_buttons()
});
},
show_hide_buttons: function() {
var self = this;
this.dataset.call('check_access_rule_all',
[[this.datarecord.id],
['write']])
.then(function(accesses) {
self.show_hide_edit_button(accesses.write);
});
},
show_hide_edit_button: function(access) {
var button = this.$buttons.find('.oe_form_button_edit');
if(access) {
button.removeAttr('disabled');
} else {
button.attr('disabled', true);
}
}
});
});

10
web_access_rule_buttons/views/web_access_rule_buttons.xml

@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<openerp>
<data>
<template id="assets_backend" name="web_access_rule_buttons assets" inherit_id="web.assets_backend">
<xpath expr="." position="inside">
<script type="text/javascript" src="/web_access_rule_buttons/static/src/js/web_access_rule_buttons.js"></script>
</xpath>
</template>
</data>
</openerp>
Loading…
Cancel
Save