forked from OCA/server-backend
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request OCA#311 from OCA/16.0
Syncing from upstream OCA/server-backend (16.0)
- Loading branch information
Showing
138 changed files
with
3,567 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,181 @@ | ||
| ============= | ||
| Group backend | ||
| ============= | ||
|
|
||
| .. | ||
| !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
| !! This file is generated by oca-gen-addon-readme !! | ||
| !! changes will be overwritten. !! | ||
| !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
| !! source digest: sha256:879007f368a0b75ad5da7f5d3e3d1d6ae386da26d27df7fc4dec1a6865cf0233 | ||
| !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
| .. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png | ||
| :target: https://odoo-community.org/page/development-status | ||
| :alt: Alpha | ||
| .. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png | ||
| :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html | ||
| :alt: License: LGPL-3 | ||
| .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github | ||
| :target: https://github.com/OCA/server-backend/tree/16.0/base_group_backend | ||
| :alt: OCA/server-backend | ||
| .. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png | ||
| :target: https://translation.odoo-community.org/projects/server-backend-16-0/server-backend-16-0-base_group_backend | ||
| :alt: Translate me on Weblate | ||
| .. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png | ||
| :target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=16.0 | ||
| :alt: Try me on Runboat | ||
|
|
||
| |badge1| |badge2| |badge3| |badge4| |badge5| | ||
|
|
||
| This module was written to extend the standard functionality regarding users | ||
| and groups management by adding a new `Backend user` group that only gives access | ||
| to odoo backend (`/web`): | ||
|
|
||
| * minimal default access: | ||
| * users and partners (this is necessary to access your own data) | ||
| * mail activity, notification and channel | ||
| * presence | ||
| * minimal default menu | ||
| * notification | ||
| * activities | ||
| * minimal default access rules | ||
|
|
||
| The problem with the `Internal user` is when you want to gives access to the | ||
| backend to a really thin part of your business to some users, it's quite hard | ||
| to properly maintain those roles over the project life, a lot of models use | ||
| that group (`base.group_user`) by default which makes hard to maintains. | ||
|
|
||
| So that helps creating well-defined user groups with more controls. | ||
|
|
||
| This modules does 3 things: | ||
| * It hijack the has_group method of res.users by returning True for group_backend users when the requested group is group_user (The need for this needs to be investigated) | ||
| * It sets the res_users.share to False for group_backend users. This allows those users to access the backend. | ||
| * It sets the bare minimum permission in the ir.model.access.csv to display the backend | ||
|
|
||
| We suggest to use this module with its compagnon `base_user_role` | ||
|
|
||
|
|
||
| Here is an example where a backend ui user can only access and use the dummy app. No other application are available to this user. You may define your own application instead of the dummy one. | ||
|
|
||
| .. figure:: https://raw.githubusercontent.com/OCA/server-backend/16.0/base_group_backend/static/description/dummy_app.png | ||
| :alt: Dummy app for demo | ||
|
|
||
|
|
||
|
|
||
| Limitations | ||
| ~~~~~~~~~~~ | ||
|
|
||
| At the time of writing, Odoo uses `res.users.share == False` to give the | ||
| backend access. | ||
| However to be able to access the backend without any errors some basic rights are necessary. | ||
| This module change the way `res.users.share` is computed to allow `group_backend users` to use the backend. | ||
|
|
||
| This avoids to write a lot of overwrite in different controllers from | ||
| different modules ('portal', 'web', 'base', 'website') with hard coded statements | ||
| that check if user is part of the `base.group_user` or `share == False` group. | ||
|
|
||
| .. warning:: | ||
|
|
||
| Using this module and grant a user with `group_backend`'s group is | ||
| equivalent to grant `group_user`'s group everywhere `has_group` | ||
| has been used. | ||
|
|
||
| .. IMPORTANT:: | ||
| This is an alpha version, the data model and design can change at any time without warning. | ||
| Only for development or testing purpose, do not use in production. | ||
| `More details on development status <https://odoo-community.org/page/development-status>`_ | ||
|
|
||
| **Table of contents** | ||
|
|
||
| .. contents:: | ||
| :local: | ||
|
|
||
| Configuration | ||
| ============= | ||
|
|
||
| To allow `group_backend` to interact with a model you can either add access rules to the group | ||
| or you can add `implied_ids` to `group_backend`. | ||
|
|
||
| .. note:: | ||
|
|
||
| Be aware users can only belong to one group from the user type category | ||
| (`base.module_category_user_type`). So your other groups can't inherit both | ||
| internal users and backend users. | ||
|
|
||
| Usage | ||
| ===== | ||
|
|
||
| To use this module, you need to: | ||
|
|
||
| #. Go to Configuration / Users / Users, choose a user and set the user type. | ||
|
|
||
| You get a users that is only able to access to the Odoo backend which you | ||
| can attach other groups that not implies other kind of users (`portal`, | ||
| `internal users`) | ||
|
|
||
| .. figure:: https://raw.githubusercontent.com/OCA/server-backend/16.0/base_group_backend/static/description/backend_ui.png | ||
| :alt: Backend UI user | ||
|
|
||
| Known issues / Roadmap | ||
| ====================== | ||
|
|
||
| Current module depends on `base_install_request` instead of `base`. | ||
|
|
||
| We don't need `base_install_request` auto install module but we must override it to set a security group on `App` menu. | ||
|
|
||
| This dependency should be remove if possible in future versions. | ||
|
|
||
| Bug Tracker | ||
| =========== | ||
|
|
||
| Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-backend/issues>`_. | ||
| In case of trouble, please check there if your issue has already been reported. | ||
| If you spotted it first, help us to smash it by providing a detailed and welcomed | ||
| `feedback <https://github.com/OCA/server-backend/issues/new?body=module:%20base_group_backend%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_. | ||
|
|
||
| Do not contact contributors directly about support or help with technical issues. | ||
|
|
||
| Credits | ||
| ======= | ||
|
|
||
| Authors | ||
| ~~~~~~~ | ||
|
|
||
| * Pierre Verkest | ||
|
|
||
| Contributors | ||
| ~~~~~~~~~~~~ | ||
|
|
||
| * Pierre Verkest <[email protected]> | ||
| * François Poizat <[email protected]> | ||
|
|
||
| Do not contact contributors directly about support or help with technical issues. | ||
|
|
||
| Maintainers | ||
| ~~~~~~~~~~~ | ||
|
|
||
| This module is maintained by the OCA. | ||
|
|
||
| .. image:: https://odoo-community.org/logo.png | ||
| :alt: Odoo Community Association | ||
| :target: https://odoo-community.org | ||
|
|
||
| OCA, or the Odoo Community Association, is a nonprofit organization whose | ||
| mission is to support the collaborative development of Odoo features and | ||
| promote its widespread use. | ||
|
|
||
| .. |maintainer-FranzPoize| image:: https://github.com/FranzPoize.png?size=40px | ||
| :target: https://github.com/FranzPoize | ||
| :alt: FranzPoize | ||
| .. |maintainer-bealdav| image:: https://github.com/bealdav.png?size=40px | ||
| :target: https://github.com/bealdav | ||
| :alt: bealdav | ||
|
|
||
| Current `maintainers <https://odoo-community.org/page/maintainer-role>`__: | ||
|
|
||
| |maintainer-FranzPoize| |maintainer-bealdav| | ||
|
|
||
| This module is part of the `OCA/server-backend <https://github.com/OCA/server-backend/tree/16.0/base_group_backend>`_ project on GitHub. | ||
|
|
||
| You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| from . import models | ||
| from . import demo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| # Copyright 2021 Pierre Verkest <[email protected]> | ||
| # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html). | ||
| { | ||
| "name": "Group backend", | ||
| "version": "16.0.1.0.0", | ||
| "development_status": "Alpha", | ||
| "category": "Tools", | ||
| "author": "Pierre Verkest, Odoo Community Association (OCA)", | ||
| "license": "LGPL-3", | ||
| "website": "https://github.com/OCA/server-backend", | ||
| "depends": [ | ||
| "base", | ||
| "base_install_request", # weird module, we need to survive with it | ||
| "mail", | ||
| ], | ||
| "maintainers": ["FranzPoize", "bealdav"], | ||
| "demo": [ | ||
| "demo/test-model.xml", | ||
| "demo/ir.model.access.csv", | ||
| "demo/backend_dummy_model.xml", | ||
| "demo/res_partners.xml", | ||
| "demo/res_users.xml", | ||
| ], | ||
| "data": [ | ||
| "data/res_groups.xml", | ||
| "data/ir_ui_menu.xml", | ||
| "security/ir.model.access.csv", | ||
| ], | ||
| "installable": True, | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| <odoo> | ||
|
|
||
| <record model="ir.ui.menu" id="base.menu_management"> | ||
| <!-- Allow to avoid to display App menu for backend users --> | ||
| <field name="groups_id" eval="[(4, ref('base.group_user'), 0)]" /> | ||
| </record> | ||
|
|
||
| </odoo> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| <odoo> | ||
|
|
||
| <record model="res.groups" id="base_group_backend"> | ||
| <field name="name">Backend user</field> | ||
| <field name="category_id" ref="base.module_category_user_type" /> | ||
| <field name="comment"> | ||
| This group is used to gives user backend access. | ||
|
|
||
| While users in `base.group_user` gets a lot of default access | ||
| which makes hard to define properly records/rules/menu access. | ||
|
|
||
| So for maintainability you shouldn't linked any access right, rules, | ||
| menu, and so on to this group directly. | ||
|
|
||
| The only intent of this groups is to be able to get a session | ||
| to Odoo backend (`/web`). | ||
| </field> | ||
| </record> | ||
|
|
||
| <record model="res.groups" id="group_backend_ui_users"> | ||
| <field name="name">Backend UI user</field> | ||
| <field name="category_id" ref="base.module_category_user_type" /> | ||
| <field name="comment"> | ||
| This group is used to gives user basic ui access. | ||
| </field> | ||
| <field | ||
| name="rule_groups" | ||
| eval="[ | ||
| (6, 0,[ | ||
| ref('base.ir_default_user_rule'), | ||
| ref('base.ir_filters_delete_own_rule'), | ||
| ref('base.ir_filters_employee_rule'), | ||
| ref('base.res_company_rule_employee'), | ||
| ref('mail.ir_rule_mail_notifications_group_user'), | ||
| ref('mail.ir_rule_mail_channel_member_group_user'), | ||
| ref('mail.mail_activity_rule_user'), | ||
| ref('mail.mail_channel_rule'), | ||
| ]), | ||
| ]" | ||
| /> | ||
| </record> | ||
|
|
||
| </odoo> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| from odoo.tools import config | ||
|
|
||
| if not config["without_demo"]: | ||
| from . import backend_dummy_model |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| from odoo import fields, models | ||
|
|
||
|
|
||
| class BackendDummyModel(models.Model): | ||
| _name = "backend.dummy.model" | ||
| _description = "Backend Dummy Model demo" | ||
|
|
||
| my_value = fields.Char(name="Value", required=True) | ||
| my_other_value = fields.Char(name="Other value", required=True) | ||
| date_start = fields.Datetime( | ||
| name="Date start", required=True, default=fields.Datetime.now | ||
| ) | ||
| date_stop = fields.Datetime( | ||
| name="Date stop", required=True, default=fields.Datetime.now | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| <?xml version="1.0" encoding="utf-8" ?> | ||
| <odoo noupdate="1"> | ||
| <record id="backend_dummy_model_tree_view" model="ir.ui.view"> | ||
| <field name="name">Backend dummy tree view</field> | ||
| <field name="model">backend.dummy.model</field> | ||
| <field name="arch" type="xml"> | ||
| <tree create="false" delete="false"> | ||
| <field name="my_value" /> | ||
| <field name="my_other_value" groups="base.group_user" /> | ||
| </tree> | ||
| </field> | ||
| </record> | ||
|
|
||
| <record id="action_dummy_list" model="ir.actions.act_window"> | ||
| <field name="name">Dummies</field> | ||
| <field name="type">ir.actions.act_window</field> | ||
| <field name="res_model">backend.dummy.model</field> | ||
| <field name="view_mode">tree,form,kanban,calendar,pivot,graph,activity</field> | ||
| <field name="view_id" ref="backend_dummy_model_tree_view" /> | ||
| </record> | ||
|
|
||
| <menuitem | ||
| id="menu_dummy_root" | ||
| name="Dummy" | ||
| sequence="100" | ||
| groups="group_backend_ui_users,base.group_user" | ||
| /> | ||
| <menuitem | ||
| id="menu_dummy_menu" | ||
| name="Dummy" | ||
| sequence="10" | ||
| groups="group_backend_ui_users,base.group_user" | ||
| parent="menu_dummy_root" | ||
| /> | ||
| <menuitem | ||
| id="menu_dummy_list" | ||
| name="Dummy list" | ||
| sequence="100" | ||
| groups="group_backend_ui_users,base.group_user" | ||
| parent="menu_dummy_root" | ||
| action="action_dummy_list" | ||
| /> | ||
|
|
||
| </odoo> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| "id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink" | ||
| "backend_dummy_models","backend dummy.model","model_backend_dummy_model",group_backend_ui_users,1,0,0,0 | ||
| "backend_dummy_models_user_grp","backend dummy.model user grp","model_backend_dummy_model",base.group_user,1,0,0,0 |
Oops, something went wrong.