diff --git a/base_user_role_company/README.rst b/base_user_role_company/README.rst new file mode 100644 index 000000000..184839e31 --- /dev/null +++ b/base_user_role_company/README.rst @@ -0,0 +1,135 @@ +===================== +User roles by company +===================== + +.. + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! This file is generated by oca-gen-addon-readme !! + !! changes will be overwritten. !! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! source digest: sha256:3b8bc6ff8f0969332ac9de6043d82b9d25601b8efd62d8546e6a7c661e91036d + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png + :target: https://odoo-community.org/page/development-status + :alt: Beta +.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 +.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github + :target: https://github.com/OCA/server-backend/tree/18.0/base_user_role_company + :alt: OCA/server-backend +.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png + :target: https://translation.odoo-community.org/projects/server-backend-18-0/server-backend-18-0-base_user_role_company + :alt: Translate me on Weblate +.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png + :target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=18.0 + :alt: Try me on Runboat + +|badge1| |badge2| |badge3| |badge4| |badge5| + +Enable User Roles depending on the Companies selected. + +A company specific Role will only be enabled if it is set for **all** +the currently selected companies. + +For example, if a user is "Sales Manager" only for Company A, it will +see that role enabled only if Company A is selected. If the user selects +Company A and Company B, then the "Sales Manager" role won't be enabled. + +**Table of contents** + +.. contents:: + :local: + +Configuration +============= + +Roles are set on the User form. + +The "Company" additional column allows to set a Role as only valid for +specific companies. + +There is also a "Active Role" techincal field, only visible in developer +mode. It shows what roles are active, after applying the company +selection rules. + +Usage +===== + +Select the active companies from the web client widget, near the top +right corner. When doing so, the User's security Groups are recomputed, +based on the Roles. + +When the user changes the company selection, only the groups available +to all active companies will be activated. + +For example: + +- A "SALES PERSON" and a "SALES MANAGER" roles are created. + +- A user is assigned to the roles: + + - "SALES PERSON", with no specific company assigned (meaning all) + - "SALES MANAGER" only to "My Company (Chicago)" + +- When selecting active companies from the UI widget: + + - If only "My Company (San Francisco)" is active, "SALES PERSON" + will be active. + - If only "My Company (Chicago)" is active, "SALES PERSON" and + "SALES MANAGER" will be active. + - If both "My Company (San Francisco)" and "My Company (Chicago)" is + active, "SALES PERSON" will be active. + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +`feedback `_. + +Do not contact contributors directly about support or help with technical issues. + +Credits +======= + +Authors +------- + +* Open Source Integrators + +Contributors +------------ + +`Open Source Integrators `__ + + - Daniel Reis + - Chandresh Thakkar + - Urvisha Desai + +`WeSolved `__ + + - Robin Conjour + +`Dynapps `__ + + - Bert Van Groenendael + +Maintainers +----------- + +This module is maintained by the OCA. + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +This module is part of the `OCA/server-backend `_ project on GitHub. + +You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/base_user_role_company/__init__.py b/base_user_role_company/__init__.py new file mode 100644 index 000000000..efc2a3f33 --- /dev/null +++ b/base_user_role_company/__init__.py @@ -0,0 +1,5 @@ +# Copyright (C) 2021 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +from . import controllers +from . import models diff --git a/base_user_role_company/__manifest__.py b/base_user_role_company/__manifest__.py new file mode 100644 index 000000000..f2340b0d0 --- /dev/null +++ b/base_user_role_company/__manifest__.py @@ -0,0 +1,20 @@ +# Copyright (C) 2021 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +{ + "name": "User roles by company", + "version": "18.0.1.0.0", + "category": "Tools", + "author": "Open Source Integrators, Odoo Community Association (OCA)", + "license": "AGPL-3", + "website": "https://github.com/OCA/server-backend", + "depends": ["base_user_role"], + "data": [ + "views/role.xml", + "views/user.xml", + ], + "installable": True, + "auto_install": True, + "maintainer": "dreispt", + "development_status": "Beta", +} diff --git a/base_user_role_company/controllers/__init__.py b/base_user_role_company/controllers/__init__.py new file mode 100644 index 000000000..12a7e529b --- /dev/null +++ b/base_user_role_company/controllers/__init__.py @@ -0,0 +1 @@ +from . import main diff --git a/base_user_role_company/controllers/main.py b/base_user_role_company/controllers/main.py new file mode 100644 index 000000000..7e75d6954 --- /dev/null +++ b/base_user_role_company/controllers/main.py @@ -0,0 +1,16 @@ +# Copyright (C) 2022 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +from odoo import http + +from odoo.addons.web.controllers.home import Home + + +class HomeExtended(Home): + @http.route() + def web_load_menus(self, unique): + response = super().web_load_menus(unique) + # On logout & re-login we could see wrong menus being rendered + # To avoid this, menu http cache must be disabled + response.headers.remove("Cache-Control") + return response diff --git a/base_user_role_company/i18n/base_user_role_company.pot b/base_user_role_company/i18n/base_user_role_company.pot new file mode 100644 index 000000000..828370c9a --- /dev/null +++ b/base_user_role_company/i18n/base_user_role_company.pot @@ -0,0 +1,58 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * base_user_role_company +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 17.0\n" +"Report-Msgid-Bugs-To: \n" +"Last-Translator: \n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: \n" + +#. module: base_user_role_company +#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__allowed_company_ids +msgid "Companies" +msgstr "" + +#. module: base_user_role_company +#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__company_id +msgid "Company" +msgstr "" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_ir_http +msgid "HTTP Routing" +msgstr "" + +#. module: base_user_role_company +#: model:ir.model.fields,help:base_user_role_company.field_res_users_role_line__company_id +msgid "" +"If set, this role only applies when this is the main company selected. " +"Otherwise it applies to all companies." +msgstr "" + +#. module: base_user_role_company +#: model:ir.model.constraint,message:base_user_role_company.constraint_res_users_role_line_user_role_uniq +msgid "Roles can be assigned to a user only once at a time" +msgstr "" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_res_users +msgid "User" +msgstr "" + +#. module: base_user_role_company +#. odoo-python +#: code:addons/base_user_role_company/models/role.py:0 +#, python-format +msgid "User \"%(user)s\" does not have access to the company \"%(company)s\"" +msgstr "" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_res_users_role_line +msgid "Users associated to a role" +msgstr "" diff --git a/base_user_role_company/i18n/es.po b/base_user_role_company/i18n/es.po new file mode 100644 index 000000000..449ba51ab --- /dev/null +++ b/base_user_role_company/i18n/es.po @@ -0,0 +1,67 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * base_user_role_company +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 16.0\n" +"Report-Msgid-Bugs-To: \n" +"PO-Revision-Date: 2023-11-08 14:36+0000\n" +"Last-Translator: Ivorra78 \n" +"Language-Team: none\n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.17\n" + +#. module: base_user_role_company +#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__allowed_company_ids +msgid "Companies" +msgstr "Compañías" + +#. module: base_user_role_company +#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__company_id +msgid "Company" +msgstr "Compañía" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_ir_http +msgid "HTTP Routing" +msgstr "Enrutamiento HTTP" + +#. module: base_user_role_company +#: model:ir.model.fields,help:base_user_role_company.field_res_users_role_line__company_id +msgid "" +"If set, this role only applies when this is the main company selected. " +"Otherwise it applies to all companies." +msgstr "" +"Si se establece, este rol sólo se aplica cuando ésta es la compañía " +"principal seleccionada. De lo contrario, se aplica a todas las compañías." + +#. module: base_user_role_company +#: model:ir.model.constraint,message:base_user_role_company.constraint_res_users_role_line_user_role_uniq +msgid "Roles can be assigned to a user only once at a time" +msgstr "Las funciones sólo pueden asignarse a un usuario una vez cada vez" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_res_users +msgid "User" +msgstr "Usuario" + +#. module: base_user_role_company +#. odoo-python +#: code:addons/base_user_role_company/models/role.py:0 +#, python-format +msgid "User \"%(user)s\" does not have access to the company \"%(company)s\"" +msgstr "El usuario \"%(user)s\" no tiene acceso a la empresa \"%(company)s\"" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_res_users_role_line +msgid "Users associated to a role" +msgstr "Usuarios asociados a un papel" + +#, python-format +#~ msgid "User \"{}\" does not have access to the company \"{}\"" +#~ msgstr "Usuario \"{}\" no tiene acceso a la compañía \"{}\"" diff --git a/base_user_role_company/i18n/it.po b/base_user_role_company/i18n/it.po new file mode 100644 index 000000000..26a5fcfba --- /dev/null +++ b/base_user_role_company/i18n/it.po @@ -0,0 +1,82 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * base_user_role_company +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 14.0\n" +"Report-Msgid-Bugs-To: \n" +"PO-Revision-Date: 2024-01-03 14:33+0000\n" +"Last-Translator: mymage \n" +"Language-Team: none\n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.17\n" + +#. module: base_user_role_company +#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__allowed_company_ids +msgid "Companies" +msgstr "Aziende" + +#. module: base_user_role_company +#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__company_id +msgid "Company" +msgstr "Azienda" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_ir_http +msgid "HTTP Routing" +msgstr "Instradamento HTTP" + +#. module: base_user_role_company +#: model:ir.model.fields,help:base_user_role_company.field_res_users_role_line__company_id +msgid "" +"If set, this role only applies when this is the main company selected. " +"Otherwise it applies to all companies." +msgstr "" +"Se impostato, questo ruolo si applica solo quando questa è l'azienda " +"principale selezionata. Altrimenti vale per tutte le aziende." + +#. module: base_user_role_company +#: model:ir.model.constraint,message:base_user_role_company.constraint_res_users_role_line_user_role_uniq +msgid "Roles can be assigned to a user only once at a time" +msgstr "I ruoli possono essere assegnati all'utente solo uno alla volta" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_res_users +msgid "User" +msgstr "Utente" + +#. module: base_user_role_company +#. odoo-python +#: code:addons/base_user_role_company/models/role.py:0 +#, python-format +msgid "User \"%(user)s\" does not have access to the company \"%(company)s\"" +msgstr "L'utente \"%(user)s\" non ha accesso all'azienda \"%(company)s\"" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_res_users_role_line +msgid "Users associated to a role" +msgstr "Utenti associati al ruolo" + +#, python-format +#~ msgid "User \"{}\" does not have access to the company \"{}\"" +#~ msgstr "L'utente \"{}\" non ha l'accesso all'azienda \"{}\"" + +#~ msgid "Display Name" +#~ msgstr "Nome visualizzato" + +#~ msgid "ID" +#~ msgstr "ID" + +#~ msgid "Last Modified on" +#~ msgstr "Ultima modifica il" + +#~ msgid "Users" +#~ msgstr "Utenti" + +#~ msgid "Active Role" +#~ msgstr "Ruolo attivo" diff --git a/base_user_role_company/i18n/pt.po b/base_user_role_company/i18n/pt.po new file mode 100644 index 000000000..f0761ca21 --- /dev/null +++ b/base_user_role_company/i18n/pt.po @@ -0,0 +1,67 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * base_user_role_company +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 16.0\n" +"Report-Msgid-Bugs-To: \n" +"PO-Revision-Date: 2023-08-31 10:35+0000\n" +"Last-Translator: Pedro Castro Silva \n" +"Language-Team: none\n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: nplurals=2; plural=n > 1;\n" +"X-Generator: Weblate 4.17\n" + +#. module: base_user_role_company +#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__allowed_company_ids +msgid "Companies" +msgstr "Empresas" + +#. module: base_user_role_company +#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__company_id +msgid "Company" +msgstr "Empresa" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_ir_http +msgid "HTTP Routing" +msgstr "Encaminhamento HTTP" + +#. module: base_user_role_company +#: model:ir.model.fields,help:base_user_role_company.field_res_users_role_line__company_id +msgid "" +"If set, this role only applies when this is the main company selected. " +"Otherwise it applies to all companies." +msgstr "" +"Se atribuída, esta função será aplicada apenas quando esta é a empresa " +"principal selecionada. Caso contrário, aplicar-se-á a todas as empresas." + +#. module: base_user_role_company +#: model:ir.model.constraint,message:base_user_role_company.constraint_res_users_role_line_user_role_uniq +msgid "Roles can be assigned to a user only once at a time" +msgstr "As funções podem ser atribuídas a um utilizador apenas uma vez" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_res_users +msgid "User" +msgstr "Utilizador" + +#. module: base_user_role_company +#. odoo-python +#: code:addons/base_user_role_company/models/role.py:0 +#, python-format +msgid "User \"%(user)s\" does not have access to the company \"%(company)s\"" +msgstr "" + +#. module: base_user_role_company +#: model:ir.model,name:base_user_role_company.model_res_users_role_line +msgid "Users associated to a role" +msgstr "Utilizadores associados a uma função" + +#, python-format +#~ msgid "User \"{}\" does not have access to the company \"{}\"" +#~ msgstr "O utilizador \"{}\" não tem acesso à empresa \"{}\"" diff --git a/base_user_role_company/models/__init__.py b/base_user_role_company/models/__init__.py new file mode 100644 index 000000000..32004dfac --- /dev/null +++ b/base_user_role_company/models/__init__.py @@ -0,0 +1,6 @@ +# Copyright (C) 2021 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +from . import role +from . import user +from . import ir_http diff --git a/base_user_role_company/models/ir_http.py b/base_user_role_company/models/ir_http.py new file mode 100644 index 000000000..2bdbddbf8 --- /dev/null +++ b/base_user_role_company/models/ir_http.py @@ -0,0 +1,22 @@ +# Copyright (C) 2021 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +from odoo import models +from odoo.http import request + + +class IrHttp(models.AbstractModel): + _inherit = "ir.http" + + def session_info(self): + """ + Based on the selected companies (cids), + calculate the roles to enable. + A role should be enabled only when it applies to all selected companies. + """ + result = super().session_info() + if self.env.user.role_line_ids: + cids_str = request.httprequest.cookies.get("cids", str(self.env.company.id)) + cids = [int(cid) for cid in cids_str.split(",")] + self.env.user.with_context(active_company_ids=cids).set_groups_from_roles() + return result diff --git a/base_user_role_company/models/role.py b/base_user_role_company/models/role.py new file mode 100644 index 000000000..06a8df328 --- /dev/null +++ b/base_user_role_company/models/role.py @@ -0,0 +1,42 @@ +# Copyright (C) 2021 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +from odoo import _, api, fields, models +from odoo.exceptions import ValidationError + + +class ResUsersRoleLine(models.Model): + _inherit = "res.users.role.line" + + allowed_company_ids = fields.Many2many(related="user_id.company_ids") + company_id = fields.Many2one( + "res.company", + "Company", + domain="[('id', 'in', allowed_company_ids)]", + help="If set, this role only applies when this is the main company selected." + " Otherwise it applies to all companies.", + ) + + @api.constrains("user_id", "company_id") + def _check_company(self): + for record in self: + if ( + record.company_id + and record.company_id != record.user_id.company_id + and record.company_id not in record.user_id.company_ids + ): + raise ValidationError( + _( + 'User "%(user)s" does not have access to the company ' + '"%(company)s"' + ) + % {"user": record.user_id.name, "company": record.company_id.name} + ) + + _sql_constraints = [ + ( + "user_role_uniq", + "unique (user_id,role_id,company_id)", + "Roles can be assigned to a user only once at a time", + ) + ] diff --git a/base_user_role_company/models/user.py b/base_user_role_company/models/user.py new file mode 100644 index 000000000..38a84af6d --- /dev/null +++ b/base_user_role_company/models/user.py @@ -0,0 +1,41 @@ +# Copyright (C) 2021 Open Source Integrators +# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). + +from odoo import api, models + + +class ResUsers(models.Model): + _inherit = "res.users" + + @classmethod + def authenticate(cls, db, credential, user_agent_env): + auth_info = super().authenticate(db, credential, user_agent_env) + # On login, ensure the proper roles are applied + # The last Role applied may not be the correct one, + # sonce the new session current company can be different + with cls.pool.cursor() as cr: + env = api.Environment(cr, auth_info["uid"], {}) + if env.user.role_line_ids: + env.user.set_groups_from_roles() + return auth_info + + def _get_enabled_roles(self): + res = super()._get_enabled_roles() + if self.role_line_ids: + active_roles = self.env["res.users.role.line"] + if self.env.context.get("active_company_ids"): + company_ids = self.env.context.get("active_company_ids") + else: + company_ids = self.company_id.ids + for role_line in self.role_line_ids: + if not role_line.company_id: + active_roles |= role_line + elif role_line.company_id.id in company_ids: + role_line_companies = self.role_line_ids.filtered( + lambda x, rl=role_line: x.role_id == rl.role_id + and x.company_id.id in company_ids + ) + if len(role_line_companies) == len(company_ids): + active_roles |= role_line + return active_roles + return res diff --git a/base_user_role_company/pyproject.toml b/base_user_role_company/pyproject.toml new file mode 100644 index 000000000..4231d0ccc --- /dev/null +++ b/base_user_role_company/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["whool"] +build-backend = "whool.buildapi" diff --git a/base_user_role_company/readme/CONFIGURE.md b/base_user_role_company/readme/CONFIGURE.md new file mode 100644 index 000000000..ae04da435 --- /dev/null +++ b/base_user_role_company/readme/CONFIGURE.md @@ -0,0 +1,8 @@ +Roles are set on the User form. + +The "Company" additional column allows to set a Role as only valid for +specific companies. + +There is also a "Active Role" techincal field, only visible in developer +mode. It shows what roles are active, after applying the company +selection rules. diff --git a/base_user_role_company/readme/CONTRIBUTORS.md b/base_user_role_company/readme/CONTRIBUTORS.md new file mode 100644 index 000000000..62de1987e --- /dev/null +++ b/base_user_role_company/readme/CONTRIBUTORS.md @@ -0,0 +1,13 @@ +[Open Source Integrators](http://opensourceintegrators.com) + +> - Daniel Reis \<\> +> - Chandresh Thakkar \<\> +> - Urvisha Desai \<\> + +[WeSolved](http://wesolved.com) + +> - Robin Conjour \<\> + +[Dynapps](http://dynapps.eu) + +> - Bert Van Groenendael \<\> diff --git a/base_user_role_company/readme/DESCRIPTION.md b/base_user_role_company/readme/DESCRIPTION.md new file mode 100644 index 000000000..2f93eb4b0 --- /dev/null +++ b/base_user_role_company/readme/DESCRIPTION.md @@ -0,0 +1,8 @@ +Enable User Roles depending on the Companies selected. + +A company specific Role will only be enabled if it is set for **all** +the currently selected companies. + +For example, if a user is "Sales Manager" only for Company A, it will +see that role enabled only if Company A is selected. If the user selects +Company A and Company B, then the "Sales Manager" role won't be enabled. diff --git a/base_user_role_company/readme/USAGE.md b/base_user_role_company/readme/USAGE.md new file mode 100644 index 000000000..37769b5da --- /dev/null +++ b/base_user_role_company/readme/USAGE.md @@ -0,0 +1,22 @@ +Select the active companies from the web client widget, near the top +right corner. When doing so, the User's security Groups are recomputed, +based on the Roles. + +When the user changes the company selection, only the groups available +to all active companies will be activated. + +For example: + +- A "SALES PERSON" and a "SALES MANAGER" roles are created. + +- A user is assigned to the roles: + - "SALES PERSON", with no specific company assigned (meaning all) + - "SALES MANAGER" only to "My Company (Chicago)" + +- When selecting active companies from the UI widget: + - If only "My Company (San Francisco)" is active, "SALES PERSON" will + be active. + - If only "My Company (Chicago)" is active, "SALES PERSON" and "SALES + MANAGER" will be active. + - If both "My Company (San Francisco)" and "My Company (Chicago)" is + active, "SALES PERSON" will be active. diff --git a/base_user_role_company/static/description/icon.png b/base_user_role_company/static/description/icon.png new file mode 100644 index 000000000..3a0328b51 Binary files /dev/null and b/base_user_role_company/static/description/icon.png differ diff --git a/base_user_role_company/static/description/index.html b/base_user_role_company/static/description/index.html new file mode 100644 index 000000000..836d5dc80 --- /dev/null +++ b/base_user_role_company/static/description/index.html @@ -0,0 +1,482 @@ + + + + + +User roles by company + + + +
+

User roles by company

+ + +

Beta License: AGPL-3 OCA/server-backend Translate me on Weblate Try me on Runboat

+

Enable User Roles depending on the Companies selected.

+

A company specific Role will only be enabled if it is set for all +the currently selected companies.

+

For example, if a user is “Sales Manager” only for Company A, it will +see that role enabled only if Company A is selected. If the user selects +Company A and Company B, then the “Sales Manager” role won’t be enabled.

+

Table of contents

+ +
+

Configuration

+

Roles are set on the User form.

+

The “Company” additional column allows to set a Role as only valid for +specific companies.

+

There is also a “Active Role” techincal field, only visible in developer +mode. It shows what roles are active, after applying the company +selection rules.

+
+
+

Usage

+

Select the active companies from the web client widget, near the top +right corner. When doing so, the User’s security Groups are recomputed, +based on the Roles.

+

When the user changes the company selection, only the groups available +to all active companies will be activated.

+

For example:

+
    +
  • A “SALES PERSON” and a “SALES MANAGER” roles are created.
  • +
  • A user is assigned to the roles:
      +
    • “SALES PERSON”, with no specific company assigned (meaning all)
    • +
    • “SALES MANAGER” only to “My Company (Chicago)”
    • +
    +
  • +
  • When selecting active companies from the UI widget:
      +
    • If only “My Company (San Francisco)” is active, “SALES PERSON” +will be active.
    • +
    • If only “My Company (Chicago)” is active, “SALES PERSON” and +“SALES MANAGER” will be active.
    • +
    • If both “My Company (San Francisco)” and “My Company (Chicago)” is +active, “SALES PERSON” will be active.
    • +
    +
  • +
+
+
+

Bug Tracker

+

Bugs are tracked on GitHub Issues. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +feedback.

+

Do not contact contributors directly about support or help with technical issues.

+
+
+

Credits

+
+

Authors

+
    +
  • Open Source Integrators
  • +
+
+
+

Contributors

+

Open Source Integrators

+
+ +
+

WeSolved

+
+ +
+

Dynapps

+
+ +
+
+
+

Maintainers

+

This module is maintained by the OCA.

+ +Odoo Community Association + +

OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use.

+

This module is part of the OCA/server-backend project on GitHub.

+

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

+
+
+
+ + diff --git a/base_user_role_company/tests/__init__.py b/base_user_role_company/tests/__init__.py new file mode 100644 index 000000000..cd7f7833f --- /dev/null +++ b/base_user_role_company/tests/__init__.py @@ -0,0 +1 @@ +from . import test_role_per_company diff --git a/base_user_role_company/tests/test_role_per_company.py b/base_user_role_company/tests/test_role_per_company.py new file mode 100644 index 000000000..98b0c50bb --- /dev/null +++ b/base_user_role_company/tests/test_role_per_company.py @@ -0,0 +1,81 @@ +# Copyright 2021 Open Source Integrators +# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl). + +from odoo.tests.common import TransactionCase + + +class TestUserRoleCompany(TransactionCase): + def setUp(self): + super().setUp() + # COMPANIES + self.Company = self.env["res.company"] + self.company1 = self.env.ref("base.main_company") + self.company2 = self.Company.create({"name": "company2"}) + # GROUPS for roles + self.groupA = self.env.ref("base.group_user") + self.groupB = self.env.ref("base.group_system") + self.groupC = self.env.ref("base.group_partner_manager") + # ROLES + self.Role = self.env["res.users.role"] + self.roleA = self.Role.create({"name": "ROLE All Companies"}) + self.roleA.implied_ids |= self.groupA + self.roleB = self.Role.create({"name": "ROLE Company 1"}) + self.roleB.implied_ids |= self.groupB + self.roleC = self.Role.create({"name": "ROLE Company 1 and 2"}) + self.roleC.implied_ids |= self.groupC + # USER + # ==Role=== ==Company== C1 C2 C1+C2 + # Role A Yes Yes Yes + # Role B Company1 Yes + # Role C Company1 Yes Yes + # Role C Company2 Yes Yes + self.User = self.env["res.users"] + user_vals = { + "name": "ROLES TEST USER", + "login": "test_user", + "company_ids": [(6, 0, [self.company1.id, self.company2.id])], + "role_line_ids": [ + (0, 0, {"role_id": self.roleA.id}), + (0, 0, {"role_id": self.roleB.id, "company_id": self.company1.id}), + (0, 0, {"role_id": self.roleC.id, "company_id": self.company1.id}), + (0, 0, {"role_id": self.roleC.id, "company_id": self.company2.id}), + ], + } + self.test_user = self.User.create(user_vals) + + def test_110_company_1(self): + "Company 1 selected: Roles A, B and C are enabled" + self.test_user.with_context( + active_company_ids=self.company1.ids + ).set_groups_from_roles() + expected = self.groupA | self.groupB | self.groupC + found = self.test_user.groups_id.filtered(lambda x: x in expected) + self.assertEqual(expected, found) + + def test_120_company_2(self): + "Company 2 selected: Roles A and C are enabled" + self.test_user.with_context( + active_company_ids=self.company2.ids + ).set_groups_from_roles() + enabled = self.test_user.groups_id + expected = self.groupA | self.groupC + found = enabled.filtered(lambda x: x in expected) + self.assertEqual(expected, found) + + not_expected = self.groupB + found = enabled.filtered(lambda x: x in not_expected) + self.assertFalse(found) + + def test_130_all_company(self): + "All Company selected: Roles A and C are enabled" + self.test_user.with_context( + active_company_ids=[self.company1.id, self.company2.id] + ).set_groups_from_roles() + enabled = self.test_user.groups_id + expected = self.groupA | self.groupC + found = enabled.filtered(lambda x: x in expected) + self.assertEqual(expected, found) + + not_expected = self.groupB + found = enabled.filtered(lambda x: x in not_expected) + self.assertFalse(found) diff --git a/base_user_role_company/views/role.xml b/base_user_role_company/views/role.xml new file mode 100644 index 000000000..0a0a22e3f --- /dev/null +++ b/base_user_role_company/views/role.xml @@ -0,0 +1,20 @@ + + + + res.users.form.inherit.company + res.users + + + + [] + + + + + + + + diff --git a/base_user_role_company/views/user.xml b/base_user_role_company/views/user.xml new file mode 100644 index 000000000..51b4ea2a9 --- /dev/null +++ b/base_user_role_company/views/user.xml @@ -0,0 +1,18 @@ + + + + + res.users.form.inherit + res.users + + + + + [] + + + + diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 000000000..efd4d1528 --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1 @@ +odoo-addon-base_user_role @ git+https://github.com/OCA/server-backend.git@refs/pull/313/head#subdirectory=base_user_role