[ADD][12.0] base_user_role_profile: Add to 12.0

fixup! Logic and permissions fixes, new demo module, changes JS-side that reloads in a cleaner way on profile change

fixup! removed unused imports, beautified JS

fixup! Test coverage increase

[FIX] Use write instead of assignment operator on create function: assignment on multiple records raises error

fixup! Removed leftover copyright

Apply suggestions from code review

Co-Authored-By: David Beal <david.beal@akretion.com>

base_user_role_profile_example/README.rst

@@ -0,0 +1,73 @@
+=============
+User profiles
+=============
+
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-oca%2Fserver--backend-lightgray.png?logo=github
+    :target: https://github.com/oca/server-backend/tree/12.0/base_user_role_profile
+    :alt: oca/server-backend
+
+|badge1| |badge2| |badge3| 
+
+Extending the base_user_role module, this one adds the notion of profiles. Effectively profiles act as an additional filter to how the roles are used. Through the new widget, much in the same way that a user can switch companies when they are part of the multi company group, users have the possibility to change profiles when they are part of the multi profiles group.
+
+This allows users to switch their permission groups dynamically. This can be useful for example to:
+ - finer grain control on menu and model permissions (with record rules this becomes very flexible)
+ - break down complicated menus into simpler ones
+ - easily restrict users accidentally editing or creating records in O2M fields and in general misusing the interface, instead of excessively explaining things to them
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+Go to Configuration / Users / Profiles and create a profile. Go to Configuration / Users / Roles and define some role lines with profiles.
+
+Usage
+=====
+
+Once you have set up at least one profile for a user, use the widget in the top bar to switch user profiles. Note that it is possible to use no profile; in this case, the user will only get the roles that always apply (i.e the ones with no profile_id).
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/oca/server-backend/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/oca/server-backend/issues/new?body=module:%20base_user_role_profile%0Aversion:%2012.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Akretion
+
+Contributors
+~~~~~~~~~~~~
+
+* Kevin Khao <kevin.khao@akretion.com>
+* Sébastien Beau <sebastien.beau@akretion.com>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is part of the `oca/server-backend <https://github.com/oca/server-backend/tree/12.0/base_user_role_profile>`_ project on GitHub.
+
+You are welcome to contribute.

base_user_role_profile_example/__manifest__.py

@@ -0,0 +1,20 @@
+# Copyright 2014 ABF OSIELL <http://osiell.com>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "User profiles example",
+    "version": "12.0.1.0.0",
+    "category": "Tools",
+    "author": "Akretion, Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "website": "https://github.com/OCA/server-backend",
+    "depends": [
+        "base_user_role_profile",
+        "purchase",
+        "sales_team",
+        "sale_management",
+        "hr",
+    ],
+    "demo": ["demo/demo.xml"],
+    "installable": True,
+}

base_user_role_profile_example/demo/demo.xml

@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<odoo>
+    <record id="demo_profile_company" model="res.company">
+        <field name="name">Company, The Second</field>
+    </record>
+
+    <!--Profiles-->
+    <!--Merchant: Purchase and/or Sales-->
+    <record id="demo_profile_1" model="res.users.profile">
+        <field name="name">Merchant Profile</field>
+    </record>
+    <record id="demo_profile_2" model="res.users.profile">
+        <field name="name">HR profile</field>
+    </record>
+    <record id="demo_profile_3" model="res.users.profile">
+        <field name="name">ERP Settings profile</field>
+    </record>
+
+    <!--Roles-->
+    <record id="role_purchaser" model="res.users.role">
+        <field name="name">Role 1: Purchaser permissions</field>
+        <field name="implied_ids" eval="[
+                (6, 0, [ref('purchase.group_purchase_manager'), ref('base.group_user'), ref('base.group_multi_company')])
+            ]"/>
+        <field name="profile_id" eval="ref('base_user_role_profile_example.demo_profile_1')"/>
+    </record>
+    <record id="role_sale" model="res.users.role">
+        <field name="name">Role 2: Sales permissions</field>
+        <field name="implied_ids" eval="[
+                (6, 0, [ref('sales_team.group_sale_manager'), ref('base.group_user'), ref('base.group_multi_company')])
+            ]"/>
+        <field name="profile_id" eval="ref('base_user_role_profile_example.demo_profile_1')"/>
+    </record>
+    <record id="role_erp_manager" model="res.users.role">
+        <field name="name">Role 3: System permissions</field>
+        <field name="implied_ids" eval="[
+                (6, 0, [ref('base.group_erp_manager'), ref('base.group_user'), ref('base.group_multi_company')])
+            ]"/>
+        <field name="profile_id" eval="ref('base_user_role_profile_example.demo_profile_3')"/>
+    </record>
+    <record id="role_hr_manager" model="res.users.role">
+        <field name="name">Role 4: HR permissions</field>
+        <field name="implied_ids" eval="[
+                (6, 0, [ref('hr.group_hr_manager'), ref('base.group_user'), ref('base.group_multi_company')])
+            ]"/>
+        <field name="profile_id" eval="ref('base_user_role_profile_example.demo_profile_2')"/>
+    </record>
+
+    <!--Role lines-->
+    <record id="role_line_1" model="res.users.role.line">
+        <field name="role_id" eval="ref('base_user_role_profile_example.role_purchaser')"/>
+        <field name="user_id" eval="ref('base.user_demo')"/>
+        <field name="company_id" eval="ref('base.main_company')"/>
+    </record>
+    <record id="role_line_2" model="res.users.role.line">
+        <field name="role_id" eval="ref('base_user_role_profile_example.role_sale')"/>
+        <field name="user_id" eval="ref('base.user_demo')"/>
+        <field name="company_id" eval="ref('base.main_company')"/>
+    </record>
+    <record id="role_line_3" model="res.users.role.line">
+        <field name="role_id" eval="ref('base_user_role_profile_example.role_hr_manager')"/>
+        <field name="user_id" eval="ref('base.user_demo')"/>
+        <field name="company_id" eval="ref('base.main_company')"/>
+    </record>
+    <record id="role_line_4" model="res.users.role.line">
+        <field name="role_id" eval="ref('base_user_role_profile_example.role_sale')"/>
+        <field name="user_id" eval="ref('base.user_demo')"/>
+        <field name="company_id" eval="ref('base_user_role_profile_example.demo_profile_company')"/>
+    </record>
+    <record id="role_line_5" model="res.users.role.line">
+        <field name="role_id" eval="ref('base_user_role_profile_example.role_hr_manager')"/>
+        <field name="user_id" eval="ref('base.user_demo')"/>
+        <field name="company_id" eval="ref('base_user_role_profile_example.demo_profile_company')"/>
+    </record>
+    <record id="role_line_6" model="res.users.role.line">
+        <field name="role_id" eval="ref('base_user_role_profile_example.role_erp_manager')"/>
+        <field name="user_id" eval="ref('base.user_demo')"/>
+        <field name="company_id" eval="ref('base_user_role_profile_example.demo_profile_company')"/>
+    </record>
+
+    <!--Demo user-->
+    <record id="base.user_demo" model="res.users">
+        <field name="role_line_ids"
+               eval="[
+               (4, ref('base_user_role_profile_example.role_line_1'), 0),
+               (4, ref('base_user_role_profile_example.role_line_2'), 0),
+               (4, ref('base_user_role_profile_example.role_line_3'), 0),
+               (4, ref('base_user_role_profile_example.role_line_4'), 0),
+               (4, ref('base_user_role_profile_example.role_line_5'), 0),
+               (4, ref('base_user_role_profile_example.role_line_6'), 0),
+               ]"/>
+        <field name="company_ids" eval="[(4, ref('base_user_role_profile_example.demo_profile_company'), 0)]"/>
+    </record>
+</odoo>

base_user_role_profile_example/readme/CONFIGURE.rst

@@ -0,0 +1 @@
+Nothing to configure, just check the demo user.

base_user_role_profile_example/readme/CONTRIBUTORS.rst

@@ -0,0 +1,2 @@
+* Kevin Khao <kevin.khao@akretion.com>
+* Sébastien Beau <sebastien.beau@akretion.com>

base_user_role_profile_example/readme/DESCRIPTION.rst

@@ -0,0 +1,2 @@
+This shows an example of base_user_role_profile in use.
+

base_user_role_profile_example/readme/USAGE.rst

@@ -0,0 +1,12 @@
+Log in as the demo user, and observe on the upper right of the screen the widgets for profile selection and company selection.
+Use the widgets to manipulate user profile and companies for dynamic permissions/roles editing.
+
+Note: "Merchant Profile" means the user is interested in sales and purchases, and thus has access only to those menus. Note that through configuration of roles and role lines, a merchant can be a sales user AND a purchase user in one company, or just a sales user (NOT a purchase user) in another company.
+
+Here is a walkthrough:
+
+* Demo user starts in "YourCompany" company. Observe permissions and access to the root menus for sales and purchases.
+* Switch profile to HR profile, which gives access only to HR permissions. Observe that you can create new employees.
+* Switch company to "Company, The Second". Observe the menu has been reset, profile options have changed, one has been picked automatically from the available ones.
+* Switch profile to "Merchant Profile". Observe that for this company, you can only access Sales, because only a Sales role line has been defined for this company and user.
+* Switch profile to "ERP Settings profile". Observe that as expected you have ERP manager permissions.