From b05b6bb0ddf8ea580bfc84c7e53450336d1e66b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Mombereau?= Date: Tue, 14 Jan 2025 16:37:52 -0300 Subject: [PATCH 1/3] [IMP] base_group_backend: allow read on calendar.event --- base_group_backend/__manifest__.py | 1 + base_group_backend/security/ir.model.access.csv | 2 ++ base_group_backend/static/description/index.html | 12 +++++++----- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/base_group_backend/__manifest__.py b/base_group_backend/__manifest__.py index 6b4af75f..d54b9201 100644 --- a/base_group_backend/__manifest__.py +++ b/base_group_backend/__manifest__.py @@ -12,6 +12,7 @@ "base", "base_install_request", # weird module, we need to survive with it "mail", + "calendar", ], "maintainers": ["FranzPoize", "bealdav"], "demo": [ diff --git a/base_group_backend/security/ir.model.access.csv b/base_group_backend/security/ir.model.access.csv index 1746a239..5f7b6aae 100644 --- a/base_group_backend/security/ir.model.access.csv +++ b/base_group_backend/security/ir.model.access.csv @@ -31,3 +31,5 @@ backend_ui_users_res_partner_industry,backend_ui_users_res_partner_industry,base backend_ui_users_res_users_identitycheck,backend_ui_users_res_users_identitycheck,base.model_res_users_identitycheck,group_backend_ui_users,1,1,1,0 backend_ui_users_res_bank,backend_ui_users_res_bank,base.model_res_bank,group_backend_ui_users,1,0,0,0 backend_ui_users_res_partner_bank,backend_ui_users_res_partner_bank,base.model_res_partner_bank,group_backend_ui_users,1,0,0,0 +backend_ui_users_res_calendar_event,backend_ui_users_res_calendar_event,calendar.model_calendar_event,group_backend_ui_users,1,0,0,0 +backend_ui_users_res_calendar_attendee,backend_ui_users_res_calendar_attendee,calendar.model_calendar_attendee,group_backend_ui_users,1,0,0,0 diff --git a/base_group_backend/static/description/index.html b/base_group_backend/static/description/index.html index bfe6eafd..d85cfc98 100644 --- a/base_group_backend/static/description/index.html +++ b/base_group_backend/static/description/index.html @@ -1,4 +1,3 @@ - @@ -9,10 +8,11 @@ /* :Author: David Goodger (goodger@python.org) -:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $ +:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $ :Copyright: This stylesheet has been placed in the public domain. Default cascading style sheet for the HTML output of Docutils. +Despite the name, some widely supported CSS2 features are used. See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to customize this style sheet. @@ -275,7 +275,7 @@ pre.literal-block, pre.doctest-block, pre.math, pre.code { margin-left: 2em ; margin-right: 2em } -pre.code .ln { color: grey; } /* line numbers */ +pre.code .ln { color: gray; } /* line numbers */ pre.code, code { background-color: #eeeeee } pre.code .comment, code .comment { color: #5C6576 } pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold } @@ -301,7 +301,7 @@ span.option { span.pre { white-space: pre } -span.problematic { +span.problematic, pre.problematic { color: red } span.section-subtitle { @@ -487,7 +487,9 @@ If you spotted it first, help us to smash it by providing a detailed and welcome

Maintainers

This module is maintained by the OCA.

-Odoo Community Association + +Odoo Community Association +

OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.

From 623676d7846c8566d4ca9971d5d045f23cbaa1ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Mombereau?= Date: Wed, 15 Jan 2025 13:28:04 -0300 Subject: [PATCH 2/3] [FIX] avoid display root menus with no defined security groups for Backend UI Users --- base_group_backend/__manifest__.py | 2 -- base_group_backend/data/ir_ui_menu.xml | 8 ------- .../demo/backend_dummy_model.xml | 10 +++++++++ base_group_backend/models/__init__.py | 1 + base_group_backend/models/ir_ui_menu.py | 22 +++++++++++++++++++ base_group_backend/models/res_users.py | 4 ++-- base_group_backend/tests/test_module.py | 11 ++++++++++ 7 files changed, 46 insertions(+), 12 deletions(-) delete mode 100644 base_group_backend/data/ir_ui_menu.xml create mode 100644 base_group_backend/models/ir_ui_menu.py diff --git a/base_group_backend/__manifest__.py b/base_group_backend/__manifest__.py index d54b9201..1b446af0 100644 --- a/base_group_backend/__manifest__.py +++ b/base_group_backend/__manifest__.py @@ -10,7 +10,6 @@ "website": "https://github.com/OCA/server-backend", "depends": [ "base", - "base_install_request", # weird module, we need to survive with it "mail", "calendar", ], @@ -24,7 +23,6 @@ ], "data": [ "data/res_groups.xml", - "data/ir_ui_menu.xml", "security/ir.model.access.csv", ], "installable": True, diff --git a/base_group_backend/data/ir_ui_menu.xml b/base_group_backend/data/ir_ui_menu.xml deleted file mode 100644 index a8a80e10..00000000 --- a/base_group_backend/data/ir_ui_menu.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - diff --git a/base_group_backend/demo/backend_dummy_model.xml b/base_group_backend/demo/backend_dummy_model.xml index ade0d44c..b9fee2a2 100644 --- a/base_group_backend/demo/backend_dummy_model.xml +++ b/base_group_backend/demo/backend_dummy_model.xml @@ -41,4 +41,14 @@ action="action_dummy_list" /> + + + diff --git a/base_group_backend/models/__init__.py b/base_group_backend/models/__init__.py index 88351653..716b818c 100644 --- a/base_group_backend/models/__init__.py +++ b/base_group_backend/models/__init__.py @@ -1 +1,2 @@ from . import res_users +from . import ir_ui_menu diff --git a/base_group_backend/models/ir_ui_menu.py b/base_group_backend/models/ir_ui_menu.py new file mode 100644 index 00000000..db449af5 --- /dev/null +++ b/base_group_backend/models/ir_ui_menu.py @@ -0,0 +1,22 @@ +# Copyright 2024 Akretion +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from odoo import api, models + + +class IrUiMenu(models.Model): + _inherit = "ir.ui.menu" + + @api.model + @api.returns("self") + def get_user_roots(self): + """Avoid to display root menus with no defined groups_id to Backend UI Users + like 'spreadsheet_dashboard.spreadsheet_dashboard_menu_root' + or 'base.menu_management'. + + """ + res = super().get_user_roots() + if self.env.user.has_group("base_group_backend.group_backend_ui_users"): + return res.filtered(lambda m: m.groups_id) + else: + return res diff --git a/base_group_backend/models/res_users.py b/base_group_backend/models/res_users.py index 87a6c248..0fadfc10 100644 --- a/base_group_backend/models/res_users.py +++ b/base_group_backend/models/res_users.py @@ -27,9 +27,9 @@ class Users(models.Model): "base_group_backend.base_group_backend" ) or super().has_group("base_group_backend.group_backend_ui_users") if has_base_group_backend: - _logger.warning( + _logger.debug( "Forcing has_group to return True" - + " for group_backend and base_group_backend_ui_users" + + " for base_group_backend and base_group_backend_ui_users" ) return has_base_group_backend return res diff --git a/base_group_backend/tests/test_module.py b/base_group_backend/tests/test_module.py index ec209805..9c78b297 100644 --- a/base_group_backend/tests/test_module.py +++ b/base_group_backend/tests/test_module.py @@ -12,6 +12,7 @@ class TestResUsers(TransactionCase): cls.portal_ui_user = cls.env.ref( "base_group_backend.user_demo_external_with_ui" ) + cls.menu_no_group = cls.env.ref("base_group_backend.menu_root_no_group") def test_has_groups(self): self.assertTrue(self.internal_user.has_group("base.group_user")) @@ -29,3 +30,13 @@ class TestResUsers(TransactionCase): ) self.assertFalse(self.portal_user.share) self.assertFalse(self.portal_ui_user.share) + + def test_no_roots_menu_with_no_groups(self): + self.assertNotIn( + self.menu_no_group, + self.env["ir.ui.menu"].with_user(self.portal_ui_user).get_user_roots(), + ) + self.assertIn( + self.menu_no_group, + self.env["ir.ui.menu"].with_user(self.internal_user).get_user_roots(), + ) From 0ed04587ebb524a8813563ea5cef8a61d24598c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Mombereau?= Date: Thu, 16 Jan 2025 14:35:21 -0300 Subject: [PATCH 3/3] [IMP] Re-write README --- base_group_backend/README.rst | 81 ++++---------- base_group_backend/readme/CONFIGURE.rst | 9 +- base_group_backend/readme/DESCRIPTION.rst | 55 ++++------ base_group_backend/readme/ROADMAP.rst | 5 - base_group_backend/readme/USAGE.rst | 12 +-- .../static/description/index.html | 102 +++++++----------- 6 files changed, 89 insertions(+), 175 deletions(-) delete mode 100644 base_group_backend/readme/ROADMAP.rst diff --git a/base_group_backend/README.rst b/base_group_backend/README.rst index 71120920..b8b88bf2 100644 --- a/base_group_backend/README.rst +++ b/base_group_backend/README.rst @@ -28,58 +28,39 @@ Group backend |badge1| |badge2| |badge3| |badge4| |badge5| -This module was written to extend the standard functionality regarding users -and groups management by adding a new `Backend user` group that only gives access -to odoo backend (`/web`): +This module adds two "Backend User" groups (``group_backend`` and ``group_backend_ui_users``) with restricted access to odoo backend only (``/web``), with less and more controlled access than the native "Internal User" group. -* minimal default access: - * users and partners (this is necessary to access your own data) - * mail activity, notification and channel - * presence -* minimal default menu - * notification - * activities -* minimal default access rules + The problem with the "Internal User" group (``base.group_user``) is that it can be used by any new module added to your project, so you don't control clearly this group's accesses. -The problem with the `Internal user` is when you want to gives access to the -backend to a really thin part of your business to some users, it's quite hard -to properly maintain those roles over the project life, a lot of models use -that group (`base.group_user`) by default which makes hard to maintains. +The UI access is provided only for ``group_backend_ui_users`` : -So that helps creating well-defined user groups with more controls. +* minimal default access rules to access the user's own data: + * users and partners + * mail activity, notification and channel + * presence +* minimal default menu to restrict the available ones: + * notification + * activities -This modules does 3 things: -* It hijack the has_group method of res.users by returning True for group_backend users when the requested group is group_user (The need for this needs to be investigated) -* It sets the res_users.share to False for group_backend users. This allows those users to access the backend. -* It sets the bare minimum permission in the ir.model.access.csv to display the backend - -We suggest to use this module with its compagnon `base_user_role` - - -Here is an example where a backend ui user can only access and use the dummy app. No other application are available to this user. You may define your own application instead of the dummy one. +Here is an example where a user from ``group_backend_ui_users`` can only access and use the Dummy App. No other application is available to this user (you may define your own application instead of the Dummy one). .. figure:: https://raw.githubusercontent.com/OCA/server-backend/16.0/base_group_backend/static/description/dummy_app.png :alt: Dummy app for demo - +We suggest to use this module with its companion ``base_user_role``. Limitations ~~~~~~~~~~~ -At the time of writing, Odoo uses `res.users.share == False` to give the -backend access. -However to be able to access the backend without any errors some basic rights are necessary. -This module change the way `res.users.share` is computed to allow `group_backend users` to use the backend. +At the time of writing, Odoo uses ``user.share == False`` and ``user.has_group("base.group_user") == True`` to give the backend access to ``user``. -This avoids to write a lot of overwrite in different controllers from -different modules ('portal', 'web', 'base', 'website') with hard coded statements -that check if user is part of the `base.group_user` or `share == False` group. +So technically, the module does 2 things : -.. warning:: +* It sets the ``share`` parameter to ``False`` for ``group_backend`` users. +* It hijacks the ``has_group`` method of res.users by returning ``True`` for ``group_backend`` users when the requested group is ``base.group_user`` - Using this module and grant a user with `group_backend`'s group is - equivalent to grant `group_user`'s group everywhere `has_group` - has been used. + +This avoids to write a lot of overwrite in different controllers from different modules ('portal', 'web', 'base', 'website') with hard coded statements that check if user is part of the ``base.group_user`` or ``share == False`` group. .. IMPORTANT:: This is an alpha version, the data model and design can change at any time without warning. @@ -94,37 +75,21 @@ that check if user is part of the `base.group_user` or `share == False` group. Configuration ============= -To allow `group_backend` to interact with a model you can either add access rules to the group -or you can add `implied_ids` to `group_backend`. +To allow a user from the ``group_backend_ui_users`` group to interact with a specific model you can either add an access rules to this model for ``group_backend_ui_users`` or you can add ``group_backend_ui_users`` to the ``implied_ids`` of a new specific group. -.. note:: - - Be aware users can only belong to one group from the user type category - (`base.module_category_user_type`). So your other groups can't inherit both - internal users and backend users. +The Backend groups are from the "User types" category (``base.module_category_user_type``), the same category as "Internal User" (``base.group_user``), "Portal" (``base.group_portal``) or Public (``base.group_public``). Be aware that a user can only belongs to **one group of this category**. Usage ===== -To use this module, you need to: - -#. Go to Configuration / Users / Users, choose a user and set the user type. - -You get a users that is only able to access to the Odoo backend which you -can attach other groups that not implies other kind of users (`portal`, -`internal users`) +To use this module, add a user to the group "Backend user" or "Backend UI user" through the user's form page. .. figure:: https://raw.githubusercontent.com/OCA/server-backend/16.0/base_group_backend/static/description/backend_ui.png :alt: Backend UI user -Known issues / Roadmap -====================== +If you created a specific group with ``group_backend`` or ``group_backend_ui_users`` in its ``implied_ids``, you need to go through the group's form page in order to add the user to this specific group, because it won't be displayed on the user's form page (a specific group with its own category is displayed on user's form page only if the group inherits the "Internal user" group). -Current module depends on `base_install_request` instead of `base`. - -We don't need `base_install_request` auto install module but we must override it to set a security group on `App` menu. - -This dependency should be remove if possible in future versions. +This module also **restricts the root menus** displayed to Backend users, so be sure to explicitly add your Backend group to all the necessary root menus for these users. Bug Tracker =========== diff --git a/base_group_backend/readme/CONFIGURE.rst b/base_group_backend/readme/CONFIGURE.rst index e480b4f2..b86bd8ce 100644 --- a/base_group_backend/readme/CONFIGURE.rst +++ b/base_group_backend/readme/CONFIGURE.rst @@ -1,8 +1,3 @@ -To allow `group_backend` to interact with a model you can either add access rules to the group -or you can add `implied_ids` to `group_backend`. +To allow a user from the ``group_backend_ui_users`` group to interact with a specific model you can either add an access rules to this model for ``group_backend_ui_users`` or you can add ``group_backend_ui_users`` to the ``implied_ids`` of a new specific group. -.. note:: - - Be aware users can only belong to one group from the user type category - (`base.module_category_user_type`). So your other groups can't inherit both - internal users and backend users. +The Backend groups are from the "User types" category (``base.module_category_user_type``), the same category as "Internal User" (``base.group_user``), "Portal" (``base.group_portal``) or Public (``base.group_public``). Be aware that a user can only belongs to **one group of this category**. \ No newline at end of file diff --git a/base_group_backend/readme/DESCRIPTION.rst b/base_group_backend/readme/DESCRIPTION.rst index 83169020..9f9db332 100644 --- a/base_group_backend/readme/DESCRIPTION.rst +++ b/base_group_backend/readme/DESCRIPTION.rst @@ -1,52 +1,33 @@ -This module was written to extend the standard functionality regarding users -and groups management by adding a new `Backend user` group that only gives access -to odoo backend (`/web`): +This module adds two "Backend User" groups (``group_backend`` and ``group_backend_ui_users``) with restricted access to odoo backend only (``/web``), with less and more controlled access than the native "Internal User" group. -* minimal default access: - * users and partners (this is necessary to access your own data) - * mail activity, notification and channel - * presence -* minimal default menu - * notification - * activities -* minimal default access rules + The problem with the "Internal User" group (``base.group_user``) is that it can be used by any new module added to your project, so you don't control clearly this group's accesses. -The problem with the `Internal user` is when you want to gives access to the -backend to a really thin part of your business to some users, it's quite hard -to properly maintain those roles over the project life, a lot of models use -that group (`base.group_user`) by default which makes hard to maintains. +The UI access is provided only for ``group_backend_ui_users`` : -So that helps creating well-defined user groups with more controls. +* minimal default access rules to access the user's own data: + * users and partners + * mail activity, notification and channel + * presence +* minimal default menu to restrict the available ones: + * notification + * activities -This modules does 3 things: -* It hijack the has_group method of res.users by returning True for group_backend users when the requested group is group_user (The need for this needs to be investigated) -* It sets the res_users.share to False for group_backend users. This allows those users to access the backend. -* It sets the bare minimum permission in the ir.model.access.csv to display the backend - -We suggest to use this module with its compagnon `base_user_role` - - -Here is an example where a backend ui user can only access and use the dummy app. No other application are available to this user. You may define your own application instead of the dummy one. +Here is an example where a user from ``group_backend_ui_users`` can only access and use the Dummy App. No other application is available to this user (you may define your own application instead of the Dummy one). .. figure:: ../static/description/dummy_app.png :alt: Dummy app for demo - +We suggest to use this module with its companion ``base_user_role``. Limitations ~~~~~~~~~~~ -At the time of writing, Odoo uses `res.users.share == False` to give the -backend access. -However to be able to access the backend without any errors some basic rights are necessary. -This module change the way `res.users.share` is computed to allow `group_backend users` to use the backend. +At the time of writing, Odoo uses ``user.share == False`` and ``user.has_group("base.group_user") == True`` to give the backend access to ``user``. -This avoids to write a lot of overwrite in different controllers from -different modules ('portal', 'web', 'base', 'website') with hard coded statements -that check if user is part of the `base.group_user` or `share == False` group. +So technically, the module does 2 things : -.. warning:: +* It sets the ``share`` parameter to ``False`` for ``group_backend`` users. +* It hijacks the ``has_group`` method of res.users by returning ``True`` for ``group_backend`` users when the requested group is ``base.group_user`` - Using this module and grant a user with `group_backend`'s group is - equivalent to grant `group_user`'s group everywhere `has_group` - has been used. + +This avoids to write a lot of overwrite in different controllers from different modules ('portal', 'web', 'base', 'website') with hard coded statements that check if user is part of the ``base.group_user`` or ``share == False`` group. \ No newline at end of file diff --git a/base_group_backend/readme/ROADMAP.rst b/base_group_backend/readme/ROADMAP.rst deleted file mode 100644 index 5190afe1..00000000 --- a/base_group_backend/readme/ROADMAP.rst +++ /dev/null @@ -1,5 +0,0 @@ -Current module depends on `base_install_request` instead of `base`. - -We don't need `base_install_request` auto install module but we must override it to set a security group on `App` menu. - -This dependency should be remove if possible in future versions. diff --git a/base_group_backend/readme/USAGE.rst b/base_group_backend/readme/USAGE.rst index eab476ce..c2bd465d 100644 --- a/base_group_backend/readme/USAGE.rst +++ b/base_group_backend/readme/USAGE.rst @@ -1,10 +1,8 @@ -To use this module, you need to: - -#. Go to Configuration / Users / Users, choose a user and set the user type. - -You get a users that is only able to access to the Odoo backend which you -can attach other groups that not implies other kind of users (`portal`, -`internal users`) +To use this module, add a user to the group "Backend user" or "Backend UI user" through the user's form page. .. figure:: ../static/description/backend_ui.png :alt: Backend UI user + +If you created a specific group with ``group_backend`` or ``group_backend_ui_users`` in its ``implied_ids``, you need to go through the group's form page in order to add the user to this specific group, because it won't be displayed on the user's form page (a specific group with its own category is displayed on user's form page only if the group inherits the "Internal user" group). + +This module also **restricts the root menus** displayed to Backend users, so be sure to explicitly add your Backend group to all the necessary root menus for these users. \ No newline at end of file diff --git a/base_group_backend/static/description/index.html b/base_group_backend/static/description/index.html index d85cfc98..f738e8db 100644 --- a/base_group_backend/static/description/index.html +++ b/base_group_backend/static/description/index.html @@ -370,48 +370,45 @@ ul.auto-toc { !! source digest: sha256:879007f368a0b75ad5da7f5d3e3d1d6ae386da26d27df7fc4dec1a6865cf0233 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->

Alpha License: LGPL-3 OCA/server-backend Translate me on Weblate Try me on Runboat

-

This module was written to extend the standard functionality regarding users -and groups management by adding a new Backend user group that only gives access -to odoo backend (/web):

+

This module adds two “Backend User” groups (group_backend and group_backend_ui_users) with restricted access to odoo backend only (/web), with less and more controlled access than the native “Internal User” group.

+
+The problem with the “Internal User” group (base.group_user) is that it can be used by any new module added to your project, so you don’t control clearly this group’s accesses.
+

The UI access is provided only for group_backend_ui_users :

    -
  • minimal default access: -* users and partners (this is necessary to access your own data) -* mail activity, notification and channel -* presence
    • -
  • minimal default menu -* notification -* activities
    • -
  • minimal default access rules
    • +
  • +
    minimal default access rules to access the user’s own data:
    +
      +
    • users and partners
      • +
    • mail activity, notification and channel
      • +
    • presence
    -

    The problem with the Internal user is when you want to gives access to the -backend to a really thin part of your business to some users, it’s quite hard -to properly maintain those roles over the project life, a lot of models use -that group (base.group_user) by default which makes hard to maintains.

    -

    So that helps creating well-defined user groups with more controls.

    -

    This modules does 3 things: -* It hijack the has_group method of res.users by returning True for group_backend users when the requested group is group_user (The need for this needs to be investigated) -* It sets the res_users.share to False for group_backend users. This allows those users to access the backend. -* It sets the bare minimum permission in the ir.model.access.csv to display the backend

    -

    We suggest to use this module with its compagnon base_user_role

    -

    Here is an example where a backend ui user can only access and use the dummy app. No other application are available to this user. You may define your own application instead of the dummy one.

    +
    +
    +
    • +
  • +
    minimal default menu to restrict the available ones:
    +
      +
    • notification
      • +
    • activities
      • +
    +
    +
    +
    • +
+

Here is an example where a user from group_backend_ui_users can only access and use the Dummy App. No other application is available to this user (you may define your own application instead of the Dummy one).

Dummy app for demo
+

We suggest to use this module with its companion base_user_role.

Limitations

-

At the time of writing, Odoo uses res.users.share == False to give the -backend access. -However to be able to access the backend without any errors some basic rights are necessary. -This module change the way res.users.share is computed to allow group_backend users to use the backend.

-

This avoids to write a lot of overwrite in different controllers from -different modules (‘portal’, ‘web’, ‘base’, ‘website’) with hard coded statements -that check if user is part of the base.group_user or share == False group.

-
-

Warning

-

Using this module and grant a user with group_backend’s group is -equivalent to grant group_user’s group everywhere has_group -has been used.

-
+

At the time of writing, Odoo uses user.share == False and user.has_group("base.group_user") == True to give the backend access to user.

+

So technically, the module does 2 things :

+
    +
  • It sets the share parameter to False for group_backend users.
    • +
  • It hijacks the has_group method of res.users by returning True for group_backend users when the requested group is base.group_user
    • +
+

This avoids to write a lot of overwrite in different controllers from different modules (‘portal’, ‘web’, ‘base’, ‘website’) with hard coded statements that check if user is part of the base.group_user or share == False group.

Important

This is an alpha version, the data model and design can change at any time without warning. @@ -423,43 +420,26 @@ Only for development or testing purpose, do not use in production.

Configuration

-

To allow group_backend to interact with a model you can either add access rules to the group -or you can add implied_ids to group_backend.

-
-

Note

-

Be aware users can only belong to one group from the user type category -(base.module_category_user_type). So your other groups can’t inherit both -internal users and backend users.

-
+

To allow a user from the group_backend_ui_users group to interact with a specific model you can either add an access rules to this model for group_backend_ui_users or you can add group_backend_ui_users to the implied_ids of a new specific group.

+

The Backend groups are from the “User types” category (base.module_category_user_type), the same category as “Internal User” (base.group_user), “Portal” (base.group_portal) or Public (base.group_public). Be aware that a user can only belongs to one group of this category.

Usage

-

To use this module, you need to:

-
    -
  1. Go to Configuration / Users / Users, choose a user and set the user type.
    2. -
-

You get a users that is only able to access to the Odoo backend which you -can attach other groups that not implies other kind of users (portal, -internal users)

+

To use this module, add a user to the group “Backend user” or “Backend UI user” through the user’s form page.

Backend UI user
-
-
-

Known issues / Roadmap

-

Current module depends on base_install_request instead of base.

-

We don’t need base_install_request auto install module but we must override it to set a security group on App menu.

-

This dependency should be remove if possible in future versions.

+

If you created a specific group with group_backend or group_backend_ui_users in its implied_ids, you need to go through the group’s form page in order to add the user to this specific group, because it won’t be displayed on the user’s form page (a specific group with its own category is displayed on user’s form page only if the group inherits the “Internal user” group).

+

This module also restricts the root menus displayed to Backend users, so be sure to explicitly add your Backend group to all the necessary root menus for these users.

-

Bug Tracker

+

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed @@ -467,7 +447,7 @@ If you spotted it first, help us to smash it by providing a detailed and welcome

Do not contact contributors directly about support or help with technical issues.