[FIX] avoid display root menus with no defined security groups

for Backend UI Users

base_group_backend/__manifest__.py

@@ -10,7 +10,6 @@
     "website": "https://github.com/OCA/server-backend",
     "depends": [
         "base",
-        "base_install_request",  # weird module, we need to survive with it
         "mail",
         "calendar",
     ],
@@ -24,7 +23,6 @@
     ],
     "data": [
         "data/res_groups.xml",
-        "data/ir_ui_menu.xml",
         "security/ir.model.access.csv",
     ],
     "installable": True,

base_group_backend/data/ir_ui_menu.xml

@@ -1,8 +0,0 @@
-<odoo>
-
-    <record model="ir.ui.menu" id="base.menu_management">
-        <!-- Allow to avoid to display App menu for backend users  -->
-        <field name="groups_id" eval="[(4, ref('base.group_user'), 0)]" />
-    </record>
-
-</odoo>

base_group_backend/demo/backend_dummy_model.xml

@@ -41,4 +41,14 @@
         action="action_dummy_list"
     />
 
+    <menuitem id="menu_root_no_group" name="No Group" sequence="100" />
+    <menuitem
+        id="menu_dummy_list_no_group"
+        name="Dummy list No group"
+        sequence="100"
+        groups="group_backend_ui_users,base.group_user"
+        parent="menu_root_no_group"
+        action="action_dummy_list"
+    />
+
 </odoo>

base_group_backend/models/__init__.py

@@ -1 +1,2 @@
 from . import res_users
+from . import ir_ui_menu

base_group_backend/models/ir_ui_menu.py

@@ -0,0 +1,22 @@
+# Copyright 2024 Akretion
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import api, models
+
+
+class IrUiMenu(models.Model):
+    _inherit = "ir.ui.menu"
+
+    @api.model
+    @api.returns("self")
+    def get_user_roots(self):
+        """Avoid to display root menus with no defined groups_id to Backend UI Users
+        like 'spreadsheet_dashboard.spreadsheet_dashboard_menu_root'
+        or 'base.menu_management'.
+
+        """
+        res = super().get_user_roots()
+        if self.env.user.has_group("base_group_backend.group_backend_ui_users"):
+            return res.filtered(lambda m: m.groups_id)
+        else:
+            return res

base_group_backend/models/res_users.py

@@ -27,9 +27,9 @@ class Users(models.Model):
                 "base_group_backend.base_group_backend"
             ) or super().has_group("base_group_backend.group_backend_ui_users")
             if has_base_group_backend:
-                _logger.warning(
+                _logger.debug(
                     "Forcing has_group to return True"
-                    + " for group_backend and base_group_backend_ui_users"
+                    + " for base_group_backend and base_group_backend_ui_users"
                 )
             return has_base_group_backend
         return res

base_group_backend/tests/test_module.py

@@ -12,6 +12,7 @@ class TestResUsers(TransactionCase):
         cls.portal_ui_user = cls.env.ref(
             "base_group_backend.user_demo_external_with_ui"
         )
+        cls.menu_no_group = cls.env.ref("base_group_backend.menu_root_no_group")
 
     def test_has_groups(self):
         self.assertTrue(self.internal_user.has_group("base.group_user"))
@@ -29,3 +30,13 @@ class TestResUsers(TransactionCase):
         )
         self.assertFalse(self.portal_user.share)
         self.assertFalse(self.portal_ui_user.share)
+
+    def test_no_roots_menu_with_no_groups(self):
+        self.assertNotIn(
+            self.menu_no_group,
+            self.env["ir.ui.menu"].with_user(self.portal_ui_user).get_user_roots(),
+        )
+        self.assertIn(
+            self.menu_no_group,
+            self.env["ir.ui.menu"].with_user(self.internal_user).get_user_roots(),
+        )