[IMP] make base_user_role_line company dependent

base_user_role/models/role.py

@@ -3,8 +3,9 @@
 import datetime
 import logging
 
-from odoo import api, fields, models
+from odoo import _, api, fields, models
 from odoo import SUPERUSER_ID
+from odoo.exceptions import ValidationError
 
 
 _logger = logging.getLogger(__name__)
@@ -82,6 +83,20 @@ class ResUsersRoleLine(models.Model):
     date_from = fields.Date("From")
     date_to = fields.Date("To")
     is_enabled = fields.Boolean("Enabled", compute='_compute_is_enabled')
+    company_id = fields.Many2one(
+        'res.company', 'Company',
+        default=lambda self: self.env.user.company_id)
+
+    @api.multi
+    @api.constrains('user_id', 'company_id')
+    def _check_company(self):
+        for record in self:
+            if (self.company_id and
+                    self.company_id != self.user_id.company_id and
+                    self.company_id not in self.user_id.company_ids):
+                raise ValidationError(
+                    _('User "{}" does not have access to the company "{}"')
+                    .format(self.user_id.name, self.company_id.name))
 
     @api.multi
     @api.depends('date_from', 'date_to')

base_user_role/models/user.py

@@ -50,6 +50,11 @@ class ResUsers(models.Model):
         return res
 
     @api.multi
+    def _get_enabled_roles(self):
+        return self.role_line_ids.filtered(
+            lambda rec: rec.is_enabled and
+            (not rec.company_id or rec.company_id == rec.user_id.company_id))
+
     def set_groups_from_roles(self, force=False):
         """Set (replace) the groups following the roles defined on users.
         If no role is defined on the user, its groups are let untouched unless
@@ -66,9 +71,7 @@ class ResUsers(models.Model):
             if not user.role_line_ids and not force:
                 continue
             group_ids = []
-            role_lines = user.role_line_ids.filtered(
-                lambda rec: rec.is_enabled)
-            for role_line in role_lines:
+            for role_line in user._get_enabled_roles():
                 role = role_line.role_id
                 group_ids += role_groups[role]
             group_ids = list(set(group_ids))    # Remove duplicates IDs

base_user_role/tests/test_user_role.py

@@ -41,6 +41,11 @@ class TestUserRole(TransactionCase):
                         self.group_settings_id.id])],
         }
         self.role2_id = self.role_model.create(vals)
+        self.company1 = self.env.ref('base.main_company')
+        self.company2 = self.env['res.company'].create({'name': 'company2'})
+        self.user_id.write(
+            {'company_ids': [
+                (4, self.company1.id, 0), (4, self.company2.id, 0)]})
 
     def test_role_1(self):
         self.user_id.write(
@@ -162,3 +167,38 @@ class TestUserRole(TransactionCase):
         })
         roles = self.role_model.browse([self.role1_id.id, self.role2_id.id])
         self.assertEqual(user.role_ids, roles)
+
+    def test_user_role_different_company(self):
+        self.user_id.write({'company_id': self.company1.id})
+        self.user_id.write({'role_line_ids': [(0, 0, {
+            'role_id': self.role2_id.id,
+            'company_id': self.company2.id})]})
+        # Check that user does not have any groups
+        self.assertEquals(
+            self.user_id.groups_id, self.env['res.groups'].browse())
+
+    def test_user_role_same_company(self):
+        self.user_id.write({'company_id': self.company1.id})
+        self.user_id.write({'role_line_ids': [(0, 0, {
+            'role_id': self.role1_id.id,
+            'company_id': self.company1.id})]})
+        user_group_ids = sorted(set(
+            [group.id for group in self.user_id.groups_id]))
+        role_group_ids = self.role1_id.trans_implied_ids.ids
+        role_group_ids.append(self.role1_id.group_id.id)
+        role_group_ids = sorted(set(role_group_ids))
+        # Check that user have groups implied by role 1
+        self.assertEqual(user_group_ids, role_group_ids)
+
+    def test_user_role_no_company(self):
+        self.user_id.write({'company_id': self.company1.id})
+        self.user_id.write({'role_line_ids': [(0, 0, {
+            'role_id': self.role2_id.id,
+            'company_id': False})]})
+        user_group_ids = sorted(set(
+            [group.id for group in self.user_id.groups_id]))
+        role_group_ids = self.role2_id.trans_implied_ids.ids
+        role_group_ids.append(self.role2_id.group_id.id)
+        role_group_ids = sorted(set(role_group_ids))
+        # Check that user have groups implied by role 2
+        self.assertEqual(user_group_ids, role_group_ids)

base_user_role/views/role.xml

@@ -25,6 +25,7 @@
                                 <field name="date_from"/>
                                 <field name="date_to"/>
                                 <field name="is_enabled"/>
+                                <field name="company_id" groups="base.group_multi_company"/>
                             </tree>
                         </field>
                     </page>

base_user_role/views/user.xml

@@ -17,6 +17,7 @@
                         <field name="date_from"/>
                         <field name="date_to"/>
                         <field name="is_enabled"/>
+                        <field name="company_id" groups="base.group_multi_company"/>
                     </tree>
                 </field>
             </page>