audrius/server-backend
1
0
Fork 0
mirror of https://github.com/OCA/server-backend.git synced 2025-02-18 09:52:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

[14.0] group_backend: new module and rename group_backend to base_group_backend

Browse Source 
As a developer we have to keep in mind using this module and grant a user with 's group is
equivalent to grant 's group everywhere  has been used.

Co-authored-by: Jean-Charles Drubay <jcdrubay@users.noreply.github.com>
This commit is contained in:
Pierre Verkest
2021-03-18 23:48:52 +01:00
committed by David Beal
parent 1e7e7199fd
commit b22c4bdf51
21 changed files with 896 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
base_group_backend/README.rst Normal file
View File

@@ -0,0 +1,154 @@
=============
Group backend
=============
..
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:6aed3105c0a4c58cc34c910e88d34a68e14d38a8d549160bbc5b8f276320cda4
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
:target: https://odoo-community.org/page/development-status
:alt: Beta
.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
:target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
:alt: License: LGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github
:target: https://github.com/OCA/server-backend/tree/16.0/base_group_backend
:alt: OCA/server-backend
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
:target: https://translation.odoo-community.org/projects/server-backend-16-0/server-backend-16-0-base_group_backend
:alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
:target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=16.0
:alt: Try me on Runboat
|badge1| |badge2| |badge3| |badge4| |badge5|
This module was written to extend the standard functionality regarding users
and groups management by adding a new `Backend user` group that only gives access
to odoo backend (`/web`):
* minimal default access:
* users and partners (this is necessary to access your own data)
* mail activity, notification and channel
* presence
* minimal default menu
* notification
* activities
* minimal default access rules
The problem with the `Internal user` is when you want to gives access to the
backend to a really thin part of your business to some users, it's quite hard
to properly maintain those roles over the project life, a lot of models use
that group (`base.group_user`) by default which makes hard to maintains.
So that helps creating well-defined user groups with more controls.
This modules does 3 things:
* It hijack the has_group method of res.users by returning True for group_backend users when the requested group is group_user (The need for this needs to be investigated)
* It sets the res_users.share to False for group_backend users. This allows those users to access the backend.
* It sets the bare minimum permission in the ir.model.access.csv to display the backend
We suggest to use this module with its compagnon `base_user_role`
Limitations
~~~~~~~~~~~
At the time of writing, Odoo uses `res.users.share == False` to give the
backend access.
However to be able to access the backend without any errors some basic rights are necessary.
This module change the way `res.users.share` is computed to allow `group_backend users` to use the backend.
This avoids to write a lot of overwrite in different controllers from
different modules ('portal', 'web', 'base', 'website') with hard coded statements
that check if user is part of the `base.group_user` or `share == False` group.
.. warning::
Using this module and grant a user with `group_backend`'s group is
equivalent to grant `group_user`'s group everywhere `has_group`
has been used.
**Table of contents**
.. contents::
:local:
Configuration
=============
To allow `group_backend` to interact with a model you can either add access rules to the group
or you can add `implied_ids` to `group_backend`.
.. note::
Be aware users can only belong to one group from the user type category
(`base.module_category_user_type`). So your other groups can't inherit both
internal users and backend users.
Usage
=====
To use this module, you need to:
#. Go to Configuration / Users / Users, choose a user and set the user type.
You get a users that is only able to access to the Odoo backend which you
can attach other groups that not implies other kind of users (`portal`,
`internal users`)
Bug Tracker
===========
Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-backend/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/OCA/server-backend/issues/new?body=module:%20base_group_backend%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
Do not contact contributors directly about support or help with technical issues.
Credits
=======
Authors
~~~~~~~
* Pierre Verkest
Contributors
~~~~~~~~~~~~
* Pierre Verkest <pierreverkest84@gmail.com>
* François Poizat <francois.poizat@gmail.com>
Do not contact contributors directly about support or help with technical issues.
Maintainers
~~~~~~~~~~~
This module is maintained by the OCA.
.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org
OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.
.. |maintainer-oca| image:: https://github.com/oca.png?size=40px
:target: https://github.com/oca
:alt: oca
Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
|maintainer-oca|
This module is part of the `OCA/server-backend <https://github.com/OCA/server-backend/tree/16.0/base_group_backend>`_ project on GitHub.
You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

2
base_group_backend/__init__.py Normal file
View File

@@ -0,0 +1,2 @@
from . import models
from . import demo

23
base_group_backend/__manifest__.py Normal file
View File

@@ -0,0 +1,23 @@
# Copyright 2021 Pierre Verkest <pierreverkest84@gmail.com>
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
{
"name": "Group backend",
"version": "16.0.1.0.0",
"category": "Tools",
"author": "Pierre Verkest, Odoo Community Association (OCA)",
"license": "LGPL-3",
"maintainers": ["oca"],
"website": "https://github.com/OCA/server-backend",
"depends": ["base", "mail"],
"demo": [
"demo/test-model.xml",
"demo/ir.model.access.csv",
"demo/backend_dummy_model.xml",
],
"data": [
"data/res-groups.xml",
"security/ir.model.access.csv",
],
"installable": True,
"application": True
}

18
base_group_backend/data/res-groups.xml Normal file
View File

@@ -0,0 +1,18 @@
<odoo>
<record model="res.groups" id="group_backend">
<field name="name">Backend user</field>
<field name="category_id" ref="base.module_category_user_type" />
<field name="comment">
This group is used to gives user backend access.
While users in `base.group_user` gets a lot of default access
which makes hard to define properly records/rules/menu access.
So for maintainability you shouldn't linked any access right, rules,
menu, and so on to this group directly.
The only intent of this groups is to be able to get a session
to Odoo backend (`/web`).
</field>
</record>
</odoo>

5
base_group_backend/demo/__init__.py Normal file
View File

@@ -0,0 +1,5 @@
from odoo.tools import config
if not config['without_demo']:
from . import backend_dummy_model

11
base_group_backend/demo/backend_dummy_model.py Normal file
View File

@@ -0,0 +1,11 @@
from odoo import fields, models
class BackendDummyModel(models.Model):
_name = "backend.dummy.model"
_inherit = ["mail.activity.mixin"]
_description = 'Nothing to see here'
my_value = fields.Char(name="Value", required=True)
my_other_value = fields.Char(name="Other value", required=True)
date_start = fields.Datetime(name="Date start", required=True, default=fields.Datetime.now)
date_stop = fields.Datetime(name="Date stop", required=True, default=fields.Datetime.now)

43
base_group_backend/demo/backend_dummy_model.xml Normal file
View File

@@ -0,0 +1,43 @@
<?xml version="1.0" encoding="utf-8"?>
<odoo>
<data>
<record id="backend_dummy_model_tree_view" model="ir.ui.view">
<field name="name">Backend dummy tree view</field>
<field name="model">backend.dummy.model</field>
<field name="arch" type="xml">
<tree string="Dummies" create="false" delete="false">
<field name="my_value"/>
<field name="my_other_value"/>
</tree>
</field>
</record>
<record id="action_dummy_list" model="ir.actions.act_window">
<field name="name">Dummies</field>
<field name="type">ir.actions.act_window</field>
<field name="res_model">backend.dummy.model</field>
<field name="view_mode">tree,form,kanban,calendar,pivot,graph,activity</field>
<field name="view_id" ref="backend_dummy_model_tree_view" />
</record>
<menuitem
id="menu_dummy_root"
name="Dummy"
sequence="100"
groups="group_backend,base.group_user"
/>
<menuitem
id="menu_dummy_menu"
name="Dummy"
sequence="10"
groups="group_backend,base.group_user"
parent="menu_dummy_root"
/>
<menuitem
id="menu_dummy_list"
name="Dummy list"
sequence="100"
groups="group_backend,base.group_user"
parent="menu_dummy_root"
action="action_dummy_list"
/>
</data>
</odoo>

3
base_group_backend/demo/ir.model.access.csv Normal file
View File

@@ -0,0 +1,3 @@
"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
"access_backend_dummy_models","backend_dummy_model all","base_group_backend.model_backend_dummy_model",group_backend,1,0,0,0
"access_backend_dummy_models_all","backend_dummy_model all","base_group_backend.model_backend_dummy_model",base.group_user,1,0,0,0
1 id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
2 access_backend_dummy_models backend_dummy_model all base_group_backend.model_backend_dummy_model group_backend 1 0 0 0
3 access_backend_dummy_models_all backend_dummy_model all base_group_backend.model_backend_dummy_model base.group_user 1 0 0 0

8
base_group_backend/demo/test-model.xml Normal file
View File

@@ -0,0 +1,8 @@
<odoo>
<data>
<record model="backend.dummy.model" id="dummy_model_1">
<field name="my_value">hello</field>
<field name="my_other_value">hello</field>
</record>
</data>
</odoo>

2
base_group_backend/models/__init__.py Normal file
View File

@@ -0,0 +1,2 @@
from odoo.tools import config
from . import res_users

42
base_group_backend/models/res_users.py Normal file
View File

@@ -0,0 +1,42 @@
import logging
from odoo import api, models
_logger = logging.getLogger(__name__)
class Users(models.Model):
_inherit = "res.users"
# TODO: (franz) make it clear why we test with "." group and why the share = True
@api.model
def has_group(self, group_ext_id):
"""While ensuring a user is part of `base.group_user` this code will
try if user is in the `base_group_backend.group_backend` group to let access
to the odoo backend.
This code avoid to overwrite a lot of places in controllers from
different modules ('portal', 'web', 'base') with hardcoded statement
that check if user is part of `base.group_user` group.
As far `base.group_user` have a lot of default permission this
makes hard to maintain proper access right according your business.
"""
res = super().has_group(group_ext_id)
if not res and (group_ext_id == "base.group_user"):
has_base_group_backend = super().has_group(
"base_group_backend.group_backend"
)
if has_base_group_backend:
_logger.warning("Forcing has_group to return True for group_backend")
return has_base_group_backend
return res
@api.depends('groups_id')
def _compute_share(self):
user_group_id = self.env['ir.model.data']._xmlid_to_res_id('base.group_user')
backend_user_group_id = self.env['ir.model.data']._xmlid_to_res_id('base_group_backend.group_backend')
internal_users = self.filtered_domain([('groups_id', 'in', [user_group_id, backend_user_group_id])])
internal_users.share = False
(self - internal_users).share = True

8
base_group_backend/readme/CONFIGURE.rst Normal file
View File

@@ -0,0 +1,8 @@
To allow `group_backend` to interact with a model you can either add access rules to the group
or you can add `implied_ids` to `group_backend`.
.. note::
Be aware users can only belong to one group from the user type category
(`base.module_category_user_type`). So your other groups can't inherit both
internal users and backend users.

4
base_group_backend/readme/CONTRIBUTORS.rst Normal file
View File

@@ -0,0 +1,4 @@
* Pierre Verkest <pierreverkest84@gmail.com>
* François Poizat <francois.poizat@gmail.com>
Do not contact contributors directly about support or help with technical issues.

45
base_group_backend/readme/DESCRIPTION.rst Normal file
View File

@@ -0,0 +1,45 @@
This module was written to extend the standard functionality regarding users
and groups management by adding a new `Backend user` group that only gives access
to odoo backend (`/web`):
* minimal default access:
* users and partners (this is necessary to access your own data)
* mail activity, notification and channel
* presence
* minimal default menu
* notification
* activities
* minimal default access rules
The problem with the `Internal user` is when you want to gives access to the
backend to a really thin part of your business to some users, it's quite hard
to properly maintain those roles over the project life, a lot of models use
that group (`base.group_user`) by default which makes hard to maintains.
So that helps creating well-defined user groups with more controls.
This modules does 3 things:
* It hijack the has_group method of res.users by returning True for group_backend users when the requested group is group_user (The need for this needs to be investigated)
* It sets the res_users.share to False for group_backend users. This allows those users to access the backend.
* It sets the bare minimum permission in the ir.model.access.csv to display the backend
We suggest to use this module with its compagnon `base_user_role`
Limitations
~~~~~~~~~~~
At the time of writing, Odoo uses `res.users.share == False` to give the
backend access.
However to be able to access the backend without any errors some basic rights are necessary.
This module change the way `res.users.share` is computed to allow `group_backend users` to use the backend.
This avoids to write a lot of overwrite in different controllers from
different modules ('portal', 'web', 'base', 'website') with hard coded statements
that check if user is part of the `base.group_user` or `share == False` group.
.. warning::
Using this module and grant a user with `group_backend`'s group is
equivalent to grant `group_user`'s group everywhere `has_group`
has been used.

7
base_group_backend/readme/USAGE.rst Normal file
View File

@@ -0,0 +1,7 @@
To use this module, you need to:
#. Go to Configuration / Users / Users, choose a user and set the user type.
You get a users that is only able to access to the Odoo backend which you
can attach other groups that not implies other kind of users (`portal`,
`internal users`)

13
base_group_backend/security/ir.model.access.csv Normal file
View File

@@ -0,0 +1,13 @@
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_res_users_all,res_users all,model_res_users,group_backend,1,0,0,0
access_res_partners_all,res_partners all,base.model_res_partner,group_backend,1,0,0,0
access_ir_ui_menu_group_user,ir_ui_menu group_user,base.model_ir_ui_menu,group_backend,1,0,0,0
access_ir_filter_user,ir_filters all,base.model_ir_filters,group_backend,1,1,1,1
access_bus_presence,bus.presence,bus.model_bus_presence,group_backend,1,1,1,1
access_mail_channel_member_user,mail.channel.member.user,mail.model_mail_channel_member,group_backend,1,1,1,0
access_mail_channel_user,mail.group.user,mail.model_mail_channel,group_backend,1,1,1,0
access_mail_notification_user,mail.notification.user,mail.model_mail_notification,group_backend,1,1,1,0
access_mail_activity_user,mail.activity.user,mail.model_mail_activity,group_backend,1,1,1,1
access_mail_activity_type_user,mail.activity.type.user,mail.model_mail_activity_type,group_backend,1,0,0,0
access_ir_attachment_group_user,ir_attachment group_user,base.model_ir_attachment,group_backend,1,0,0,0
access_mail_followers_user,mail.followers.user,mail.model_mail_followers,group_backend,1,0,0,0
1 id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
2 access_res_users_all res_users all model_res_users group_backend 1 0 0 0
3 access_res_partners_all res_partners all base.model_res_partner group_backend 1 0 0 0
4 access_ir_ui_menu_group_user ir_ui_menu group_user base.model_ir_ui_menu group_backend 1 0 0 0
5 access_ir_filter_user ir_filters all base.model_ir_filters group_backend 1 1 1 1
6 access_bus_presence bus.presence bus.model_bus_presence group_backend 1 1 1 1
7 access_mail_channel_member_user mail.channel.member.user mail.model_mail_channel_member group_backend 1 1 1 0
8 access_mail_channel_user mail.group.user mail.model_mail_channel group_backend 1 1 1 0
9 access_mail_notification_user mail.notification.user mail.model_mail_notification group_backend 1 1 1 0
10 access_mail_activity_user mail.activity.user mail.model_mail_activity group_backend 1 1 1 1
11 access_mail_activity_type_user mail.activity.type.user mail.model_mail_activity_type group_backend 1 0 0 0
12 access_ir_attachment_group_user ir_attachment group_user base.model_ir_attachment group_backend 1 0 0 0
13 access_mail_followers_user mail.followers.user mail.model_mail_followers group_backend 1 0 0 0

481
base_group_backend/static/description/index.html Normal file
View File

@@ -0,0 +1,481 @@
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="generator" content="Docutils: http://docutils.sourceforge.net/" />
<title>Group backend</title>
<style type="text/css">
/*
:Author: David Goodger (goodger@python.org)
:Id: $Id: html4css1.css 7952 2016-07-26 18:15:59Z milde $
:Copyright: This stylesheet has been placed in the public domain.
Default cascading style sheet for the HTML output of Docutils.
See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
customize this style sheet.
*/
/* used to remove borders from tables and images */
.borderless, table.borderless td, table.borderless th {
border: 0 }
table.borderless td, table.borderless th {
/* Override padding for "table.docutils td" with "! important".
The right padding separates the table cells. */
padding: 0 0.5em 0 0 ! important }
.first {
/* Override more specific margin styles with "! important". */
margin-top: 0 ! important }
.last, .with-subtitle {
margin-bottom: 0 ! important }
.hidden {
display: none }
.subscript {
vertical-align: sub;
font-size: smaller }
.superscript {
vertical-align: super;
font-size: smaller }
a.toc-backref {
text-decoration: none ;
color: black }
blockquote.epigraph {
margin: 2em 5em ; }
dl.docutils dd {
margin-bottom: 0.5em }
object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
overflow: hidden;
}
/* Uncomment (and remove this text!) to get bold-faced definition list terms
dl.docutils dt {
font-weight: bold }
*/
div.abstract {
margin: 2em 5em }
div.abstract p.topic-title {
font-weight: bold ;
text-align: center }
div.admonition, div.attention, div.caution, div.danger, div.error,
div.hint, div.important, div.note, div.tip, div.warning {
margin: 2em ;
border: medium outset ;
padding: 1em }
div.admonition p.admonition-title, div.hint p.admonition-title,
div.important p.admonition-title, div.note p.admonition-title,
div.tip p.admonition-title {
font-weight: bold ;
font-family: sans-serif }
div.attention p.admonition-title, div.caution p.admonition-title,
div.danger p.admonition-title, div.error p.admonition-title,
div.warning p.admonition-title, .code .error {
color: red ;
font-weight: bold ;
font-family: sans-serif }
/* Uncomment (and remove this text!) to get reduced vertical space in
compound paragraphs.
div.compound .compound-first, div.compound .compound-middle {
margin-bottom: 0.5em }
div.compound .compound-last, div.compound .compound-middle {
margin-top: 0.5em }
*/
div.dedication {
margin: 2em 5em ;
text-align: center ;
font-style: italic }
div.dedication p.topic-title {
font-weight: bold ;
font-style: normal }
div.figure {
margin-left: 2em ;
margin-right: 2em }
div.footer, div.header {
clear: both;
font-size: smaller }
div.line-block {
display: block ;
margin-top: 1em ;
margin-bottom: 1em }
div.line-block div.line-block {
margin-top: 0 ;
margin-bottom: 0 ;
margin-left: 1.5em }
div.sidebar {
margin: 0 0 0.5em 1em ;
border: medium outset ;
padding: 1em ;
background-color: #ffffee ;
width: 40% ;
float: right ;
clear: right }
div.sidebar p.rubric {
font-family: sans-serif ;
font-size: medium }
div.system-messages {
margin: 5em }
div.system-messages h1 {
color: red }
div.system-message {
border: medium outset ;
padding: 1em }
div.system-message p.system-message-title {
color: red ;
font-weight: bold }
div.topic {
margin: 2em }
h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
margin-top: 0.4em }
h1.title {
text-align: center }
h2.subtitle {
text-align: center }
hr.docutils {
width: 75% }
img.align-left, .figure.align-left, object.align-left, table.align-left {
clear: left ;
float: left ;
margin-right: 1em }
img.align-right, .figure.align-right, object.align-right, table.align-right {
clear: right ;
float: right ;
margin-left: 1em }
img.align-center, .figure.align-center, object.align-center {
display: block;
margin-left: auto;
margin-right: auto;
}
table.align-center {
margin-left: auto;
margin-right: auto;
}
.align-left {
text-align: left }
.align-center {
clear: both ;
text-align: center }
.align-right {
text-align: right }
/* reset inner alignment in figures */
div.align-right {
text-align: inherit }
/* div.align-center * { */
/* text-align: left } */
.align-top {
vertical-align: top }
.align-middle {
vertical-align: middle }
.align-bottom {
vertical-align: bottom }
ol.simple, ul.simple {
margin-bottom: 1em }
ol.arabic {
list-style: decimal }
ol.loweralpha {
list-style: lower-alpha }
ol.upperalpha {
list-style: upper-alpha }
ol.lowerroman {
list-style: lower-roman }
ol.upperroman {
list-style: upper-roman }
p.attribution {
text-align: right ;
margin-left: 50% }
p.caption {
font-style: italic }
p.credits {
font-style: italic ;
font-size: smaller }
p.label {
white-space: nowrap }
p.rubric {
font-weight: bold ;
font-size: larger ;
color: maroon ;
text-align: center }
p.sidebar-title {
font-family: sans-serif ;
font-weight: bold ;
font-size: larger }
p.sidebar-subtitle {
font-family: sans-serif ;
font-weight: bold }
p.topic-title {
font-weight: bold }
pre.address {
margin-bottom: 0 ;
margin-top: 0 ;
font: inherit }
pre.literal-block, pre.doctest-block, pre.math, pre.code {
margin-left: 2em ;
margin-right: 2em }
pre.code .ln { color: grey; } /* line numbers */
pre.code, code { background-color: #eeeeee }
pre.code .comment, code .comment { color: #5C6576 }
pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
pre.code .literal.string, code .literal.string { color: #0C5404 }
pre.code .name.builtin, code .name.builtin { color: #352B84 }
pre.code .deleted, code .deleted { background-color: #DEB0A1}
pre.code .inserted, code .inserted { background-color: #A3D289}
span.classifier {
font-family: sans-serif ;
font-style: oblique }
span.classifier-delimiter {
font-family: sans-serif ;
font-weight: bold }
span.interpreted {
font-family: sans-serif }
span.option {
white-space: nowrap }
span.pre {
white-space: pre }
span.problematic {
color: red }
span.section-subtitle {
/* font-size relative to parent (h1..h6 element) */
font-size: 80% }
table.citation {
border-left: solid 1px gray;
margin-left: 1px }
table.docinfo {
margin: 2em 4em }
table.docutils {
margin-top: 0.5em ;
margin-bottom: 0.5em }
table.footnote {
border-left: solid 1px black;
margin-left: 1px }
table.docutils td, table.docutils th,
table.docinfo td, table.docinfo th {
padding-left: 0.5em ;
padding-right: 0.5em ;
vertical-align: top }
table.docutils th.field-name, table.docinfo th.docinfo-name {
font-weight: bold ;
text-align: left ;
white-space: nowrap ;
padding-left: 0 }
/* "booktabs" style (no vertical lines) */
table.docutils.booktabs {
border: 0px;
border-top: 2px solid;
border-bottom: 2px solid;
border-collapse: collapse;
}
table.docutils.booktabs * {
border: 0px;
}
table.docutils.booktabs th {
border-bottom: thin solid;
text-align: left;
}
h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
font-size: 100% }
ul.auto-toc {
list-style-type: none }
</style>
</head>
<body>
<div class="document" id="group-backend">
<h1 class="title">Group backend</h1>
<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:6aed3105c0a4c58cc34c910e88d34a68e14d38a8d549160bbc5b8f276320cda4
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
<p><a class="reference external" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.png" /></a> <a class="reference external" href="https://github.com/OCA/server-backend/tree/16.0/base_group_backend"><img alt="OCA/server-backend" src="https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github" /></a> <a class="reference external" href="https://translation.odoo-community.org/projects/server-backend-16-0/server-backend-16-0-base_group_backend"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external" href="https://runboat.odoo-community.org/builds?repo=OCA/server-backend&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
<p>This module was written to extend the standard functionality regarding users
and groups management by adding a new <cite>Backend user</cite> group that only gives access
to odoo backend (<cite>/web</cite>):</p>
<ul class="simple">
<li>minimal default access:
* users and partners (this is necessary to access your own data)
* mail activity, notification and channel
* presence</li>
<li>minimal default menu
* notification
* activities</li>
<li>minimal default access rules</li>
</ul>
<p>The problem with the <cite>Internal user</cite> is when you want to gives access to the
backend to a really thin part of your business to some users, its quite hard
to properly maintain those roles over the project life, a lot of models use
that group (<cite>base.group_user</cite>) by default which makes hard to maintains.</p>
<p>So that helps creating well-defined user groups with more controls.</p>
<p>This modules does 3 things:
* It hijack the has_group method of res.users by returning True for group_backend users when the requested group is group_user (The need for this needs to be investigated)
* It sets the res_users.share to False for group_backend users. This allows those users to access the backend.
* It sets the bare minimum permission in the ir.model.access.csv to display the backend</p>
<p>We suggest to use this module with its compagnon <cite>base_user_role</cite></p>
<div class="section" id="limitations">
<h1>Limitations</h1>
<p>At the time of writing, Odoo uses <cite>res.users.share == False</cite> to give the
backend access.
However to be able to access the backend without any errors some basic rights are necessary.
This module change the way <cite>res.users.share</cite> is computed to allow <cite>group_backend users</cite> to use the backend.</p>
<p>This avoids to write a lot of overwrite in different controllers from
different modules (portal, web, base, website) with hard coded statements
that check if user is part of the <cite>base.group_user</cite> or <cite>share == False</cite> group.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">Using this module and grant a user with <cite>group_backend</cite>s group is
equivalent to grant <cite>group_user</cite>s group everywhere <cite>has_group</cite>
has been used.</p>
</div>
<p><strong>Table of contents</strong></p>
<div class="contents local topic" id="contents">
<ul class="simple">
<li><a class="reference internal" href="#configuration" id="id1">Configuration</a></li>
<li><a class="reference internal" href="#usage" id="id2">Usage</a></li>
<li><a class="reference internal" href="#bug-tracker" id="id3">Bug Tracker</a></li>
<li><a class="reference internal" href="#credits" id="id4">Credits</a></li>
</ul>
</div>
<div class="section" id="configuration">
<h2><a class="toc-backref" href="#id1">Configuration</a></h2>
<p>To allow <cite>group_backend</cite> to interact with a model you can either add access rules to the group
or you can add <cite>implied_ids</cite> to <cite>group_backend</cite>.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Be aware users can only belong to one group from the user type category
(<cite>base.module_category_user_type</cite>). So your other groups cant inherit both
internal users and backend users.</p>
</div>
</div>
<div class="section" id="usage">
<h2><a class="toc-backref" href="#id2">Usage</a></h2>
<p>To use this module, you need to:</p>
<ol class="arabic simple">
<li>Go to Configuration / Users / Users, choose a user and set the user type.</li>
</ol>
<p>You get a users that is only able to access to the Odoo backend which you
can attach other groups that not implies other kind of users (<cite>portal</cite>,
<cite>internal users</cite>)</p>
</div>
<div class="section" id="bug-tracker">
<h2><a class="toc-backref" href="#id3">Bug Tracker</a></h2>
<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-backend/issues">GitHub Issues</a>.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
<a class="reference external" href="https://github.com/OCA/server-backend/issues/new?body=module:%20base_group_backend%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
<p>Do not contact contributors directly about support or help with technical issues.</p>
</div>
<div class="section" id="credits">
<h2><a class="toc-backref" href="#id4">Credits</a></h2>
</div>
</div>
<div class="section" id="authors">
<h1>Authors</h1>
<ul class="simple">
<li>Pierre Verkest</li>
</ul>
</div>
<div class="section" id="contributors">
<h1>Contributors</h1>
<ul class="simple">
<li>Pierre Verkest &lt;<a class="reference external" href="mailto:pierreverkest84&#64;gmail.com">pierreverkest84&#64;gmail.com</a>&gt;</li>
<li>François Poizat &lt;<a class="reference external" href="mailto:francois.poizat&#64;gmail.com">francois.poizat&#64;gmail.com</a>&gt;</li>
</ul>
<p>Do not contact contributors directly about support or help with technical issues.</p>
</div>
<div class="section" id="maintainers">
<h1>Maintainers</h1>
<p>This module is maintained by the OCA.</p>
<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.</p>
<p>Current <a class="reference external" href="https://odoo-community.org/page/maintainer-role">maintainer</a>:</p>
<p><a class="reference external" href="https://github.com/oca"><img alt="oca" src="https://github.com/oca.png?size=40px" /></a></p>
<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-backend/tree/16.0/base_group_backend">OCA/server-backend</a> project on GitHub.</p>
<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
</div>
</div>
</body>
</html>

1
base_group_backend/tests/__init__.py Normal file
View File

@@ -0,0 +1 @@
from . import test_module

19
base_group_backend/tests/test_module.py Normal file
View File

@@ -0,0 +1,19 @@
from odoo import Command
from odoo.tests.common import TransactionCase
class TestResUsers(TransactionCase):
@classmethod
def setUpClass(cls):
super().setUpClass()
cls.base_group_backend = cls.env.ref("base_group_backend.group_backend")
cls.internal_user = cls.env.ref("base.user_demo")
cls.portal_user = cls.env.ref("base.demo_user0")
def test_has_groups(self):
self.assertFalse(self.portal_user.has_group("base.group_user"))
self.assertTrue(self.internal_user.has_group("base.group_user"))
self.portal_user.write(
{"groups_id": [Command.set([self.base_group_backend.id])]}
)
self.assertTrue(self.portal_user.has_group("base.group_user"))

1
setup/base_group_backend/odoo/addons/base_group_backend Symbolic link
View File

@@ -0,0 +1 @@
../../../../base_group_backend

6
setup/base_group_backend/setup.py Normal file
View File

@@ -0,0 +1,6 @@
import setuptools
setuptools.setup(
setup_requires=['setuptools-odoo'],
odoo_addon=True,
)