audrius/server-backend
1
0
Fork 0
mirror of https://github.com/OCA/server-backend.git synced 2025-02-18 09:52:42 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b22c4bdf512eaa9feda48fd559a0c90c8c1cf9ce
server-backend/base_group_backend/readme/DESCRIPTION.rst
Pierre Verkest b22c4bdf51 [14.0] group_backend: new module and rename group_backend to base_group_backend 
As a developer we have to keep in mind using this module and grant a user with 's group is
equivalent to grant 's group everywhere  has been used.

Co-authored-by: Jean-Charles Drubay <jcdrubay@users.noreply.github.com>
2024-01-29 14:31:02 +01:00

46 lines
1.9 KiB
ReStructuredText
Raw Blame History

This module was written to extend the standard functionality regarding users
and groups management by adding a new `Backend user` group that only gives access
to odoo backend (`/web`):
* minimal default access:
* users and partners (this is necessary to access your own data)
* mail activity, notification and channel
* presence
* minimal default menu
* notification
* activities
* minimal default access rules
The problem with the `Internal user` is when you want to gives access to the
backend to a really thin part of your business to some users, it's quite hard
to properly maintain those roles over the project life, a lot of models use
that group (`base.group_user`) by default which makes hard to maintains.
So that helps creating well-defined user groups with more controls.
This modules does 3 things:
* It hijack the has_group method of res.users by returning True for group_backend users when the requested group is group_user (The need for this needs to be investigated)
* It sets the res_users.share to False for group_backend users. This allows those users to access the backend.
* It sets the bare minimum permission in the ir.model.access.csv to display the backend
We suggest to use this module with its compagnon `base_user_role`
Limitations
~~~~~~~~~~~
At the time of writing, Odoo uses `res.users.share == False` to give the
backend access.
However to be able to access the backend without any errors some basic rights are necessary.
This module change the way `res.users.share` is computed to allow `group_backend users` to use the backend.
This avoids to write a lot of overwrite in different controllers from
different modules ('portal', 'web', 'base', 'website') with hard coded statements
that check if user is part of the `base.group_user` or `share == False` group.
.. warning::
Using this module and grant a user with `group_backend`'s group is
equivalent to grant `group_user`'s group everywhere `has_group`
has been used.
Reference in New Issue View Git Blame Copy Permalink