Skip to content

[15.0][MIG] base_group_backend: Migration to 15.0 #359

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 17 commits into
base: 15.0
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
146 changes: 146 additions & 0 deletions base_group_backend/README.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
=============
Group backend
=============

..
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:94aa0fca553bd76339b493d1406d1fad68c724126ff95cfecea7d30228bd6b90
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

.. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png
:target: https://odoo-community.org/page/development-status
:alt: Alpha
.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
:target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
:alt: License: LGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github
:target: https://github.com/OCA/server-backend/tree/15.0/base_group_backend
:alt: OCA/server-backend
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
:target: https://translation.odoo-community.org/projects/server-backend-15-0/server-backend-15-0-base_group_backend
:alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
:target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=15.0
:alt: Try me on Runboat

|badge1| |badge2| |badge3| |badge4| |badge5|

This module adds two "Backend User" groups (``group_backend`` and ``group_backend_ui_users``) with restricted access to odoo backend only (``/web``), with less and more controlled access than the native "Internal User" group.

The problem with the "Internal User" group (``base.group_user``) is that it can be used by any new module added to your project, so you don't control clearly this group's accesses.

The UI access is provided only for ``group_backend_ui_users`` :

* minimal default access rules to access the user's own data:
* users and partners
* mail activity, notification and channel
* presence
* minimal default menu to restrict the available ones:
* notification
* activities

Here is an example where a user from ``group_backend_ui_users`` can only access and use the Dummy App. No other application is available to this user (you may define your own application instead of the Dummy one).

.. figure:: https://raw.githubusercontent.com/OCA/server-backend/15.0/base_group_backend/static/description/dummy_app.png
:alt: Dummy app for demo

We suggest to use this module with its companion ``base_user_role``.

Limitations
~~~~~~~~~~~

At the time of writing, Odoo uses ``user.share == False`` and ``user.has_group("base.group_user") == True`` to give the backend access to ``user``.

So technically, the module does 2 things :

* It sets the ``share`` parameter to ``False`` for ``group_backend`` users.
* It hijacks the ``has_group`` method of res.users by returning ``True`` for ``group_backend`` users when the requested group is ``base.group_user``


This avoids to write a lot of overwrite in different controllers from different modules ('portal', 'web', 'base', 'website') with hard coded statements that check if user is part of the ``base.group_user`` or ``share == False`` group.

.. IMPORTANT::
This is an alpha version, the data model and design can change at any time without warning.
Only for development or testing purpose, do not use in production.
`More details on development status <https://odoo-community.org/page/development-status>`_

**Table of contents**

.. contents::
:local:

Configuration
=============

To allow a user from the ``group_backend_ui_users`` group to interact with a specific model you can either add an access rules to this model for ``group_backend_ui_users`` or you can add ``group_backend_ui_users`` to the ``implied_ids`` of a new specific group.

The Backend groups are from the "User types" category (``base.module_category_user_type``), the same category as "Internal User" (``base.group_user``), "Portal" (``base.group_portal``) or Public (``base.group_public``). Be aware that a user can only belongs to **one group of this category**.

Usage
=====

To use this module, add a user to the group "Backend user" or "Backend UI user" through the user's form page.

.. figure:: https://raw.githubusercontent.com/OCA/server-backend/15.0/base_group_backend/static/description/backend_ui.png
:alt: Backend UI user

If you created a specific group with ``group_backend`` or ``group_backend_ui_users`` in its ``implied_ids``, you need to go through the group's form page in order to add the user to this specific group, because it won't be displayed on the user's form page (a specific group with its own category is displayed on user's form page only if the group inherits the "Internal user" group).

This module also **restricts the root menus** displayed to Backend users, so be sure to explicitly add your Backend group to all the necessary root menus for these users.

Bug Tracker
===========

Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-backend/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/OCA/server-backend/issues/new?body=module:%20base_group_backend%0Aversion:%2015.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.

Do not contact contributors directly about support or help with technical issues.

Credits
=======

Authors
~~~~~~~

* Pierre Verkest

Contributors
~~~~~~~~~~~~

* Pierre Verkest <[email protected]>
* François Poizat <[email protected]>

Do not contact contributors directly about support or help with technical issues.

Maintainers
~~~~~~~~~~~

This module is maintained by the OCA.

.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org

OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.

.. |maintainer-FranzPoize| image:: https://github.com/FranzPoize.png?size=40px
:target: https://github.com/FranzPoize
:alt: FranzPoize
.. |maintainer-bealdav| image:: https://github.com/bealdav.png?size=40px
:target: https://github.com/bealdav
:alt: bealdav

Current `maintainers <https://odoo-community.org/page/maintainer-role>`__:

|maintainer-FranzPoize| |maintainer-bealdav|

This module is part of the `OCA/server-backend <https://github.com/OCA/server-backend/tree/15.0/base_group_backend>`_ project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
2 changes: 2 additions & 0 deletions base_group_backend/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
from . import models
from . import demo
29 changes: 29 additions & 0 deletions base_group_backend/__manifest__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Copyright 2021 Pierre Verkest <[email protected]>
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
{
"name": "Group backend",
"version": "15.0.1.0.0",
"development_status": "Alpha",
"category": "Tools",
"author": "Pierre Verkest, Odoo Community Association (OCA)",
"license": "LGPL-3",
"website": "https://github.com/OCA/server-backend",
"depends": [
"base",
"mail",
"calendar",
],
"maintainers": ["FranzPoize", "bealdav"],
"demo": [
"demo/test-model.xml",
"demo/ir.model.access.csv",
"demo/backend_dummy_model.xml",
"demo/res_partners.xml",
"demo/res_users.xml",
],
"data": [
"data/res_groups.xml",
"security/ir.model.access.csv",
],
"installable": True,
}
43 changes: 43 additions & 0 deletions base_group_backend/data/res_groups.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
<odoo>

<record model="res.groups" id="base_group_backend">
<field name="name">Backend user</field>
<field name="category_id" ref="base.module_category_user_type" />
<field name="comment">
This group is used to gives user backend access.

While users in `base.group_user` gets a lot of default access
which makes hard to define properly records/rules/menu access.

So for maintainability you shouldn't linked any access right, rules,
menu, and so on to this group directly.

The only intent of this groups is to be able to get a session
to Odoo backend (`/web`).
</field>
</record>

<record model="res.groups" id="group_backend_ui_users">
<field name="name">Backend UI user</field>
<field name="category_id" ref="base.module_category_user_type" />
<field name="comment">
This group is used to gives user basic ui access.
</field>
<field
name="rule_groups"
eval="[
(6, 0,[
ref('base.ir_default_user_rule'),
ref('base.ir_filters_delete_own_rule'),
ref('base.ir_filters_employee_rule'),
ref('base.res_company_rule_employee'),
ref('mail.ir_rule_mail_notifications_group_user'),
ref('mail.ir_rule_mail_channel_partner_group_user'),
ref('mail.mail_activity_rule_user'),
ref('mail.mail_channel_rule'),
]),
]"
/>
</record>

</odoo>
4 changes: 4 additions & 0 deletions base_group_backend/demo/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
from odoo.tools import config

if not config["without_demo"]:
from . import backend_dummy_model
15 changes: 15 additions & 0 deletions base_group_backend/demo/backend_dummy_model.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
from odoo import fields, models


class BackendDummyModel(models.Model):
_name = "backend.dummy.model"
_description = "Backend Dummy Model demo"

my_value = fields.Char(name="Value", required=True)
my_other_value = fields.Char(name="Other value", required=True)
date_start = fields.Datetime(
name="Date start", required=True, default=fields.Datetime.now
)
date_stop = fields.Datetime(
name="Date stop", required=True, default=fields.Datetime.now
)
54 changes: 54 additions & 0 deletions base_group_backend/demo/backend_dummy_model.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
<?xml version="1.0" encoding="utf-8" ?>
<odoo noupdate="1">
<record id="backend_dummy_model_tree_view" model="ir.ui.view">
<field name="name">Backend dummy tree view</field>
<field name="model">backend.dummy.model</field>
<field name="arch" type="xml">
<tree create="false" delete="false">
<field name="my_value" />
<field name="my_other_value" groups="base.group_user" />
</tree>
</field>
</record>

<record id="action_dummy_list" model="ir.actions.act_window">
<field name="name">Dummies</field>
<field name="type">ir.actions.act_window</field>
<field name="res_model">backend.dummy.model</field>
<field name="view_mode">tree,form,kanban,calendar,pivot,graph,activity</field>
<field name="view_id" ref="backend_dummy_model_tree_view" />
</record>

<menuitem
id="menu_dummy_root"
name="Dummy"
sequence="100"
groups="group_backend_ui_users,base.group_user"
/>
<menuitem
id="menu_dummy_menu"
name="Dummy"
sequence="10"
groups="group_backend_ui_users,base.group_user"
parent="menu_dummy_root"
/>
<menuitem
id="menu_dummy_list"
name="Dummy list"
sequence="100"
groups="group_backend_ui_users,base.group_user"
parent="menu_dummy_root"
action="action_dummy_list"
/>

<menuitem id="menu_root_no_group" name="No Group" sequence="100" />
<menuitem
id="menu_dummy_list_no_group"
name="Dummy list No group"
sequence="100"
groups="group_backend_ui_users,base.group_user"
parent="menu_root_no_group"
action="action_dummy_list"
/>

</odoo>
3 changes: 3 additions & 0 deletions base_group_backend/demo/ir.model.access.csv
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
"backend_dummy_models","backend dummy.model","model_backend_dummy_model",group_backend_ui_users,1,0,0,0
"backend_dummy_models_user_grp","backend dummy.model user grp","model_backend_dummy_model",base.group_user,1,0,0,0
12 changes: 12 additions & 0 deletions base_group_backend/demo/res_partners.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="utf-8" ?>
<odoo noupdate="1">
<record id="demo_partner" model="res.partner">
<field name="name">Demo partner backend</field>
</record>
<record id="demo_partner1" model="res.partner">
<field name="name">Demo partner backend 1</field>
</record>
<record id="demo_partner2" model="res.partner">
<field name="name">Demo partner backend 2</field>
</record>
</odoo>
21 changes: 21 additions & 0 deletions base_group_backend/demo/res_users.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
<?xml version="1.0" encoding="utf-8" ?>
<odoo noupdate="1">
<record id="user_demo" model="res.users">
<field name="login">demo backend user</field>
<field name="groups_id" eval="[Command.set([ref('base.group_user')])]" />
<field name="partner_id" ref="base_group_backend.demo_partner" />
</record>
<record id="user_demo_external" model="res.users">
<field name="login">demo backend user 1</field>
<field name="groups_id" eval="[Command.set([ref('base.group_portal')])]" />
<field name="partner_id" ref="base_group_backend.demo_partner1" />
</record>
<record id="user_demo_external_with_ui" model="res.users">
<field name="login">demo backend user 2</field>
<field
name="groups_id"
eval="[Command.set([ref('base_group_backend.group_backend_ui_users')])]"
/>
<field name="partner_id" ref="base_group_backend.demo_partner2" />
</record>
</odoo>
7 changes: 7 additions & 0 deletions base_group_backend/demo/test-model.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8" ?>
<odoo noupdate="1">
<record model="backend.dummy.model" id="dummy_model_1">
<field name="my_value">hello</field>
<field name="my_other_value">hello</field>
</record>
</odoo>
Loading