[15.0][MIG] base_group_backend: Migration to 15.0

base_group_backend/README.rst

@@ -0,0 +1,146 @@
+=============
+Group backend
+=============
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:94aa0fca553bd76339b493d1406d1fad68c724126ff95cfecea7d30228bd6b90
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Alpha
+.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+    :alt: License: LGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-backend/tree/15.0/base_group_backend
+    :alt: OCA/server-backend
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-backend-15-0/server-backend-15-0-base_group_backend
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=15.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module adds two "Backend User" groups (``group_backend`` and ``group_backend_ui_users``) with restricted access to odoo backend only (``/web``), with less and more controlled access than the native "Internal User" group.
+
+  The problem with the "Internal User" group (``base.group_user``) is that it can be used by any new module added to your project, so you don't control clearly this group's accesses.
+
+The UI access is provided only for ``group_backend_ui_users`` :
+
+* minimal default access rules to access the user's own data:
+    * users and partners
+    * mail activity, notification and channel
+    * presence
+* minimal default menu to restrict the available ones:
+    * notification
+    * activities
+
+Here is an example where a user from ``group_backend_ui_users`` can only access and use the Dummy App. No other application is available to this user (you may define your own application instead of the Dummy one).
+
+.. figure:: https://raw.githubusercontent.com/OCA/server-backend/15.0/base_group_backend/static/description/dummy_app.png
+    :alt: Dummy app for demo
+
+We suggest to use this module with its companion ``base_user_role``.
+
+Limitations
+~~~~~~~~~~~
+
+At the time of writing, Odoo uses ``user.share == False`` and ``user.has_group("base.group_user") == True`` to give the backend access to ``user``.
+
+So technically, the module does 2 things :
+
+* It sets the ``share`` parameter to ``False`` for ``group_backend`` users.
+* It hijacks the ``has_group`` method of res.users by returning ``True`` for ``group_backend`` users when the requested group is ``base.group_user``
+
+
+This avoids to write a lot of overwrite in different controllers from different modules ('portal', 'web', 'base', 'website') with hard coded statements that check if user is part of the ``base.group_user`` or ``share == False`` group.
+
+.. IMPORTANT::
+   This is an alpha version, the data model and design can change at any time without warning.
+   Only for development or testing purpose, do not use in production.
+   `More details on development status <https://odoo-community.org/page/development-status>`_
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+To allow a user from the ``group_backend_ui_users`` group to interact with a specific model you can either add an access rules to this model for ``group_backend_ui_users`` or you can add ``group_backend_ui_users`` to the ``implied_ids`` of a new specific group.
+
+The Backend groups are from the "User types" category (``base.module_category_user_type``), the same category as "Internal User" (``base.group_user``), "Portal" (``base.group_portal``) or Public (``base.group_public``). Be aware that a user can only belongs to **one group of this category**.
+
+Usage
+=====
+
+To use this module, add a user to the group "Backend user" or "Backend UI user" through the user's form page.
+
+.. figure:: https://raw.githubusercontent.com/OCA/server-backend/15.0/base_group_backend/static/description/backend_ui.png
+    :alt: Backend UI user
+
+If you created a specific group with ``group_backend`` or ``group_backend_ui_users`` in its ``implied_ids``, you need to go through the group's form page in order to add the user to this specific group, because it won't be displayed on the user's form page (a specific group with its own category is displayed on user's form page only if the group inherits the "Internal user" group).
+
+This module also **restricts the root menus** displayed to Backend users, so be sure to explicitly add your Backend group to all the necessary root menus for these users.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-backend/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-backend/issues/new?body=module:%20base_group_backend%0Aversion:%2015.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Pierre Verkest
+
+Contributors
+~~~~~~~~~~~~
+
+* Pierre Verkest <[email protected]>
+* François Poizat <[email protected]>
+
+Do not contact contributors directly about support or help with technical issues.
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-FranzPoize| image:: https://github.com/FranzPoize.png?size=40px
+    :target: https://github.com/FranzPoize
+    :alt: FranzPoize
+.. |maintainer-bealdav| image:: https://github.com/bealdav.png?size=40px
+    :target: https://github.com/bealdav
+    :alt: bealdav
+
+Current `maintainers <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-FranzPoize| |maintainer-bealdav| 
+
+This module is part of the `OCA/server-backend <https://github.com/OCA/server-backend/tree/15.0/base_group_backend>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

base_group_backend/__init__.py

@@ -0,0 +1,2 @@
+from . import models
+from . import demo

base_group_backend/__manifest__.py

@@ -0,0 +1,29 @@
+# Copyright 2021 Pierre Verkest <[email protected]>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
+{
+    "name": "Group backend",
+    "version": "15.0.1.0.0",
+    "development_status": "Alpha",
+    "category": "Tools",
+    "author": "Pierre Verkest, Odoo Community Association (OCA)",
+    "license": "LGPL-3",
+    "website": "https://github.com/OCA/server-backend",
+    "depends": [
+        "base",
+        "mail",
+        "calendar",
+    ],
+    "maintainers": ["FranzPoize", "bealdav"],
+    "demo": [
+        "demo/test-model.xml",
+        "demo/ir.model.access.csv",
+        "demo/backend_dummy_model.xml",
+        "demo/res_partners.xml",
+        "demo/res_users.xml",
+    ],
+    "data": [
+        "data/res_groups.xml",
+        "security/ir.model.access.csv",
+    ],
+    "installable": True,
+}

base_group_backend/data/res_groups.xml

@@ -0,0 +1,43 @@
+<odoo>
+
+    <record model="res.groups" id="base_group_backend">
+        <field name="name">Backend user</field>
+        <field name="category_id" ref="base.module_category_user_type" />
+        <field name="comment">
+            This group is used to gives user backend access.
+
+            While users in `base.group_user` gets a lot of default access
+            which makes hard to define properly records/rules/menu access.
+
+            So for maintainability you shouldn't linked any access right, rules,
+            menu, and so on to this group directly.
+
+            The only intent of this groups is to be able to get a session
+            to Odoo backend (`/web`).
+        </field>
+    </record>
+
+    <record model="res.groups" id="group_backend_ui_users">
+        <field name="name">Backend UI user</field>
+        <field name="category_id" ref="base.module_category_user_type" />
+        <field name="comment">
+            This group is used to gives user basic ui access.
+        </field>
+        <field
+            name="rule_groups"
+            eval="[
+                (6, 0,[
+                    ref('base.ir_default_user_rule'),
+                    ref('base.ir_filters_delete_own_rule'),
+                    ref('base.ir_filters_employee_rule'),
+                    ref('base.res_company_rule_employee'),
+                    ref('mail.ir_rule_mail_notifications_group_user'),
+                    ref('mail.ir_rule_mail_channel_partner_group_user'),
+                    ref('mail.mail_activity_rule_user'),
+                    ref('mail.mail_channel_rule'),
+                ]),
+            ]"
+        />
+    </record>
+
+</odoo>

base_group_backend/demo/__init__.py

@@ -0,0 +1,4 @@
+from odoo.tools import config
+
+if not config["without_demo"]:
+    from . import backend_dummy_model

base_group_backend/demo/backend_dummy_model.py

@@ -0,0 +1,15 @@
+from odoo import fields, models
+
+
+class BackendDummyModel(models.Model):
+    _name = "backend.dummy.model"
+    _description = "Backend Dummy Model demo"
+
+    my_value = fields.Char(name="Value", required=True)
+    my_other_value = fields.Char(name="Other value", required=True)
+    date_start = fields.Datetime(
+        name="Date start", required=True, default=fields.Datetime.now
+    )
+    date_stop = fields.Datetime(
+        name="Date stop", required=True, default=fields.Datetime.now
+    )

base_group_backend/demo/backend_dummy_model.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo noupdate="1">
+    <record id="backend_dummy_model_tree_view" model="ir.ui.view">
+        <field name="name">Backend dummy tree view</field>
+        <field name="model">backend.dummy.model</field>
+        <field name="arch" type="xml">
+            <tree create="false" delete="false">
+                <field name="my_value" />
+                <field name="my_other_value" groups="base.group_user" />
+            </tree>
+        </field>
+    </record>
+
+    <record id="action_dummy_list" model="ir.actions.act_window">
+        <field name="name">Dummies</field>
+        <field name="type">ir.actions.act_window</field>
+        <field name="res_model">backend.dummy.model</field>
+        <field name="view_mode">tree,form,kanban,calendar,pivot,graph,activity</field>
+        <field name="view_id" ref="backend_dummy_model_tree_view" />
+    </record>
+
+    <menuitem
+        id="menu_dummy_root"
+        name="Dummy"
+        sequence="100"
+        groups="group_backend_ui_users,base.group_user"
+    />
+    <menuitem
+        id="menu_dummy_menu"
+        name="Dummy"
+        sequence="10"
+        groups="group_backend_ui_users,base.group_user"
+        parent="menu_dummy_root"
+    />
+    <menuitem
+        id="menu_dummy_list"
+        name="Dummy list"
+        sequence="100"
+        groups="group_backend_ui_users,base.group_user"
+        parent="menu_dummy_root"
+        action="action_dummy_list"
+    />
+
+    <menuitem id="menu_root_no_group" name="No Group" sequence="100" />
+    <menuitem
+        id="menu_dummy_list_no_group"
+        name="Dummy list No group"
+        sequence="100"
+        groups="group_backend_ui_users,base.group_user"
+        parent="menu_root_no_group"
+        action="action_dummy_list"
+    />
+
+</odoo>

base_group_backend/demo/ir.model.access.csv

@@ -0,0 +1,3 @@
+"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
+"backend_dummy_models","backend dummy.model","model_backend_dummy_model",group_backend_ui_users,1,0,0,0
+"backend_dummy_models_user_grp","backend dummy.model user grp","model_backend_dummy_model",base.group_user,1,0,0,0

base_group_backend/demo/res_partners.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo noupdate="1">
+    <record id="demo_partner" model="res.partner">
+        <field name="name">Demo partner backend</field>
+    </record>
+    <record id="demo_partner1" model="res.partner">
+        <field name="name">Demo partner backend 1</field>
+    </record>
+    <record id="demo_partner2" model="res.partner">
+        <field name="name">Demo partner backend 2</field>
+    </record>
+</odoo>

base_group_backend/demo/res_users.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo noupdate="1">
+    <record id="user_demo" model="res.users">
+        <field name="login">demo backend user</field>
+        <field name="groups_id" eval="[Command.set([ref('base.group_user')])]" />
+        <field name="partner_id" ref="base_group_backend.demo_partner" />
+    </record>
+    <record id="user_demo_external" model="res.users">
+        <field name="login">demo backend user 1</field>
+        <field name="groups_id" eval="[Command.set([ref('base.group_portal')])]" />
+        <field name="partner_id" ref="base_group_backend.demo_partner1" />
+    </record>
+    <record id="user_demo_external_with_ui" model="res.users">
+        <field name="login">demo backend user 2</field>
+        <field
+            name="groups_id"
+            eval="[Command.set([ref('base_group_backend.group_backend_ui_users')])]"
+        />
+        <field name="partner_id" ref="base_group_backend.demo_partner2" />
+    </record>
+</odoo>

base_group_backend/demo/test-model.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo noupdate="1">
+    <record model="backend.dummy.model" id="dummy_model_1">
+        <field name="my_value">hello</field>
+        <field name="my_other_value">hello</field>
+    </record>
+</odoo>