Skip to content

🎉 access_superuser #328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: 14.0
Choose a base branch
from
Open

🎉 access_superuser #328

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions access_superuser/README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
Access Superuser
================

In Superuser mode a User can control - who is eligible to become a Superuser.
Candidate User should have Administration: Settings

Typical usage of the module.
----------------------------

On Preference tab of user settings there is new field - Is Sudoer.

Tested on `Odoo 14.0 <https://github.com/odoo/odoo/commit/c16d4b5e7b9181c2c792f595a117de10510d45be>`_
2 changes: 2 additions & 0 deletions access_superuser/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
from . import models
from . import controllers
17 changes: 17 additions & 0 deletions access_superuser/__manifest__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"name": "Controllable Becoming a Superuser",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"name": "Controllable Becoming a Superuser",
"name": "Block Superuser Mode",

"summary": "Not any Admin can become a Superuser - there is new setting now allowing that",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"summary": "Not any Admin can become a Superuser - there is new setting now allowing that",
"summary": "Specify which admins can switch to the Superuser mode",

"version": "14.0.0.0.1",
"author": "IT-Projects LLC, Ildar Nasyrov",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"author": "IT-Projects LLC, Ildar Nasyrov",
"author": "IT Projects Labs, Ildar Nasyrov",

"category": "Extra Tools",
"images": ["images/banner.jpg"],
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no banner yet

"support": "[email protected]",
"website": "https://twitter.com/OdooFree",
"license": "Other OSI approved licence", # MIT
"currency": "EUR",
"depends": [],
"data": [
"views/res_users_views.xml",
],
"installable": True,
}
1 change: 1 addition & 0 deletions access_superuser/controllers/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
from . import main
13 changes: 13 additions & 0 deletions access_superuser/controllers/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
from odoo import http
from odoo.addons.web.controllers.main import Home
from odoo.http import request


class Home(Home):
@http.route()
def switch_to_admin(self):
uid = request.env.user.id
if request.env.user.is_sudoer:
return super(Home, self).switch_to_admin()
else:
return http.local_redirect(self._login_redirect(uid), keep_hash=True)
1 change: 1 addition & 0 deletions access_superuser/models/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
from . import res_users
59 changes: 59 additions & 0 deletions access_superuser/models/res_users.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
from odoo import fields, models
from odoo.exceptions import UserError
from odoo.tools.translate import _


class Users(models.Model):
_inherit = "res.users"

is_sudoer = fields.Boolean(
default=True,
help="""
Is a User eligible to become a Superuser. If True and User is Admin (Administrator: Settings) - then ok""",
)
Comment on lines +9 to +13
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
is_sudoer = fields.Boolean(
default=True,
help="""
Is a User eligible to become a Superuser. If True and User is Admin (Administrator: Settings) - then ok""",
)
can_sudo = fields.Boolean(
string="Superuser Admin"
default=True,
help="""User is eligible to switch to Superuser mode""",
)


def write(self, vals):
"""
if writing True in is_sudoer
check if system user
then let it pass or raise user error
"""

if "is_sudoer" in vals and vals["is_sudoer"]:
if self.env.is_superuser() and self._is_system():
pass
else:
raise UserError(
_(
"""
Insufficient rights for making someone a Sudoer
(You yourself should be in Superuser mode)
or this User is not a System User
(Administration: Settings)!"""
)
)
Comment on lines +27 to +34
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
_(
"""
Insufficient rights for making someone a Sudoer
(You yourself should be in Superuser mode)
or this User is not a System User
(Administration: Settings)!"""
)
)
_("To assign a Superuser Admin, you must be Superuser Admin yourself")
)


if "is_sudoer" in vals and not vals["is_sudoer"]:
if self.env.is_superuser():
raise UserError(
_(
"""
To clear 'Is Sudoer' setting -
please exit from Superuser mode,
this way the System can
check that you are not trying to do it
on your own, which is prohibited
because someone should be a sudoer"""
)
)
elif self == self.env.user:
raise UserError(
_(
"""
You cannot uncheck 'Is Sudoer' setting on yourself -
this prevents the situation when no one is
eligible becoming Superuser"""
)
)

return super(Users, self).write(vals)
Comment on lines +36 to +59
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if "is_sudoer" in vals and not vals["is_sudoer"]:
if self.env.is_superuser():
raise UserError(
_(
"""
To clear 'Is Sudoer' setting -
please exit from Superuser mode,
this way the System can
check that you are not trying to do it
on your own, which is prohibited
because someone should be a sudoer"""
)
)
elif self == self.env.user:
raise UserError(
_(
"""
You cannot uncheck 'Is Sudoer' setting on yourself -
this prevents the situation when no one is
eligible becoming Superuser"""
)
)
return super(Users, self).write(vals)
res = super(Users, self).write(vals)
if not self.search_count([('can_sudo', '=', True), ('id', '!=', 1)]):
raise UserError(
_(
"There must be at least one Superuser Admin"
)
)
return res

15 changes: 15 additions & 0 deletions access_superuser/views/res_users_views.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<?xml version="1.0" encoding="utf-8"?>
<odoo>
<record id="view_users_form" model="ir.ui.view">
<field name="name">res.users.form.inheirt.sudoer.preference</field>
<field name="model">res.users</field>
<field name="inherit_id" ref="base.view_users_form"/>
<field name="arch" type="xml">
<xpath expr="//group[@name='messaging']" position="after">
<group name="sudoer">
<field name="is_sudoer" groups="base.group_system"/>
</group>
</xpath>
</field>
</record>
</odoo>