sygel-technology
diff --git a/‎model_access_restriction/README.rst
Lines changed: 92 additions & 0 deletions b/‎model_access_restriction/README.rst
Lines changed: 92 additions & 0 deletions
diff --git a/‎model_access_restriction/__init__.py
Lines changed: 3 additions & 0 deletions b/‎model_access_restriction/__init__.py
Lines changed: 3 additions & 0 deletions
diff --git a/‎model_access_restriction/__manifest__.py
Lines changed: 20 additions & 0 deletions b/‎model_access_restriction/__manifest__.py
Lines changed: 20 additions & 0 deletions
diff --git a/‎model_access_restriction/i18n/es.po
Lines changed: 238 additions & 0 deletions b/‎model_access_restriction/i18n/es.po
Lines changed: 238 additions & 0 deletions
diff --git a/‎model_access_restriction/models/__init__.py
Lines changed: 4 additions & 0 deletions b/‎model_access_restriction/models/__init__.py
Lines changed: 4 additions & 0 deletions
@@ -0,0 +1,92 @@
+========================
+Model Access Restriction
+========================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:6337b5f5fe7be747949769f4c064d9a6ca5495d905fa33e50b868be80bde4557
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-sygel--technology%2Fsy--server--backend-lightgray.png?logo=github
+    :target: https://github.com/sygel-technology/sy-server-backend/tree/15.0/model_access_restriction
+    :alt: sygel-technology/sy-server-backend
+
+|badge1| |badge2| |badge3|
+
+This module adds a new model to configure Odoo permissions, the "Model
+Access Restrictions"
+
+This model allows to restrict the access to a model for all users except
+the ones that belong to at least one group of a list of allowed groups.
+
+While Odoo's default access rules provide permissions, and having one
+already gives you access, these new rules remove them, and failing to
+comply with one restricts your access.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+To configure this module, you need to:
+
+-  Go to Settings / Technical / Security / Model Access Restrictions
+-  Create a new access restriction
+-  Select the model to restrict the access
+-  Select the operations the rule applies to. If the operation is not
+   selected the restriction won't apply to that operation which means
+   users will access the model as always.
+-  Select the groups that will have access to the model. The rest of
+   groups will have the access disabled.
+
+Known issues / Roadmap
+======================
+
+-  Read and write permissions are not implemented yet.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/sygel-technology/sy-server-backend/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/sygel-technology/sy-server-backend/issues/new?body=module:%20model_access_restriction%0Aversion:%2015.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* Sygel
+
+Contributors
+------------
+
+-  `Sygel <https://www.sygel.es>`__:
+
+   -  Alberto Martínez
+   -  Manuel Regidor
+   -  Valentin Vinagre
+   -  Harald Panten
+
+Maintainers
+-----------
+
+This module is part of the `sygel-technology/sy-server-backend <https://github.com/sygel-technology/sy-server-backend/tree/15.0/model_access_restriction>`_ project on GitHub.
+
+You are welcome to contribute.
@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from . import models
@@ -0,0 +1,20 @@
+# Copyright 2025 Alberto Martínez <[email protected]>
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+{
+    "name": "Model Access Restriction",
+    "summary": "New type of access rule to restrict permissions based on groups",
+    "version": "15.0.1.0.0",
+    "category": "Tools",
+    "website": "https://github.com/sygel-technology/sy-server-backend",
+    "author": "Sygel, Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "application": False,
+    "installable": True,
+    "depends": [
+        "base",
+    ],
+    "data": [
+        "security/ir.model.access.csv",
+        "views/ir_model_access_restriction_views.xml",
+    ],
+}
@@ -0,0 +1,238 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* model_access_restriction
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 15.0+e\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2025-04-17 14:52+0000\n"
+"PO-Revision-Date: 2025-04-17 16:55+0200\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"Language: es\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: \n"
+"X-Generator: Poedit 3.0.1\n"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid ""
+"<i class=\"fa fa-info fa-3x text-info float-left\" role=\"img\" aria-"
+"label=\"Info\" title=\"Info\"/>"
+msgstr ""
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid ""
+"A internal user won't have access in this example because it does not met the "
+"ACCESS_RESTRICTION_2. TRUE OR FALSE AND (TRUE AND FALSE) = TRUE AND (FALSE) "
+"= FALSE"
+msgstr ""
+"Un usuario interno no tendrá acceso en este ejemplo porque no cumple con la "
+"RESTRICCIÓN_DE_ACCESO_2. VERDADERO O FALSO Y (VERDADERO Y FALSO) = "
+"VERDADERO Y (FALSO) = FALSO"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid ""
+"A restriction is not met if the user does not belong to any of the allowed "
+"groups."
+msgstr ""
+"No se cumple una restricción si el usuario no pertenece a ninguno de los "
+"grupos permitidos."
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid "ACCESS_1. Group: Internal Users"
+msgstr "ACCESO_1. Grupo: Usuarios internos"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid "ACCESS_2. Group: Administrator"
+msgstr "ACCESO_2. Grupo: Administrador"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid "ACCESS_RESTRICTION_1. Allowed Groups: Internal Users"
+msgstr "RESTRICCIÓN_DE_ACCESO 1. Grupos permitidos: Usuarios internos"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid "ACCESS_RESTRICTION_2. Allowed Groups: Administrator"
+msgstr "RESTRICCIÓN_DE_ACCESO 2. Grupos permitidos: Administrador"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid "Access Rights"
+msgstr "Permisos de acceso"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid ""
+"Access restriction records are applied before normal access, and combines "
+"together with a logical AND operator. If a restriction is not met, the "
+"access is forbidden."
+msgstr ""
+"Los registros de restricción de acceso se aplican antes del acceso normal y "
+"se combinan con un operador lógico AND. Si no se cumple una restricción, se "
+"prohíbe el acceso."
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__active
+msgid "Active"
+msgstr "Activo"
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__groups
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid "Allowed Groups"
+msgstr "Grupos permitidos"
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__perm_create
+msgid "Apply for Create"
+msgstr "Aplicar para creación"
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__perm_unlink
+msgid "Apply for Delete"
+msgstr "Aplicar para eliminación"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_search
+msgid "Archived"
+msgstr "Archivado"
+
+#. module: model_access_restriction
+#: model:ir.model,name:model_access_restriction.model_base
+msgid "Base"
+msgstr "Base"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_search
+msgid "Create Access Right"
+msgstr "Permiso de acceso de creacion"
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__create_uid
+msgid "Created by"
+msgstr ""
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__create_date
+msgid "Created on"
+msgstr ""
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_search
+msgid "Delete Access Right"
+msgstr "Permiso de acceso de eliminación"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid "Detailed algorithm:"
+msgstr "Algoritmo detallado:"
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__display_name
+msgid "Display Name"
+msgstr "Nombre mostrado"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid ""
+"Example: ACCESS_1 OR ACCESS_2 AND (ACCESS_RESTRICTION_1 AND "
+"ACCESS_RESTRICTION_2)"
+msgstr ""
+"Ejemplo: ACCESO_1 OR ACCESO_2 Y (RESTRICCIÓN_DE_ACCESO_1 Y "
+"RESTRICCIÓN_DE_ACCESO_2)"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid "General"
+msgstr ""
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_search
+msgid "Group By"
+msgstr "Agrupar por"
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__id
+msgid "ID"
+msgstr ""
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid "Interaction between access records"
+msgstr "Interacciones entre registros de acceso"
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction____last_update
+msgid "Last Modified on"
+msgstr ""
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__write_uid
+msgid "Last Updated by"
+msgstr ""
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__write_date
+msgid "Last Updated on"
+msgstr ""
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__model_id
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_search
+msgid "Model"
+msgstr "Modelo"
+
+#. module: model_access_restriction
+#: model:ir.actions.act_window,name:model_access_restriction.action_model_access_restrictions
+#: model:ir.ui.menu,name:model_access_restriction.menu_action_model_access_restrictions
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_search
+msgid "Model Access Restrictions"
+msgstr "Restricciones de acceso a modelos"
+
+#. module: model_access_restriction
+#: model:ir.model,name:model_access_restriction.model_ir_model_access_restriction
+msgid "Model Access Restrictions. Not having one will disable access."
+msgstr ""
+"Restricciones de acceso a modelos. No cumplir una deshabilitará el acceso."
+
+#. module: model_access_restriction
+#: model:ir.model.fields,field_description:model_access_restriction.field_ir_model_access_restriction__name
+msgid "Name"
+msgstr "Nombre"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid ""
+"Normal access records are combined together with a logical OR operator, if "
+"a user has the group of an acess record access, access will be granted"
+msgstr ""
+"Los registros de acceso normales se combinan con un operador OR lógico, si "
+"un usuario tiene el grupo de acceso de un registro de acceso, se le "
+"concederá el acceso"
+
+#. module: model_access_restriction
+#: model_terms:ir.ui.view,arch_db:model_access_restriction.view_model_access_restrictions_form
+msgid ""
+"Normal access records give permissions. Access restriction records removes "
+"permissions, if a user does not have one group of a resctriction the access "
+"will be forbidden."
+msgstr ""
+"Los registros de acceso normales otorgan permisos. Los registros de "
+"restricción de acceso los eliminan. Si un usuario no tiene un grupo de "
+"restricción, se le prohibirá el acceso."
+
+#. module: model_access_restriction
+#: code:addons/model_access_restriction/models/ir_model_access_restriction.py:0
+#, python-format
+msgid "Restrictions must have at least one allowed group"
+msgstr "Las restricciones deben tener al menos un grupo permitido"
@@ -0,0 +1,4 @@
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from . import ir_model_access_restriction
+from . import models
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).`
	`2`	`+`
	`3`	`+from . import models`