-
-
Notifications
You must be signed in to change notification settings - Fork 274
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ADD] base_user_effective_permissions
- Loading branch information
Showing
20 changed files
with
784 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Copyright 2023 Hunki Enterprises BV | ||
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) | ||
|
||
{ | ||
"name": "Effective permissions", | ||
"summary": "Inspect effective permissions applying to a user", | ||
"version": "16.0.1.0.0", | ||
"development_status": "Alpha", | ||
"category": "Technical", | ||
"website": "https://github.com/OCA/server-backend", | ||
"author": "Hunki Enterprises BV, Odoo Community Association (OCA)", | ||
"maintainers": ["hbrunn"], | ||
"license": "AGPL-3", | ||
"depends": [ | ||
"base", | ||
], | ||
"data": [ | ||
"security/ir.model.access.csv", | ||
"views/res_users_effective_permission.xml", | ||
"views/res_users.xml", | ||
], | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
===================== | ||
Effective permissions | ||
===================== | ||
|
||
.. | ||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
!! This file is generated by oca-gen-addon-readme !! | ||
!! changes will be overwritten. !! | ||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
!! source digest: sha256:3cc525388bdbfdd6ea4e40ff9cc8d49b41c9e20aa0a7a50b52916158b6f99ccc | ||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
.. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png | ||
:target: https://odoo-community.org/page/development-status | ||
:alt: Alpha | ||
.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png | ||
:target: http://www.gnu.org/licenses/agpl-3.0-standalone.html | ||
:alt: License: AGPL-3 | ||
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github | ||
:target: https://github.com/OCA/server-backend/tree/16.0/base_user_effective_permissions | ||
:alt: OCA/server-backend | ||
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png | ||
:target: https://translation.odoo-community.org/projects/server-backend-16-0/server-backend-16-0-base_user_effective_permissions | ||
:alt: Translate me on Weblate | ||
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png | ||
:target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=16.0 | ||
:alt: Try me on Runboat | ||
|
||
|badge1| |badge2| |badge3| |badge4| |badge5| | ||
|
||
This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions. | ||
|
||
.. IMPORTANT:: | ||
This is an alpha version, the data model and design can change at any time without warning. | ||
Only for development or testing purpose, do not use in production. | ||
`More details on development status <https://odoo-community.org/page/development-status>`_ | ||
|
||
**Table of contents** | ||
|
||
.. contents:: | ||
:local: | ||
|
||
Usage | ||
===== | ||
|
||
To use this module, you need to be in developer mode and: | ||
|
||
#. Go to Settings/Users & Companies | ||
#. Open a user | ||
#. Click the `Effective permissions` button | ||
#. Note you can switch between the rule domains in text form or as domain widget | ||
|
||
Bug Tracker | ||
=========== | ||
|
||
Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-backend/issues>`_. | ||
In case of trouble, please check there if your issue has already been reported. | ||
If you spotted it first, help us to smash it by providing a detailed and welcomed | ||
`feedback <https://github.com/OCA/server-backend/issues/new?body=module:%20base_user_effective_permissions%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_. | ||
|
||
Do not contact contributors directly about support or help with technical issues. | ||
|
||
Credits | ||
======= | ||
|
||
Authors | ||
~~~~~~~ | ||
|
||
* Hunki Enterprises BV | ||
|
||
Contributors | ||
~~~~~~~~~~~~ | ||
|
||
* Holger Brunn <[email protected]> (https://hunki-enterprises.com) | ||
|
||
Maintainers | ||
~~~~~~~~~~~ | ||
|
||
This module is maintained by the OCA. | ||
|
||
.. image:: https://odoo-community.org/logo.png | ||
:alt: Odoo Community Association | ||
:target: https://odoo-community.org | ||
|
||
OCA, or the Odoo Community Association, is a nonprofit organization whose | ||
mission is to support the collaborative development of Odoo features and | ||
promote its widespread use. | ||
|
||
.. |maintainer-hbrunn| image:: https://github.com/hbrunn.png?size=40px | ||
:target: https://github.com/hbrunn | ||
:alt: hbrunn | ||
|
||
Current `maintainer <https://odoo-community.org/page/maintainer-role>`__: | ||
|
||
|maintainer-hbrunn| | ||
|
||
This module is part of the `OCA/server-backend <https://github.com/OCA/server-backend/tree/16.0/base_user_effective_permissions>`_ project on GitHub. | ||
|
||
You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
from . import models |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Copyright 2023 Hunki Enterprises BV | ||
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) | ||
|
||
{ | ||
"name": "Effective permissions", | ||
"summary": "Inspect effective permissions applying to a user", | ||
"version": "16.0.1.0.0", | ||
"development_status": "Alpha", | ||
"category": "Technical", | ||
"website": "https://github.com/OCA/server-backend", | ||
"author": "Hunki Enterprises BV, Odoo Community Association (OCA)", | ||
"maintainers": ["hbrunn"], | ||
"license": "AGPL-3", | ||
"depends": [ | ||
"base", | ||
], | ||
"data": [ | ||
"security/ir.model.access.csv", | ||
"views/res_users_effective_permission.xml", | ||
"views/res_users.xml", | ||
], | ||
} |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
from . import res_users | ||
from . import res_users_effective_permission |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Copyright 2023 Hunki Enterprises BV | ||
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) | ||
|
||
|
||
from odoo import _, models | ||
|
||
|
||
class ResUsers(models.Model): | ||
_inherit = "res.users" | ||
|
||
def action_show_effective_permissions(self): | ||
self.ensure_one() | ||
permissions = self.env["res.users.effective.permission"]._generate_permissions( | ||
self | ||
) | ||
return { | ||
"type": "ir.actions.act_window", | ||
"name": _("Effective permissions for %s") % self.name, | ||
"res_model": "res.users.effective.permission", | ||
"view_mode": "tree", | ||
"domain": [("id", "in", permissions.ids)], | ||
} |
67 changes: 67 additions & 0 deletions
67
base_user_effective_permissions/models/res_users_effective_permission.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
# Copyright 2023 Hunki Enterprises BV | ||
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) | ||
|
||
|
||
from odoo import fields, models | ||
|
||
|
||
class ResUsersEffectivePermission(models.TransientModel): | ||
_name = "res.users.effective.permission" | ||
_order = "model_human_name" | ||
_description = "Effective permissions" | ||
|
||
model_id = fields.Many2one("ir.model", string="Model") | ||
model_name = fields.Char(related="model_id.model", string="Model name") | ||
model_human_name = fields.Char( | ||
related="model_id.name", store=True, string="Human readable model name" | ||
) | ||
create_permission = fields.Boolean("Create") | ||
create_domain = fields.Char("Create restrictions") | ||
create_domain_widget = fields.Char(related="create_domain", string="Create domain") | ||
read_permission = fields.Boolean("Read") | ||
read_domain = fields.Char("Read restrictions") | ||
read_domain_widget = fields.Char(related="read_domain", string="Read domain") | ||
write_permission = fields.Boolean("Write") | ||
write_domain = fields.Char("Write restrictions") | ||
write_domain_widget = fields.Char(related="write_domain", string="Write domain") | ||
unlink_permission = fields.Boolean("Delete") | ||
unlink_domain = fields.Char("Delete restrictions") | ||
unlink_domain_widget = fields.Char(related="unlink_domain", string="Delete domain") | ||
|
||
def _generate_permissions(self, user): | ||
permissions = self.browse([]) | ||
operations = ("create", "unlink", "read", "write") | ||
IrRule = ( | ||
self.env["ir.rule"] | ||
.with_user(user) | ||
.with_company(user.company_id) | ||
.with_context( | ||
allowed_company_ids=user.company_id.ids, | ||
) | ||
) | ||
for model_record in self.env["ir.model"].search([]): | ||
if model_record.model not in self.env: | ||
continue | ||
model = ( | ||
self.env[model_record.model] | ||
.with_user(user) | ||
.with_company(user.company_id) | ||
.with_context(allowed_company_ids=user.company_id.ids) | ||
) | ||
vals = {"model_id": model_record.id} | ||
vals.update( | ||
{ | ||
"%s_permission" | ||
% operation: model.check_access_rights(operation, False) | ||
for operation in operations | ||
} | ||
) | ||
vals.update( | ||
{ | ||
"%s_domain" | ||
% operation: IrRule._compute_domain(model._name, operation) | ||
for operation in operations | ||
} | ||
) | ||
permissions += self.create(vals) | ||
return permissions |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
* Holger Brunn <[email protected]> (https://hunki-enterprises.com) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
To use this module, you need to be in developer mode and: | ||
|
||
#. Go to Settings/Users & Companies | ||
#. Open a user | ||
#. Click the `Effective permissions` button | ||
#. Note you can switch between the rule domains in text form or as domain widget |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink | ||
access_res_users_effective_permission,access_res_users_effective_permission,base_user_effective_permissions.model_res_users_effective_permission,base.group_user,1,0,1,0 |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.