diff --git a/base_user_effective_permissions/= b/base_user_effective_permissions/= new file mode 100644 index 000000000..bbe49c094 --- /dev/null +++ b/base_user_effective_permissions/= @@ -0,0 +1,22 @@ +# Copyright 2023 Hunki Enterprises BV +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) + +{ + "name": "Effective permissions", + "summary": "Inspect effective permissions applying to a user", + "version": "16.0.1.0.0", + "development_status": "Alpha", + "category": "Technical", + "website": "https://github.com/OCA/server-backend", + "author": "Hunki Enterprises BV, Odoo Community Association (OCA)", + "maintainers": ["hbrunn"], + "license": "AGPL-3", + "depends": [ + "base", + ], + "data": [ + "security/ir.model.access.csv", + "views/res_users_effective_permission.xml", + "views/res_users.xml", + ], +} diff --git a/base_user_effective_permissions/README.rst b/base_user_effective_permissions/README.rst new file mode 100644 index 000000000..aaa15cad3 --- /dev/null +++ b/base_user_effective_permissions/README.rst @@ -0,0 +1,99 @@ +===================== +Effective permissions +===================== + +.. + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! This file is generated by oca-gen-addon-readme !! + !! changes will be overwritten. !! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! source digest: sha256:3cc525388bdbfdd6ea4e40ff9cc8d49b41c9e20aa0a7a50b52916158b6f99ccc + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +.. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png + :target: https://odoo-community.org/page/development-status + :alt: Alpha +.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 +.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github + :target: https://github.com/OCA/server-backend/tree/16.0/base_user_effective_permissions + :alt: OCA/server-backend +.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png + :target: https://translation.odoo-community.org/projects/server-backend-16-0/server-backend-16-0-base_user_effective_permissions + :alt: Translate me on Weblate +.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png + :target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=16.0 + :alt: Try me on Runboat + +|badge1| |badge2| |badge3| |badge4| |badge5| + +This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions. + +.. IMPORTANT:: + This is an alpha version, the data model and design can change at any time without warning. + Only for development or testing purpose, do not use in production. + `More details on development status `_ + +**Table of contents** + +.. contents:: + :local: + +Usage +===== + +To use this module, you need to be in developer mode and: + +#. Go to Settings/Users & Companies +#. Open a user +#. Click the `Effective permissions` button +#. Note you can switch between the rule domains in text form or as domain widget + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +`feedback `_. + +Do not contact contributors directly about support or help with technical issues. + +Credits +======= + +Authors +~~~~~~~ + +* Hunki Enterprises BV + +Contributors +~~~~~~~~~~~~ + +* Holger Brunn (https://hunki-enterprises.com) + +Maintainers +~~~~~~~~~~~ + +This module is maintained by the OCA. + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +.. |maintainer-hbrunn| image:: https://github.com/hbrunn.png?size=40px + :target: https://github.com/hbrunn + :alt: hbrunn + +Current `maintainer `__: + +|maintainer-hbrunn| + +This module is part of the `OCA/server-backend `_ project on GitHub. + +You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/base_user_effective_permissions/__init__.py b/base_user_effective_permissions/__init__.py new file mode 100644 index 000000000..0650744f6 --- /dev/null +++ b/base_user_effective_permissions/__init__.py @@ -0,0 +1 @@ +from . import models diff --git a/base_user_effective_permissions/__manifest__.py b/base_user_effective_permissions/__manifest__.py new file mode 100644 index 000000000..bbe49c094 --- /dev/null +++ b/base_user_effective_permissions/__manifest__.py @@ -0,0 +1,22 @@ +# Copyright 2023 Hunki Enterprises BV +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) + +{ + "name": "Effective permissions", + "summary": "Inspect effective permissions applying to a user", + "version": "16.0.1.0.0", + "development_status": "Alpha", + "category": "Technical", + "website": "https://github.com/OCA/server-backend", + "author": "Hunki Enterprises BV, Odoo Community Association (OCA)", + "maintainers": ["hbrunn"], + "license": "AGPL-3", + "depends": [ + "base", + ], + "data": [ + "security/ir.model.access.csv", + "views/res_users_effective_permission.xml", + "views/res_users.xml", + ], +} diff --git a/base_user_effective_permissions/i18n/.empty b/base_user_effective_permissions/i18n/.empty new file mode 100644 index 000000000..e69de29bb diff --git a/base_user_effective_permissions/models/__init__.py b/base_user_effective_permissions/models/__init__.py new file mode 100644 index 000000000..17d12ce8a --- /dev/null +++ b/base_user_effective_permissions/models/__init__.py @@ -0,0 +1,2 @@ +from . import res_users +from . import res_users_effective_permission diff --git a/base_user_effective_permissions/models/res_users.py b/base_user_effective_permissions/models/res_users.py new file mode 100644 index 000000000..3b7b524ef --- /dev/null +++ b/base_user_effective_permissions/models/res_users.py @@ -0,0 +1,22 @@ +# Copyright 2023 Hunki Enterprises BV +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) + + +from odoo import _, models + + +class ResUsers(models.Model): + _inherit = "res.users" + + def action_show_effective_permissions(self): + self.ensure_one() + permissions = self.env["res.users.effective.permission"]._generate_permissions( + self + ) + return { + "type": "ir.actions.act_window", + "name": _("Effective permissions for %s") % self.name, + "res_model": "res.users.effective.permission", + "view_mode": "tree", + "domain": [("id", "in", permissions.ids)], + } diff --git a/base_user_effective_permissions/models/res_users_effective_permission.py b/base_user_effective_permissions/models/res_users_effective_permission.py new file mode 100644 index 000000000..c6b417d58 --- /dev/null +++ b/base_user_effective_permissions/models/res_users_effective_permission.py @@ -0,0 +1,67 @@ +# Copyright 2023 Hunki Enterprises BV +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) + + +from odoo import fields, models + + +class ResUsersEffectivePermission(models.TransientModel): + _name = "res.users.effective.permission" + _order = "model_human_name" + _description = "Effective permissions" + + model_id = fields.Many2one("ir.model", string="Model") + model_name = fields.Char(related="model_id.model", string="Model name") + model_human_name = fields.Char( + related="model_id.name", store=True, string="Human readable model name" + ) + create_permission = fields.Boolean("Create") + create_domain = fields.Char("Create restrictions") + create_domain_widget = fields.Char(related="create_domain", string="Create domain") + read_permission = fields.Boolean("Read") + read_domain = fields.Char("Read restrictions") + read_domain_widget = fields.Char(related="read_domain", string="Read domain") + write_permission = fields.Boolean("Write") + write_domain = fields.Char("Write restrictions") + write_domain_widget = fields.Char(related="write_domain", string="Write domain") + unlink_permission = fields.Boolean("Delete") + unlink_domain = fields.Char("Delete restrictions") + unlink_domain_widget = fields.Char(related="unlink_domain", string="Delete domain") + + def _generate_permissions(self, user): + permissions = self.browse([]) + operations = ("create", "unlink", "read", "write") + IrRule = ( + self.env["ir.rule"] + .with_user(user) + .with_company(user.company_id) + .with_context( + allowed_company_ids=user.company_id.ids, + ) + ) + for model_record in self.env["ir.model"].search([]): + if model_record.model not in self.env: + continue + model = ( + self.env[model_record.model] + .with_user(user) + .with_company(user.company_id) + .with_context(allowed_company_ids=user.company_id.ids) + ) + vals = {"model_id": model_record.id} + vals.update( + { + "%s_permission" + % operation: model.check_access_rights(operation, False) + for operation in operations + } + ) + vals.update( + { + "%s_domain" + % operation: IrRule._compute_domain(model._name, operation) + for operation in operations + } + ) + permissions += self.create(vals) + return permissions diff --git a/base_user_effective_permissions/readme/CONTRIBUTORS.rst b/base_user_effective_permissions/readme/CONTRIBUTORS.rst new file mode 100644 index 000000000..33b6eb2c3 --- /dev/null +++ b/base_user_effective_permissions/readme/CONTRIBUTORS.rst @@ -0,0 +1 @@ +* Holger Brunn (https://hunki-enterprises.com) diff --git a/base_user_effective_permissions/readme/DESCRIPTION.rst b/base_user_effective_permissions/readme/DESCRIPTION.rst new file mode 100644 index 000000000..5323f1e8b --- /dev/null +++ b/base_user_effective_permissions/readme/DESCRIPTION.rst @@ -0,0 +1 @@ +This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions. diff --git a/base_user_effective_permissions/readme/USAGE.rst b/base_user_effective_permissions/readme/USAGE.rst new file mode 100644 index 000000000..5305431ae --- /dev/null +++ b/base_user_effective_permissions/readme/USAGE.rst @@ -0,0 +1,6 @@ +To use this module, you need to be in developer mode and: + +#. Go to Settings/Users & Companies +#. Open a user +#. Click the `Effective permissions` button +#. Note you can switch between the rule domains in text form or as domain widget diff --git a/base_user_effective_permissions/security/ir.model.access.csv b/base_user_effective_permissions/security/ir.model.access.csv new file mode 100644 index 000000000..80d829858 --- /dev/null +++ b/base_user_effective_permissions/security/ir.model.access.csv @@ -0,0 +1,2 @@ +id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink +access_res_users_effective_permission,access_res_users_effective_permission,base_user_effective_permissions.model_res_users_effective_permission,base.group_user,1,0,1,0 diff --git a/base_user_effective_permissions/static/description/icon.png b/base_user_effective_permissions/static/description/icon.png new file mode 100644 index 000000000..3a0328b51 Binary files /dev/null and b/base_user_effective_permissions/static/description/icon.png differ diff --git a/base_user_effective_permissions/static/description/index.html b/base_user_effective_permissions/static/description/index.html new file mode 100644 index 000000000..273c2317f --- /dev/null +++ b/base_user_effective_permissions/static/description/index.html @@ -0,0 +1,439 @@ + + + + + +Effective permissions + + + +
+

Effective permissions

+ + +

Alpha License: AGPL-3 OCA/server-backend Translate me on Weblate Try me on Runboat

+

This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions.

+
+

Important

+

This is an alpha version, the data model and design can change at any time without warning. +Only for development or testing purpose, do not use in production. +More details on development status

+
+

Table of contents

+ +
+

Usage

+

To use this module, you need to be in developer mode and:

+
    +
  1. Go to Settings/Users & Companies
  2. +
  3. Open a user
  4. +
  5. Click the Effective permissions button
  6. +
  7. Note you can switch between the rule domains in text form or as domain widget
  8. +
+
+
+

Bug Tracker

+

Bugs are tracked on GitHub Issues. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +feedback.

+

Do not contact contributors directly about support or help with technical issues.

+
+
+

Credits

+
+

Authors

+
    +
  • Hunki Enterprises BV
  • +
+
+ +
+

Maintainers

+

This module is maintained by the OCA.

+Odoo Community Association +

OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use.

+

Current maintainer:

+

hbrunn

+

This module is part of the OCA/server-backend project on GitHub.

+

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

+
+
+
+ + diff --git a/base_user_effective_permissions/tests/__init__.py b/base_user_effective_permissions/tests/__init__.py new file mode 100644 index 000000000..a9d6740bb --- /dev/null +++ b/base_user_effective_permissions/tests/__init__.py @@ -0,0 +1 @@ +from . import test_base_user_effective_permissions diff --git a/base_user_effective_permissions/tests/test_base_user_effective_permissions.py b/base_user_effective_permissions/tests/test_base_user_effective_permissions.py new file mode 100644 index 000000000..34c21b9ed --- /dev/null +++ b/base_user_effective_permissions/tests/test_base_user_effective_permissions.py @@ -0,0 +1,19 @@ +# Copyright 2023 Hunki Enterprises BV +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) + + +from odoo.tests.common import TransactionCase + + +class EffectivePermissionsCase(TransactionCase): + def test_effective_permissions(self): + """Test effective permissions of base.user_demo""" + action = self.env.ref("base.user_demo").action_show_effective_permissions() + permissions = self.env["res.users.effective.permission"].search( + action["domain"] + ) + self.assertTrue( + permissions.filtered( + lambda x: x.model_name == "res.company" + ).read_permission + ) diff --git a/base_user_effective_permissions/views/res_users.xml b/base_user_effective_permissions/views/res_users.xml new file mode 100644 index 000000000..75a590d09 --- /dev/null +++ b/base_user_effective_permissions/views/res_users.xml @@ -0,0 +1,19 @@ + + + + + res.users + + + + + + + + diff --git a/base_user_effective_permissions/views/res_users_effective_permission.xml b/base_user_effective_permissions/views/res_users_effective_permission.xml new file mode 100644 index 000000000..1d62d7eea --- /dev/null +++ b/base_user_effective_permissions/views/res_users_effective_permission.xml @@ -0,0 +1,54 @@ + + + + + res.users.effective.permission + + + + + + + + + + + + + + + + + + + + + res.users.effective.permission + + + + + + + diff --git a/setup/base_user_effective_permissions/odoo/addons/base_user_effective_permissions b/setup/base_user_effective_permissions/odoo/addons/base_user_effective_permissions new file mode 120000 index 000000000..533e606c8 --- /dev/null +++ b/setup/base_user_effective_permissions/odoo/addons/base_user_effective_permissions @@ -0,0 +1 @@ +../../../../base_user_effective_permissions \ No newline at end of file diff --git a/setup/base_user_effective_permissions/setup.py b/setup/base_user_effective_permissions/setup.py new file mode 100644 index 000000000..28c57bb64 --- /dev/null +++ b/setup/base_user_effective_permissions/setup.py @@ -0,0 +1,6 @@ +import setuptools + +setuptools.setup( + setup_requires=['setuptools-odoo'], + odoo_addon=True, +)