From e6cdb2962e48fba45a3ad55053cd211b76cfdf5c Mon Sep 17 00:00:00 2001 From: Holger Brunn Date: Thu, 6 Jul 2023 16:56:30 +0200 Subject: [PATCH] [ADD] base_user_effective_permissions --- base_user_effective_permissions/= | 22 + base_user_effective_permissions/README.rst | 99 ++++ base_user_effective_permissions/__init__.py | 1 + .../__manifest__.py | 22 + base_user_effective_permissions/i18n/.empty | 0 .../models/__init__.py | 2 + .../models/res_users.py | 22 + .../models/res_users_effective_permission.py | 67 +++ .../readme/CONTRIBUTORS.rst | 1 + .../readme/DESCRIPTION.rst | 1 + .../readme/USAGE.rst | 6 + .../security/ir.model.access.csv | 2 + .../static/description/icon.png | Bin 0 -> 9455 bytes .../static/description/index.html | 439 ++++++++++++++++++ .../tests/__init__.py | 1 + .../test_base_user_effective_permissions.py | 19 + .../views/res_users.xml | 19 + .../views/res_users_effective_permission.xml | 54 +++ .../addons/base_user_effective_permissions | 1 + .../base_user_effective_permissions/setup.py | 6 + 20 files changed, 784 insertions(+) create mode 100644 base_user_effective_permissions/= create mode 100644 base_user_effective_permissions/README.rst create mode 100644 base_user_effective_permissions/__init__.py create mode 100644 base_user_effective_permissions/__manifest__.py create mode 100644 base_user_effective_permissions/i18n/.empty create mode 100644 base_user_effective_permissions/models/__init__.py create mode 100644 base_user_effective_permissions/models/res_users.py create mode 100644 base_user_effective_permissions/models/res_users_effective_permission.py create mode 100644 base_user_effective_permissions/readme/CONTRIBUTORS.rst create mode 100644 base_user_effective_permissions/readme/DESCRIPTION.rst create mode 100644 base_user_effective_permissions/readme/USAGE.rst create mode 100644 base_user_effective_permissions/security/ir.model.access.csv create mode 100644 base_user_effective_permissions/static/description/icon.png create mode 100644 base_user_effective_permissions/static/description/index.html create mode 100644 base_user_effective_permissions/tests/__init__.py create mode 100644 base_user_effective_permissions/tests/test_base_user_effective_permissions.py create mode 100644 base_user_effective_permissions/views/res_users.xml create mode 100644 base_user_effective_permissions/views/res_users_effective_permission.xml create mode 120000 setup/base_user_effective_permissions/odoo/addons/base_user_effective_permissions create mode 100644 setup/base_user_effective_permissions/setup.py diff --git a/base_user_effective_permissions/= b/base_user_effective_permissions/= new file mode 100644 index 000000000..bbe49c094 --- /dev/null +++ b/base_user_effective_permissions/= @@ -0,0 +1,22 @@ +# Copyright 2023 Hunki Enterprises BV +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) + +{ + "name": "Effective permissions", + "summary": "Inspect effective permissions applying to a user", + "version": "16.0.1.0.0", + "development_status": "Alpha", + "category": "Technical", + "website": "https://github.com/OCA/server-backend", + "author": "Hunki Enterprises BV, Odoo Community Association (OCA)", + "maintainers": ["hbrunn"], + "license": "AGPL-3", + "depends": [ + "base", + ], + "data": [ + "security/ir.model.access.csv", + "views/res_users_effective_permission.xml", + "views/res_users.xml", + ], +} diff --git a/base_user_effective_permissions/README.rst b/base_user_effective_permissions/README.rst new file mode 100644 index 000000000..aaa15cad3 --- /dev/null +++ b/base_user_effective_permissions/README.rst @@ -0,0 +1,99 @@ +===================== +Effective permissions +===================== + +.. + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! This file is generated by oca-gen-addon-readme !! + !! changes will be overwritten. !! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! source digest: sha256:3cc525388bdbfdd6ea4e40ff9cc8d49b41c9e20aa0a7a50b52916158b6f99ccc + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +.. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png + :target: https://odoo-community.org/page/development-status + :alt: Alpha +.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 +.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github + :target: https://github.com/OCA/server-backend/tree/16.0/base_user_effective_permissions + :alt: OCA/server-backend +.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png + :target: https://translation.odoo-community.org/projects/server-backend-16-0/server-backend-16-0-base_user_effective_permissions + :alt: Translate me on Weblate +.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png + :target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=16.0 + :alt: Try me on Runboat + +|badge1| |badge2| |badge3| |badge4| |badge5| + +This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions. + +.. IMPORTANT:: + This is an alpha version, the data model and design can change at any time without warning. + Only for development or testing purpose, do not use in production. + `More details on development status `_ + +**Table of contents** + +.. contents:: + :local: + +Usage +===== + +To use this module, you need to be in developer mode and: + +#. Go to Settings/Users & Companies +#. Open a user +#. Click the `Effective permissions` button +#. Note you can switch between the rule domains in text form or as domain widget + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +`feedback `_. + +Do not contact contributors directly about support or help with technical issues. + +Credits +======= + +Authors +~~~~~~~ + +* Hunki Enterprises BV + +Contributors +~~~~~~~~~~~~ + +* Holger Brunn (https://hunki-enterprises.com) + +Maintainers +~~~~~~~~~~~ + +This module is maintained by the OCA. + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +.. |maintainer-hbrunn| image:: https://github.com/hbrunn.png?size=40px + :target: https://github.com/hbrunn + :alt: hbrunn + +Current `maintainer `__: + +|maintainer-hbrunn| + +This module is part of the `OCA/server-backend `_ project on GitHub. + +You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/base_user_effective_permissions/__init__.py b/base_user_effective_permissions/__init__.py new file mode 100644 index 000000000..0650744f6 --- /dev/null +++ b/base_user_effective_permissions/__init__.py @@ -0,0 +1 @@ +from . import models diff --git a/base_user_effective_permissions/__manifest__.py b/base_user_effective_permissions/__manifest__.py new file mode 100644 index 000000000..bbe49c094 --- /dev/null +++ b/base_user_effective_permissions/__manifest__.py @@ -0,0 +1,22 @@ +# Copyright 2023 Hunki Enterprises BV +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) + +{ + "name": "Effective permissions", + "summary": "Inspect effective permissions applying to a user", + "version": "16.0.1.0.0", + "development_status": "Alpha", + "category": "Technical", + "website": "https://github.com/OCA/server-backend", + "author": "Hunki Enterprises BV, Odoo Community Association (OCA)", + "maintainers": ["hbrunn"], + "license": "AGPL-3", + "depends": [ + "base", + ], + "data": [ + "security/ir.model.access.csv", + "views/res_users_effective_permission.xml", + "views/res_users.xml", + ], +} diff --git a/base_user_effective_permissions/i18n/.empty b/base_user_effective_permissions/i18n/.empty new file mode 100644 index 000000000..e69de29bb diff --git a/base_user_effective_permissions/models/__init__.py b/base_user_effective_permissions/models/__init__.py new file mode 100644 index 000000000..17d12ce8a --- /dev/null +++ b/base_user_effective_permissions/models/__init__.py @@ -0,0 +1,2 @@ +from . import res_users +from . import res_users_effective_permission diff --git a/base_user_effective_permissions/models/res_users.py b/base_user_effective_permissions/models/res_users.py new file mode 100644 index 000000000..3b7b524ef --- /dev/null +++ b/base_user_effective_permissions/models/res_users.py @@ -0,0 +1,22 @@ +# Copyright 2023 Hunki Enterprises BV +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) + + +from odoo import _, models + + +class ResUsers(models.Model): + _inherit = "res.users" + + def action_show_effective_permissions(self): + self.ensure_one() + permissions = self.env["res.users.effective.permission"]._generate_permissions( + self + ) + return { + "type": "ir.actions.act_window", + "name": _("Effective permissions for %s") % self.name, + "res_model": "res.users.effective.permission", + "view_mode": "tree", + "domain": [("id", "in", permissions.ids)], + } diff --git a/base_user_effective_permissions/models/res_users_effective_permission.py b/base_user_effective_permissions/models/res_users_effective_permission.py new file mode 100644 index 000000000..c6b417d58 --- /dev/null +++ b/base_user_effective_permissions/models/res_users_effective_permission.py @@ -0,0 +1,67 @@ +# Copyright 2023 Hunki Enterprises BV +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) + + +from odoo import fields, models + + +class ResUsersEffectivePermission(models.TransientModel): + _name = "res.users.effective.permission" + _order = "model_human_name" + _description = "Effective permissions" + + model_id = fields.Many2one("ir.model", string="Model") + model_name = fields.Char(related="model_id.model", string="Model name") + model_human_name = fields.Char( + related="model_id.name", store=True, string="Human readable model name" + ) + create_permission = fields.Boolean("Create") + create_domain = fields.Char("Create restrictions") + create_domain_widget = fields.Char(related="create_domain", string="Create domain") + read_permission = fields.Boolean("Read") + read_domain = fields.Char("Read restrictions") + read_domain_widget = fields.Char(related="read_domain", string="Read domain") + write_permission = fields.Boolean("Write") + write_domain = fields.Char("Write restrictions") + write_domain_widget = fields.Char(related="write_domain", string="Write domain") + unlink_permission = fields.Boolean("Delete") + unlink_domain = fields.Char("Delete restrictions") + unlink_domain_widget = fields.Char(related="unlink_domain", string="Delete domain") + + def _generate_permissions(self, user): + permissions = self.browse([]) + operations = ("create", "unlink", "read", "write") + IrRule = ( + self.env["ir.rule"] + .with_user(user) + .with_company(user.company_id) + .with_context( + allowed_company_ids=user.company_id.ids, + ) + ) + for model_record in self.env["ir.model"].search([]): + if model_record.model not in self.env: + continue + model = ( + self.env[model_record.model] + .with_user(user) + .with_company(user.company_id) + .with_context(allowed_company_ids=user.company_id.ids) + ) + vals = {"model_id": model_record.id} + vals.update( + { + "%s_permission" + % operation: model.check_access_rights(operation, False) + for operation in operations + } + ) + vals.update( + { + "%s_domain" + % operation: IrRule._compute_domain(model._name, operation) + for operation in operations + } + ) + permissions += self.create(vals) + return permissions diff --git a/base_user_effective_permissions/readme/CONTRIBUTORS.rst b/base_user_effective_permissions/readme/CONTRIBUTORS.rst new file mode 100644 index 000000000..33b6eb2c3 --- /dev/null +++ b/base_user_effective_permissions/readme/CONTRIBUTORS.rst @@ -0,0 +1 @@ +* Holger Brunn (https://hunki-enterprises.com) diff --git a/base_user_effective_permissions/readme/DESCRIPTION.rst b/base_user_effective_permissions/readme/DESCRIPTION.rst new file mode 100644 index 000000000..5323f1e8b --- /dev/null +++ b/base_user_effective_permissions/readme/DESCRIPTION.rst @@ -0,0 +1 @@ +This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions. diff --git a/base_user_effective_permissions/readme/USAGE.rst b/base_user_effective_permissions/readme/USAGE.rst new file mode 100644 index 000000000..5305431ae --- /dev/null +++ b/base_user_effective_permissions/readme/USAGE.rst @@ -0,0 +1,6 @@ +To use this module, you need to be in developer mode and: + +#. Go to Settings/Users & Companies +#. Open a user +#. Click the `Effective permissions` button +#. Note you can switch between the rule domains in text form or as domain widget diff --git a/base_user_effective_permissions/security/ir.model.access.csv b/base_user_effective_permissions/security/ir.model.access.csv new file mode 100644 index 000000000..80d829858 --- /dev/null +++ b/base_user_effective_permissions/security/ir.model.access.csv @@ -0,0 +1,2 @@ +id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink +access_res_users_effective_permission,access_res_users_effective_permission,base_user_effective_permissions.model_res_users_effective_permission,base.group_user,1,0,1,0 diff --git a/base_user_effective_permissions/static/description/icon.png b/base_user_effective_permissions/static/description/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..3a0328b516c4980e8e44cdb63fd945757ddd132d GIT binary patch literal 9455 zcmW++2RxMjAAjx~&dlBk9S+%}OXg)AGE&Cb*&}d0jUxM@u(PQx^-s)697TX`ehR4?GS^qbkof1cslKgkU)h65qZ9Oc=ml_0temigYLJfnz{IDzUf>bGs4N!v3=Z3jMq&A#7%rM5eQ#dc?k~! zVpnB`o+K7|Al`Q_U;eD$B zfJtP*jH`siUq~{KE)`jP2|#TUEFGRryE2`i0**z#*^6~AI|YzIWy$Cu#CSLW3q=GA z6`?GZymC;dCPk~rBS%eCb`5OLr;RUZ;D`}um=H)BfVIq%7VhiMr)_#G0N#zrNH|__ zc+blN2UAB0=617@>_u;MPHN;P;N#YoE=)R#i$k_`UAA>WWCcEVMh~L_ zj--gtp&|K1#58Yz*AHCTMziU1Jzt_jG0I@qAOHsk$2}yTmVkBp_eHuY$A9)>P6o~I z%aQ?!(GqeQ-Y+b0I(m9pwgi(IIZZzsbMv+9w{PFtd_<_(LA~0H(xz{=FhLB@(1&qHA5EJw1>>=%q2f&^X>IQ{!GJ4e9U z&KlB)z(84HmNgm2hg2C0>WM{E(DdPr+EeU_N@57;PC2&DmGFW_9kP&%?X4}+xWi)( z;)z%wI5>D4a*5XwD)P--sPkoY(a~WBw;E~AW`Yue4kFa^LM3X`8x|}ZUeMnqr}>kH zG%WWW>3ml$Yez?i%)2pbKPI7?5o?hydokgQyZsNEr{a|mLdt;X2TX(#B1j35xPnPW z*bMSSOauW>o;*=kO8ojw91VX!qoOQb)zHJ!odWB}d+*K?#sY_jqPdg{Sm2HdYzdEx zOGVPhVRTGPtv0o}RfVP;Nd(|CB)I;*t&QO8h zFfekr30S!-LHmV_Su-W+rEwYXJ^;6&3|L$mMC8*bQptyOo9;>Qb9Q9`ySe3%V$A*9 zeKEe+b0{#KWGp$F+tga)0RtI)nhMa-K@JS}2krK~n8vJ=Ngm?R!9G<~RyuU0d?nz# z-5EK$o(!F?hmX*2Yt6+coY`6jGbb7tF#6nHA zuKk=GGJ;ZwON1iAfG$E#Y7MnZVmrY|j0eVI(DN_MNFJmyZ|;w4tf@=CCDZ#5N_0K= z$;R~bbk?}TpfDjfB&aiQ$VA}s?P}xPERJG{kxk5~R`iRS(SK5d+Xs9swCozZISbnS zk!)I0>t=A<-^z(cmSFz3=jZ23u13X><0b)P)^1T_))Kr`e!-pb#q&J*Q`p+B6la%C zuVl&0duN<;uOsB3%T9Fp8t{ED108<+W(nOZd?gDnfNBC3>M8WE61$So|P zVvqH0SNtDTcsUdzaMDpT=Ty0pDHHNL@Z0w$Y`XO z2M-_r1S+GaH%pz#Uy0*w$Vdl=X=rQXEzO}d6J^R6zjM1u&c9vYLvLp?W7w(?np9x1 zE_0JSAJCPB%i7p*Wvg)pn5T`8k3-uR?*NT|J`eS#_#54p>!p(mLDvmc-3o0mX*mp_ zN*AeS<>#^-{S%W<*mz^!X$w_2dHWpcJ6^j64qFBft-o}o_Vx80o0>}Du;>kLts;$8 zC`7q$QI(dKYG`Wa8#wl@V4jVWBRGQ@1dr-hstpQL)Tl+aqVpGpbSfN>5i&QMXfiZ> zaA?T1VGe?rpQ@;+pkrVdd{klI&jVS@I5_iz!=UMpTsa~mBga?1r}aRBm1WS;TT*s0f0lY=JBl66Upy)-k4J}lh=P^8(SXk~0xW=T9v*B|gzIhN z>qsO7dFd~mgxAy4V?&)=5ieYq?zi?ZEoj)&2o)RLy=@hbCRcfT5jigwtQGE{L*8<@Yd{zg;CsL5mvzfDY}P-wos_6PfprFVaeqNE%h zKZhLtcQld;ZD+>=nqN~>GvROfueSzJD&BE*}XfU|H&(FssBqY=hPCt`d zH?@s2>I(|;fcW&YM6#V#!kUIP8$Nkdh0A(bEVj``-AAyYgwY~jB zT|I7Bf@%;7aL7Wf4dZ%VqF$eiaC38OV6oy3Z#TER2G+fOCd9Iaoy6aLYbPTN{XRPz z;U!V|vBf%H!}52L2gH_+j;`bTcQRXB+y9onc^wLm5wi3-Be}U>k_u>2Eg$=k!(l@I zcCg+flakT2Nej3i0yn+g+}%NYb?ta;R?(g5SnwsQ49U8Wng8d|{B+lyRcEDvR3+`O{zfmrmvFrL6acVP%yG98X zo&+VBg@px@i)%o?dG(`T;n*$S5*rnyiR#=wW}}GsAcfyQpE|>a{=$Hjg=-*_K;UtD z#z-)AXwSRY?OPefw^iI+ z)AXz#PfEjlwTes|_{sB?4(O@fg0AJ^g8gP}ex9Ucf*@_^J(s_5jJV}c)s$`Myn|Kd z$6>}#q^n{4vN@+Os$m7KV+`}c%4)4pv@06af4-x5#wj!KKb%caK{A&Y#Rfs z-po?Dcb1({W=6FKIUirH&(yg=*6aLCekcKwyfK^JN5{wcA3nhO(o}SK#!CINhI`-I z1)6&n7O&ZmyFMuNwvEic#IiOAwNkR=u5it{B9n2sAJV5pNhar=j5`*N!Na;c7g!l$ z3aYBqUkqqTJ=Re-;)s!EOeij=7SQZ3Hq}ZRds%IM*PtM$wV z@;rlc*NRK7i3y5BETSKuumEN`Xu_8GP1Ri=OKQ$@I^ko8>H6)4rjiG5{VBM>B|%`&&s^)jS|-_95&yc=GqjNo{zFkw%%HHhS~e=s zD#sfS+-?*t|J!+ozP6KvtOl!R)@@-z24}`9{QaVLD^9VCSR2b`b!KC#o;Ki<+wXB6 zx3&O0LOWcg4&rv4QG0)4yb}7BFSEg~=IR5#ZRj8kg}dS7_V&^%#Do==#`u zpy6{ox?jWuR(;pg+f@mT>#HGWHAJRRDDDv~@(IDw&R>9643kK#HN`!1vBJHnC+RM&yIh8{gG2q zA%e*U3|N0XSRa~oX-3EAneep)@{h2vvd3Xvy$7og(sayr@95+e6~Xvi1tUqnIxoIH zVWo*OwYElb#uyW{Imam6f2rGbjR!Y3`#gPqkv57dB6K^wRGxc9B(t|aYDGS=m$&S!NmCtrMMaUg(c zc2qC=2Z`EEFMW-me5B)24AqF*bV5Dr-M5ig(l-WPS%CgaPzs6p_gnCIvTJ=Y<6!gT zVt@AfYCzjjsMEGi=rDQHo0yc;HqoRNnNFeWZgcm?f;cp(6CNylj36DoL(?TS7eU#+ z7&mfr#y))+CJOXQKUMZ7QIdS9@#-}7y2K1{8)cCt0~-X0O!O?Qx#E4Og+;A2SjalQ zs7r?qn0H044=sDN$SRG$arw~n=+T_DNdSrarmu)V6@|?1-ZB#hRn`uilTGPJ@fqEy zGt(f0B+^JDP&f=r{#Y_wi#AVDf-y!RIXU^0jXsFpf>=Ji*TeqSY!H~AMbJdCGLhC) zn7Rx+sXw6uYj;WRYrLd^5IZq@6JI1C^YkgnedZEYy<&4(z%Q$5yv#Boo{AH8n$a zhb4Y3PWdr269&?V%uI$xMcUrMzl=;w<_nm*qr=c3Rl@i5wWB;e-`t7D&c-mcQl7x! zZWB`UGcw=Y2=}~wzrfLx=uet<;m3~=8I~ZRuzvMQUQdr+yTV|ATf1Uuomr__nDf=X zZ3WYJtHp_ri(}SQAPjv+Y+0=fH4krOP@S&=zZ-t1jW1o@}z;xk8 z(Nz1co&El^HK^NrhVHa-_;&88vTU>_J33=%{if;BEY*J#1n59=07jrGQ#IP>@u#3A z;!q+E1Rj3ZJ+!4bq9F8PXJ@yMgZL;>&gYA0%_Kbi8?S=XGM~dnQZQ!yBSgcZhY96H zrWnU;k)qy`rX&&xlDyA%(a1Hhi5CWkmg(`Gb%m(HKi-7Z!LKGRP_B8@`7&hdDy5n= z`OIxqxiVfX@OX1p(mQu>0Ai*v_cTMiw4qRt3~NBvr9oBy0)r>w3p~V0SCm=An6@3n)>@z!|o-$HvDK z|3D2ZMJkLE5loMKl6R^ez@Zz%S$&mbeoqH5`Bb){Ei21q&VP)hWS2tjShfFtGE+$z zzCR$P#uktu+#!w)cX!lWN1XU%K-r=s{|j?)Akf@q#3b#{6cZCuJ~gCxuMXRmI$nGtnH+-h z+GEi!*X=AP<|fG`1>MBdTb?28JYc=fGvAi2I<$B(rs$;eoJCyR6_bc~p!XR@O-+sD z=eH`-ye})I5ic1eL~TDmtfJ|8`0VJ*Yr=hNCd)G1p2MMz4C3^Mj?7;!w|Ly%JqmuW zlIEW^Ft%z?*|fpXda>Jr^1noFZEwFgVV%|*XhH@acv8rdGxeEX{M$(vG{Zw+x(ei@ zmfXb22}8-?Fi`vo-YVrTH*C?a8%M=Hv9MqVH7H^J$KsD?>!SFZ;ZsvnHr_gn=7acz z#W?0eCdVhVMWN12VV^$>WlQ?f;P^{(&pYTops|btm6aj>_Uz+hqpGwB)vWp0Cf5y< zft8-je~nn?W11plq}N)4A{l8I7$!ks_x$PXW-2XaRFswX_BnF{R#6YIwMhAgd5F9X zGmwdadS6(a^fjHtXg8=l?Rc0Sm%hk6E9!5cLVloEy4eh(=FwgP`)~I^5~pBEWo+F6 zSf2ncyMurJN91#cJTy_u8Y}@%!bq1RkGC~-bV@SXRd4F{R-*V`bS+6;W5vZ(&+I<9$;-V|eNfLa5n-6% z2(}&uGRF;p92eS*sE*oR$@pexaqr*meB)VhmIg@h{uzkk$9~qh#cHhw#>O%)b@+(| z^IQgqzuj~Sk(J;swEM-3TrJAPCq9k^^^`q{IItKBRXYe}e0Tdr=Huf7da3$l4PdpwWDop%^}n;dD#K4s#DYA8SHZ z&1!riV4W4R7R#C))JH1~axJ)RYnM$$lIR%6fIVA@zV{XVyx}C+a-Dt8Y9M)^KU0+H zR4IUb2CJ{Hg>CuaXtD50jB(_Tcx=Z$^WYu2u5kubqmwp%drJ6 z?Fo40g!Qd<-l=TQxqHEOuPX0;^z7iX?Ke^a%XT<13TA^5`4Xcw6D@Ur&VT&CUe0d} z1GjOVF1^L@>O)l@?bD~$wzgf(nxX1OGD8fEV?TdJcZc2KoUe|oP1#=$$7ee|xbY)A zDZq+cuTpc(fFdj^=!;{k03C69lMQ(|>uhRfRu%+!k&YOi-3|1QKB z z?n?eq1XP>p-IM$Z^C;2L3itnbJZAip*Zo0aw2bs8@(s^~*8T9go!%dHcAz2lM;`yp zD=7&xjFV$S&5uDaiScyD?B-i1ze`+CoRtz`Wn+Zl&#s4&}MO{@N!ufrzjG$B79)Y2d3tBk&)TxUTw@QS0TEL_?njX|@vq?Uz(nBFK5Pq7*xj#u*R&i|?7+6# z+|r_n#SW&LXhtheZdah{ZVoqwyT{D>MC3nkFF#N)xLi{p7J1jXlmVeb;cP5?e(=f# zuT7fvjSbjS781v?7{)-X3*?>tq?)Yd)~|1{BDS(pqC zC}~H#WXlkUW*H5CDOo<)#x7%RY)A;ShGhI5s*#cRDA8YgqG(HeKDx+#(ZQ?386dv! zlXCO)w91~Vw4AmOcATuV653fa9R$fyK8ul%rG z-wfS zihugoZyr38Im?Zuh6@RcF~t1anQu7>#lPpb#}4cOA!EM11`%f*07RqOVkmX{p~KJ9 z^zP;K#|)$`^Rb{rnHGH{~>1(fawV0*Z#)}M`m8-?ZJV<+e}s9wE# z)l&az?w^5{)`S(%MRzxdNqrs1n*-=jS^_jqE*5XDrA0+VE`5^*p3CuM<&dZEeCjoz zR;uu_H9ZPZV|fQq`Cyw4nscrVwi!fE6ciMmX$!_hN7uF;jjKG)d2@aC4ropY)8etW=xJvni)8eHi`H$%#zn^WJ5NLc-rqk|u&&4Z6fD_m&JfSI1Bvb?b<*n&sfl0^t z=HnmRl`XrFvMKB%9}>PaA`m-fK6a0(8=qPkWS5bb4=v?XcWi&hRY?O5HdulRi4?fN zlsJ*N-0Qw+Yic@s0(2uy%F@ib;GjXt01Fmx5XbRo6+n|pP(&nodMoap^z{~q ziEeaUT@Mxe3vJSfI6?uLND(CNr=#^W<1b}jzW58bIfyWTDle$mmS(|x-0|2UlX+9k zQ^EX7Nw}?EzVoBfT(-LT|=9N@^hcn-_p&sqG z&*oVs2JSU+N4ZD`FhCAWaS;>|wH2G*Id|?pa#@>tyxX`+4HyIArWDvVrX)2WAOQff z0qyHu&-S@i^MS-+j--!pr4fPBj~_8({~e1bfcl0wI1kaoN>mJL6KUPQm5N7lB(ui1 zE-o%kq)&djzWJ}ob<-GfDlkB;F31j-VHKvQUGQ3sp`CwyGJk_i!y^sD0fqC@$9|jO zOqN!r!8-p==F@ZVP=U$qSpY(gQ0)59P1&t@y?5rvg<}E+GB}26NYPp4f2YFQrQtot5mn3wu_qprZ=>Ig-$ zbW26Ws~IgY>}^5w`vTB(G`PTZaDiGBo5o(tp)qli|NeV( z@H_=R8V39rt5J5YB2Ky?4eJJ#b`_iBe2ot~6%7mLt5t8Vwi^Jy7|jWXqa3amOIoRb zOr}WVFP--DsS`1WpN%~)t3R!arKF^Q$e12KEqU36AWwnCBICpH4XCsfnyrHr>$I$4 z!DpKX$OKLWarN7nv@!uIA+~RNO)l$$w}p(;b>mx8pwYvu;dD_unryX_NhT8*Tj>BTrTTL&!?O+%Rv;b?B??gSzdp?6Uug9{ zd@V08Z$BdI?fpoCS$)t4mg4rT8Q_I}h`0d-vYZ^|dOB*Q^S|xqTV*vIg?@fVFSmMpaw0qtTRbx} z({Pg?#{2`sc9)M5N$*N|4;^t$+QP?#mov zGVC@I*lBVrOU-%2y!7%)fAKjpEFsgQc4{amtiHb95KQEwvf<(3T<9-Zm$xIew#P22 zc2Ix|App^>v6(3L_MCU0d3W##AB0M~3D00EWoKZqsJYT(#@w$Y_H7G22M~ApVFTRHMI_3be)Lkn#0F*V8Pq zc}`Cjy$bE;FJ6H7p=0y#R>`}-m4(0F>%@P|?7fx{=R^uFdISRnZ2W_xQhD{YuR3t< z{6yxu=4~JkeA;|(J6_nv#>Nvs&FuLA&PW^he@t(UwFFE8)|a!R{`E`K`i^ZnyE4$k z;(749Ix|oi$c3QbEJ3b~D_kQsPz~fIUKym($a_7dJ?o+40*OLl^{=&oq$<#Q(yyrp z{J-FAniyAw9tPbe&IhQ|a`DqFTVQGQ&Gq3!C2==4x{6EJwiPZ8zub-iXoUtkJiG{} zPaR&}_fn8_z~(=;5lD-aPWD3z8PZS@AaUiomF!G8I}Mf>e~0g#BelA-5#`cj;O5>N Xviia!U7SGha1wx#SCgwmn*{w2TRX*I literal 0 HcmV?d00001 diff --git a/base_user_effective_permissions/static/description/index.html b/base_user_effective_permissions/static/description/index.html new file mode 100644 index 000000000..273c2317f --- /dev/null +++ b/base_user_effective_permissions/static/description/index.html @@ -0,0 +1,439 @@ + + + + + +Effective permissions + + + +
+

Effective permissions

+ + +

Alpha License: AGPL-3 OCA/server-backend Translate me on Weblate Try me on Runboat

+

This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions.

+
+

Important

+

This is an alpha version, the data model and design can change at any time without warning. +Only for development or testing purpose, do not use in production. +More details on development status

+
+

Table of contents

+ +
+

Usage

+

To use this module, you need to be in developer mode and:

+
    +
  1. Go to Settings/Users & Companies
  2. +
  3. Open a user
  4. +
  5. Click the Effective permissions button
  6. +
  7. Note you can switch between the rule domains in text form or as domain widget
  8. +
+
+
+

Bug Tracker

+

Bugs are tracked on GitHub Issues. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +feedback.

+

Do not contact contributors directly about support or help with technical issues.

+
+
+

Credits

+
+

Authors

+
    +
  • Hunki Enterprises BV
  • +
+
+ +
+

Maintainers

+

This module is maintained by the OCA.

+Odoo Community Association +

OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use.

+

Current maintainer:

+

hbrunn

+

This module is part of the OCA/server-backend project on GitHub.

+

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

+
+
+
+ + diff --git a/base_user_effective_permissions/tests/__init__.py b/base_user_effective_permissions/tests/__init__.py new file mode 100644 index 000000000..a9d6740bb --- /dev/null +++ b/base_user_effective_permissions/tests/__init__.py @@ -0,0 +1 @@ +from . import test_base_user_effective_permissions diff --git a/base_user_effective_permissions/tests/test_base_user_effective_permissions.py b/base_user_effective_permissions/tests/test_base_user_effective_permissions.py new file mode 100644 index 000000000..34c21b9ed --- /dev/null +++ b/base_user_effective_permissions/tests/test_base_user_effective_permissions.py @@ -0,0 +1,19 @@ +# Copyright 2023 Hunki Enterprises BV +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0) + + +from odoo.tests.common import TransactionCase + + +class EffectivePermissionsCase(TransactionCase): + def test_effective_permissions(self): + """Test effective permissions of base.user_demo""" + action = self.env.ref("base.user_demo").action_show_effective_permissions() + permissions = self.env["res.users.effective.permission"].search( + action["domain"] + ) + self.assertTrue( + permissions.filtered( + lambda x: x.model_name == "res.company" + ).read_permission + ) diff --git a/base_user_effective_permissions/views/res_users.xml b/base_user_effective_permissions/views/res_users.xml new file mode 100644 index 000000000..75a590d09 --- /dev/null +++ b/base_user_effective_permissions/views/res_users.xml @@ -0,0 +1,19 @@ + + + + + res.users + + + + + + + + diff --git a/base_user_effective_permissions/views/res_users_effective_permission.xml b/base_user_effective_permissions/views/res_users_effective_permission.xml new file mode 100644 index 000000000..1d62d7eea --- /dev/null +++ b/base_user_effective_permissions/views/res_users_effective_permission.xml @@ -0,0 +1,54 @@ + + + + + res.users.effective.permission + + + + + + + + + + + + + + + + + + + + + res.users.effective.permission + + + + + + + diff --git a/setup/base_user_effective_permissions/odoo/addons/base_user_effective_permissions b/setup/base_user_effective_permissions/odoo/addons/base_user_effective_permissions new file mode 120000 index 000000000..533e606c8 --- /dev/null +++ b/setup/base_user_effective_permissions/odoo/addons/base_user_effective_permissions @@ -0,0 +1 @@ +../../../../base_user_effective_permissions \ No newline at end of file diff --git a/setup/base_user_effective_permissions/setup.py b/setup/base_user_effective_permissions/setup.py new file mode 100644 index 000000000..28c57bb64 --- /dev/null +++ b/setup/base_user_effective_permissions/setup.py @@ -0,0 +1,6 @@ +import setuptools + +setuptools.setup( + setup_requires=['setuptools-odoo'], + odoo_addon=True, +)