16.0 base_group_backend #205
Conversation
bealdav
force-pushed
the
16-base-grp-backend
branch
2 times, most recently
from
b56bc61 to
bc895ca
Compare
bealdav
force-pushed
the
16-base-grp-backend
branch
2 times, most recently
from
70d02ea to
2a656ab
Compare
| @@ -0,0 +1,8 @@ | |||
| from odoo import fields, models | |||
There was a problem hiding this comment.
is it possible to use https://pypi.org/project/odoo-test-helper/ FakeModelLoader instead of creating a fake model ?
There was a problem hiding this comment.
This PR is refactored, really not finished. Yes you 're right, we might.
But the idea here, not in the code for now it add a real dummy model with real data, but conditionnally built only if we are in test_enabled config.
Current implementation is hard I think and is a poc until to have a real demo only dummy model
The idea is that can be tested on runboat
Thanks for your check
|
This is now a usable version of the module:
Right now the default access rules given to |
|
cc @petrus-v could you have a look please ? |
bealdav
force-pushed
the
16-base-grp-backend
branch
from
a888d84 to
190063c
Compare
There was a problem hiding this comment.
Thanks a lot @FranzPoize. I can't formally approve the PR as author.
Could you squash useless commits, at least noisy ones.
| mail_channel_member_backend,backend user mail.channel.member,mail.model_mail_channel_member,group_backend,1,1,1,0 | ||
| mail_channel_backend,backend user mail.group,mail.model_mail_channel,group_backend,1,1,1,0 | ||
| mail_notification_backend,backend user mail.notification,mail.model_mail_notification,group_backend,1,1,1,0 | ||
| mail_activity_backend,backend user mail.activity,mail.model_mail_activity,group_backend,1,1,1,1 |
There was a problem hiding this comment.
In the former PR #116 I haven't add such access write because I would like a group wilth minimalist access, for a given project If I don't needs activity, I would'nt give those access.
Could you add different sub-groups with pre-configured set of rules and mind to link those groups to ir.rules, here you are given full access to mail.activity table what you probably won't do:
For records here an extract of my customer project where I've created 3 sub groups:
<record model="res.groups" id="group_base_external_users">
<field name="name">Base external backend user access</field>
<field name="category_id" ref="module_category_user_external"/>
<field name="comment">
Those users are external user from the company but are allowed
to access to the backend.
</field>
<field name="implied_ids" eval="[(6, 0, [ref('group_backend.group_backend')])]"/>
<field name="rule_groups" eval="[
(6, 0,[
ref('base.ir_default_user_rule'),
ref('base.ir_filters_delete_own_rule'),
ref('base.ir_filters_employee_rule'),
ref('base.res_company_rule_employee'),
]),
]"/>
</record>
<record model="res.groups" id="group_base_external_users_communication">
<field name="name">Base external backend user with communication access</field>
<field name="category_id" ref="module_category_user_external"/>
<field name="comment">
Those users are external user from the company
that can use the open chatter.
</field>
<field name="implied_ids" eval="[(6, 0, [ref('group_base_external_users')])]"/>
<field name="rule_groups" eval="[
(6, 0,[
ref('mail.ir_rule_mail_notifications_group_user'),
ref('mail.ir_rule_mail_channel_partner_group_user'),
ref('mail.mail_activity_rule_user'),
ref('mail.mail_channel_rule'),
]),
]"/>
</record>
<record id="group_external_sale_salesman" model="res.groups">
<field name="name">External salesman</field>
<field name="category_id" ref="module_category_user_external"/>
<field name="implied_ids" eval="[(6, 0, [ref('group_base_external_users_communication')])]"/>
<field name="view_access" eval="[
(6, 0, [ref('mail.email_compose_message_wizard_form'), ]),
]"/>
<field name="rule_groups" eval="[
(6, 0, [
ref('sale.sale_order_personal_rule'),
]),
]"/>
</record>with related ir model access records:
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
base_external_users_ir_default,base_external_users_ir_default,base.model_ir_default,group_base_external_users,1,1,1,1
base_external_users_ir_filters,base_external_users_ir_filters,base.model_ir_filters,group_base_external_users,1,1,1,1
base_external_users_ir_model,base_external_users_ir_model,base.model_ir_model,group_base_external_users,1,0,0,0
base_external_users_ir_model_fields,base_external_users_ir_model_fields,base.model_ir_model_fields,group_base_external_users,1,0,0,0
base_external_users_ir_model_data,base_external_users_ir_model_data,base.model_ir_model_data,group_base_external_users,1,0,1,0
base_external_users_ir_model_fields_selection,base_external_users_ir_model_fields_selection,base.model_ir_model_fields_selection,group_base_external_users,1,0,0,0
base_external_users_ir_sequence,base_external_users_ir_sequence,base.model_ir_sequence,group_base_external_users,1,0,0,0
base_external_users_ir_sequence_date_range,base_external_users_ir_sequence_date_range,base.model_ir_sequence_date_range,group_base_external_users,1,0,0,0
base_external_users_ir_translation,base_external_users_ir_translation,base.model_ir_translation,group_base_external_users,1,1,1,0
base_external_users_ir_ui_menu,base_external_users_ir_ui_menu,base.model_ir_ui_menu,group_base_external_users,1,0,0,0
base_external_users_ir_attachment,base_external_users_ir_attachment,base.model_ir_attachment,group_base_external_users,1,0,1,0
base_external_users_bus_presence,base_external_users_bus_presence,bus.model_bus_presence,group_base_external_users,1,1,1,1
base_external_users_auth_totp_wizard,base_external_users_auth_totp_wizard,auth_totp.model_auth_totp_wizard,group_base_external_users,1,1,1,1
base_external_users_communication_mail_channel_partner,base_external_users_communication_mail_channel_partner,mail.model_mail_channel_partner,group_base_external_users_communication,1,1,1,0
base_external_users_communication_mail_activity,base_external_users_communication_mail_activity,mail.model_mail_activity,group_base_external_users_communication,1,1,1,1
base_external_users_communication_mail_activity_type,base_external_users_communication_mail_activity_type,mail.model_mail_activity_type,group_base_external_users_communication,1,0,0,0
base_external_users_communication_mail_followers,base_external_users_communication_mail_followers,mail.model_mail_followers,group_base_external_users_communication,1,0,0,0
base_external_users_communication_mail_mail,base_external_users_communication_mail_mail,mail.model_mail_mail,group_base_external_users_communication,0,0,0,0
base_external_users_communication_mail_compose_message,base_external_users_communication_mail_compose_message,mail.model_mail_compose_message,group_base_external_users_communication,1,1,1,0
base_external_users_communication_mail_wizard_invite,base_external_users_communication_mail_wizard_invite,mail.model_mail_wizard_invite,group_base_external_users_communication,1,1,1,0
base_external_users_communication_mail_template,base_external_users_communication_mail_template,mail.model_mail_template,group_base_external_users_communication,1,0,0,0
base_external_users_communication_mail_template_preview,base_external_users_communication_mail_template_preview,mail.model_mail_template_preview,group_base_external_users_communication,1,0,0,0
base_external_users_communication_mail_message,base_external_users_communication_mail_message,mail.model_mail_message,group_base_external_users_communication,1,1,1,0
base_external_users_communication_mail_resend_message,base_external_users_communication_mail_resend_message,mail.model_mail_resend_message,group_base_external_users_communication,1,1,1,0
base_external_users_communication_mail_resend_cancel,base_external_users_communication_mail_resend_cancel,mail.model_mail_resend_cancel,group_base_external_users_communication,1,1,1,0
base_external_users_communication_mail_notification,base_external_users_communication_mail_notification,mail.model_mail_notification,group_base_external_users_communication,1,1,1,1
base_external_users_communication_mail_alias,base_external_users_communication_mail_alias,mail.model_mail_alias,group_base_external_users_communication,1,0,0,0
base_external_users_communication_res_groups,base_external_users_communication_res_groups,base.model_res_groups,group_base_external_users_communication,1,0,0,0
base_external_users_communication_res_partner_category,base_external_users_communication_res_partner_category,base.model_res_partner_category,group_base_external_users_communication,1,0,0,0
base_external_users_communication_res_partner_industry,base_external_users_communication_res_partner_industry,base.model_res_partner_industry,group_base_external_users_communication,1,0,0,0
base_external_users_communication_res_users_identitycheck,base_external_users_communication_res_users_identitycheck,base.model_res_users_identitycheck,group_base_external_users_communication,1,1,1,0
base_external_users_communication_res_bank,base_external_users_communication_res_bank,base.model_res_bank,group_base_external_users_communication,1,0,0,0
base_external_users_communication_res_partner,base_external_users_communication_res_partner,base.model_res_partner,group_base_external_users_communication,1,0,0,0
base_external_users_communication_res_partner_bank,base_external_users_communication_res_partner_bank,base.model_res_partner_bank,group_base_external_users_communication,1,0,0,0
external_salesman_res_partner,external_salesman_res_partner,model_res_partner,group_external_sale_salesman,1,1,1,0
external_salesman_product_product,external_salesman_product_product,model_product_product,group_external_sale_salesman,1,0,0,0
external_salesman_account_fiscal_position,external_salesmanaccount_fiscal_position,account.model_account_fiscal_position,group_external_sale_salesman,1,0,0,0
external_salesman_account_payment_term,external_salesmanaccount_payment_term,account.model_account_payment_term,group_external_sale_salesman,1,0,0,0
external_salesman_uom_uom,external_salesman_uom_uom,uom.model_uom_uom,group_external_sale_salesman,1,0,0,0
external_salesman_model_product_template,external_salesman_model_product_template,model_product_template,group_external_sale_salesman,1,0,0,0
external_salesman_sale_order,external_salesman_sale_order,sale.model_sale_order,group_external_sale_salesman,1,0,0,0
This would avoid to give access to communication if the end user only needs to access to a list and form view !
What do you think ?
There was a problem hiding this comment.
Hi !
Yes I can do something like that.
Thank you for the feedback
There was a problem hiding this comment.
@petrus-v I am not having success with part of your segmentation.
As of right with odoo 16.0 it's not possible for me to login without at least the right (1). Also I get errors without "mail.activity" (2) and "mail.notification" (3) with just base and base_group_backend installed.
(1)
You are not allowed to access 'Contact' (res.partner) records.
This operation is allowed for the following groups:
- Extra Rights/Contact Creation
- User types/Backend user with communication
- User types/Internal User
- User types/Portal
- User types/Public
(2)
You are not allowed to access 'Message Notifications' (mail.notification) records.
This operation is allowed for the following groups:
- Administration/Settings
- User types/Backend user with communication
- User types/Internal User
- User types/Portal
(3)
You are not allowed to access 'Activity' (mail.activity) records.
This operation is allowed for the following groups:
- User types/Backend user with communication
- User types/Internal User
This is probably solvable by removing those from the UI for the external_users_group. However this would mean making the module heavier.
What do you think ?
There was a problem hiding this comment.
Is it because your are testing on the demo module backend.dummy.model that inherit onmail.activity.mixin or because user is redirected to the chat/message or the activity widget require it anyway ?
I like the idea to be able to login over xmlrpc so I would rely appreciate that group_backend exists without any ir.rules nor ir.model.access linked to it, this group would be use only in source code while login. I'm fine to merge 3 others groups together
There was a problem hiding this comment.
I'm not sure since it seems to be caused by the ActivityMenu and the MessagingMenu js components and I'm not too familiar with them.
I'm looking for a way to remove them depending but I'm having trouble for the moment.
So I will decompose the groups into two groups, the first one barebone and the second one that allows to login into the UI without error.
And then I'll try to remove the activity and messaging menu maybe in another PR.
Thank you again for the feedback and the reactivity
There was a problem hiding this comment.
And for the first question it is not triggered by the backend.dummy.model just login into the app is triggering it
There was a problem hiding this comment.
Not sure it make senses to battle that much against activities and messaging ! I'm ok with them if ir rules are properly set !
|
@petrus-v I have made the changes you requested. There is now two different backend users. One without any access rights and another with the minimum acces rights to display a basic odoo UI. I created the other group as a user to make it simple to use so it was necessary to modify has_groups and _compute_share to allow this new groups. |
FranzPoize
force-pushed
the
16-base-grp-backend
branch
from
5f7381f to
6573a16
Compare
…up_backend As a developer we have to keep in mind using this module and grant a user with 's group is equivalent to grant 's group everywhere has been used. Co-authored-by: Jean-Charles Drubay <[email protected]>
bealdav
force-pushed
the
16-base-grp-backend
branch
2 times, most recently
from
ecc225b to
04443b5
Compare
FIX applies pre-commit IMPL adds test for share of backend user FIX pre-commit pass IMPL removes mail.activity.mixin from dummy model because it is not needed for the test IMPL renames and divide the base_group_backend into 2 groups one that provide the basic rights and another that allow login in the app IMPL changes backend ui users to a user type FIX pre-commit pass FIX removes useless imports FIX adds share to group_backend_ui_users IMPL adds mail_channel to access rights FIX tests now working FIX pre-commit pass
bealdav
force-pushed
the
16-base-grp-backend
branch
from
6f9e272 to
93eafb5
Compare
|
This user is a backend_ui_user Ok, he only have access to one app : The Dummy one. That's the deal. |
|
@petrus-v Is this PR ok with you now ? |
bealdav
force-pushed
the
16-base-grp-backend
branch
from
7f914bf to
aa35976
Compare
bealdav
force-pushed
the
16-base-grp-backend
branch
from
aa35976 to
61ece6e
Compare
|
@florian-dacosta DOne, thanks for the review |
|
/ocabot merge nobump |
|
What a great day to merge this nice PR. Let's do it! |
|
For the record, 14.0 PR is #116 |
|
It looks like something changed on |
|
Congratulations, your PR was merged at cdae909. Thanks a lot for contributing to OCA. ❤️ |
Syncing from upstream OCA/server-backend (11.0)
Here is 16.0 version of the module not merged in 14.0
Please @jcdrubay @petrus-v @dreispt @florian-dacosta could you update your review from older. Thanks a lot.