diff --git a/base_model_restrict_update/README.rst b/base_model_restrict_update/README.rst new file mode 100644 index 00000000000..c09e5f47c5e --- /dev/null +++ b/base_model_restrict_update/README.rst @@ -0,0 +1,104 @@ +===================== +Update Restrict Model +===================== + +.. + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! This file is generated by oca-gen-addon-readme !! + !! changes will be overwritten. !! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! source digest: sha256:bbcc1b9486884cea6b487847ab39a959539b77ae21276a8362033ed9280e90d8 + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png + :target: https://odoo-community.org/page/development-status + :alt: Beta +.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png + :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html + :alt: License: LGPL-3 +.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github + :target: https://github.com/OCA/server-tools/tree/16.0/base_model_restrict_update + :alt: OCA/server-tools +.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png + :target: https://translation.odoo-community.org/projects/server-tools-16-0/server-tools-16-0-base_model_restrict_update + :alt: Translate me on Weblate +.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png + :target: https://runboat.odoo-community.org/builds?repo=OCA/server-tools&target_branch=16.0 + :alt: Try me on Runboat + +|badge1| |badge2| |badge3| |badge4| |badge5| + +This module adds the following features: +* The ability to limit the update permissions for a model to certain groups +* The ability to revoke update permissions for specific users + +**Table of contents** + +.. contents:: + :local: + +Configuration +============= + +When you want to limit the update permissions of a model to certain groups: + +#. Go to *Settings > Techinical > Database Structure > Models* +#. Open the form view of the model, and select 'Update Restrict Model' +#. Assign the groups that should be exempt from the restriction to 'Update-allowed Groups' + + +When you want revoke update permissions for a specific user: + +#. Go to *Settings > Users & Companies > Users* +#. Open the form view of the user, and click the 'Read-only' smart button + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +`feedback `_. + +Do not contact contributors directly about support or help with technical issues. + +Credits +======= + +Authors +~~~~~~~ + +* Quartile Limited + +Contributors +~~~~~~~~~~~~ + +* `Quartile `__: + + * Yoshi Tashiro + +* Ecosoft + + * Kitti U. + +Other credits +~~~~~~~~~~~~~ + +* This module borrows the idea from 'Moises Lopez ' + +Maintainers +~~~~~~~~~~~ + +This module is maintained by the OCA. + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +This module is part of the `OCA/server-tools `_ project on GitHub. + +You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/base_model_restrict_update/__init__.py b/base_model_restrict_update/__init__.py new file mode 100644 index 00000000000..0650744f6bc --- /dev/null +++ b/base_model_restrict_update/__init__.py @@ -0,0 +1 @@ +from . import models diff --git a/base_model_restrict_update/__manifest__.py b/base_model_restrict_update/__manifest__.py new file mode 100644 index 00000000000..58136969a8b --- /dev/null +++ b/base_model_restrict_update/__manifest__.py @@ -0,0 +1,13 @@ +# Copyright 2021-2024 Quartile +# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl). +{ + "name": "Update Restrict Model", + "version": "16.0.1.0.0", + "depends": ["base"], + "website": "https://github.com/OCA/server-tools", + "author": "Odoo Community Association (OCA), Quartile Limited", + "category": "Others", + "license": "LGPL-3", + "data": ["views/ir_model_views.xml", "views/res_users_views.xml"], + "installable": True, +} diff --git a/base_model_restrict_update/i18n/base_model_restrict_update.po b/base_model_restrict_update/i18n/base_model_restrict_update.po new file mode 100644 index 00000000000..d7c1fc2a74a --- /dev/null +++ b/base_model_restrict_update/i18n/base_model_restrict_update.po @@ -0,0 +1,84 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * base_model_restrict_update +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 12.0\n" +"Report-Msgid-Bugs-To: \n" +"Last-Translator: <>\n" +"Language-Team: \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: \n" + +#. module: base_model_restrict_update +#: model_terms:ir.ui.view,arch_db:base_model_restrict_update.view_users_form +msgid "Read-only" +msgstr "" + +#. module: base_model_restrict_update +#: model_terms:ir.ui.view,arch_db:base_model_restrict_update.view_users_form +msgid "Unrestrict Update" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_ir_model_access +msgid "Model Access" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_ir_model +msgid "Models" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_res_users__is_readonly_user +msgid "Ready User" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_res_users__is_readonly_user +msgid "Set to true and the user are readonly user on all models" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_res_users__unrestrict_model_update +msgid "Set to true and the user can update restricted model." +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_res_users__unrestrict_model_update +msgid "Unrestrict Model Update" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_ir_model__restrict_update +msgid "Update Restrict Model" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_res_users +msgid "Users" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_ir_model__restrict_update +msgid "" +"When selected, the model is restricted to read-only unless the user has the " +"special permission." +msgstr "" + +#. module: base_model_restrict_update +#: code:addons/base_model_restrict_update/models/ir_model_access.py:0 +#, python-format +msgid "You are only allowed to read this record. (%(model)s - %(mode)s)" +msgstr "" + +#. module: base_model_restrict_update +#: code:addons/base_model_restrict_update/models/res_users.py:0 +#, python-format +msgid "You cannot set admin user as a readonly user." +msgstr "" diff --git a/base_model_restrict_update/i18n/base_model_restrict_update.pot b/base_model_restrict_update/i18n/base_model_restrict_update.pot new file mode 100644 index 00000000000..2ab2873d370 --- /dev/null +++ b/base_model_restrict_update/i18n/base_model_restrict_update.pot @@ -0,0 +1,83 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * base_model_restrict_update +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 15.0\n" +"Report-Msgid-Bugs-To: \n" +"Last-Translator: \n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: \n" + +#. module: base_model_restrict_update +#: model_terms:ir.ui.view,arch_db:base_model_restrict_update.view_users_form +msgid "Read-only" +msgstr "" + +#. module: base_model_restrict_update +#: model_terms:ir.ui.view,arch_db:base_model_restrict_update.view_users_form +msgid "Unrestrict Update" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_ir_model_access +msgid "Model Access" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_ir_model +msgid "Models" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_res_users__is_readonly_user +msgid "Ready User" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_res_users__is_readonly_user +msgid "Set to true and the user are readonly user on all models" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_res_users__unrestrict_model_update +msgid "Set to true and the user can update restricted model." +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_res_users__unrestrict_model_update +msgid "Unrestrict Model Update" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_ir_model__restrict_update +msgid "Update Restrict Model" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_res_users +msgid "Users" +msgstr "" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_ir_model__restrict_update +msgid "" +"When selected, the model is restricted to read-only unless the user has the " +"special permission." +msgstr "" + +#. module: base_model_restrict_update +#: code:addons/base_model_restrict_update/models/ir_model_access.py:0 +#, python-format +msgid "You are only allowed to read this record. (%(model)s - %(mode)s)" +msgstr "" + +#. module: base_model_restrict_update +#: code:addons/base_model_restrict_update/models/res_users.py:0 +#, python-format +msgid "You cannot set admin user as a readonly user." +msgstr "" diff --git a/base_model_restrict_update/i18n/es.po b/base_model_restrict_update/i18n/es.po new file mode 100644 index 00000000000..49d151caa86 --- /dev/null +++ b/base_model_restrict_update/i18n/es.po @@ -0,0 +1,95 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * base_model_restrict_update +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 15.0\n" +"Report-Msgid-Bugs-To: \n" +"PO-Revision-Date: 2023-11-09 19:36+0000\n" +"Last-Translator: Ivorra78 \n" +"Language-Team: none\n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.17\n" + +#. module: base_model_restrict_update +#: model_terms:ir.ui.view,arch_db:base_model_restrict_update.view_users_form +msgid "Read-only" +msgstr "Solo-Lectura" + +#. module: base_model_restrict_update +#: model_terms:ir.ui.view,arch_db:base_model_restrict_update.view_users_form +msgid "Unrestrict Update" +msgstr "" +"Actualización sin restricciones" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_ir_model_access +msgid "Model Access" +msgstr "Acceso Modelo" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_ir_model +msgid "Models" +msgstr "Modelos" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_res_users__is_readonly_user +msgid "Ready User" +msgstr "Usuario listo" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_res_users__is_readonly_user +msgid "Set to true and the user are readonly user on all models" +msgstr "" +"Establecer a true y el usuario son de sólo lectura en todos los modelos" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_res_users__unrestrict_model_update +msgid "Set to true and the user can update restricted model." +msgstr "" +"Si se establece en true, el usuario puede actualizar el modelo restringido." + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_res_users__unrestrict_model_update +msgid "Unrestrict Model Update" +msgstr "Actualización del modelo Sin restricciones" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_ir_model__restrict_update +msgid "Update Restrict Model" +msgstr "Actualizar el modelo de restricciones" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_res_users +msgid "Users" +msgstr "Usuarios" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_ir_model__restrict_update +msgid "" +"When selected, the model is restricted to read-only unless the user has the " +"special permission." +msgstr "" +"Cuando se selecciona, el modelo se restringe a sólo lectura a menos que el " +"usuario tenga el permiso especial." + +#. module: base_model_restrict_update +#: code:addons/base_model_restrict_update/models/ir_model_access.py:0 +#, python-format +msgid "You are only allowed to read this record. (%(model)s - %(mode)s)" +msgstr "Sólo puede leer este registro. (%(model)s - %(mode)s)" + +#. module: base_model_restrict_update +#: code:addons/base_model_restrict_update/models/res_users.py:0 +#, python-format +msgid "You cannot set admin user as a readonly user." +msgstr "No se puede establecer el usuario admin como usuario de sólo lectura." + +#, python-format +#~ msgid "You are only allowed to read this record. ({} - {})" +#~ msgstr "Sólo puede leer este registro. ({} - {})" diff --git a/base_model_restrict_update/i18n/es_AR.po b/base_model_restrict_update/i18n/es_AR.po new file mode 100644 index 00000000000..e18407abf22 --- /dev/null +++ b/base_model_restrict_update/i18n/es_AR.po @@ -0,0 +1,110 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * base_model_restrict_update +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 14.0\n" +"Report-Msgid-Bugs-To: \n" +"PO-Revision-Date: 2023-10-29 23:45+0000\n" +"Last-Translator: Ignacio Buioli \n" +"Language-Team: none\n" +"Language: es_AR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.17\n" + +#. module: base_model_restrict_update +#: model_terms:ir.ui.view,arch_db:base_model_restrict_update.view_users_form +msgid "Read-only" +msgstr "Solo lectura" + +#. module: base_model_restrict_update +#: model_terms:ir.ui.view,arch_db:base_model_restrict_update.view_users_form +msgid "Unrestrict Update" +msgstr "Actualización Irrestricta" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_ir_model_access +msgid "Model Access" +msgstr "Modelo de Acceso" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_ir_model +msgid "Models" +msgstr "Modelos" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_res_users__is_readonly_user +msgid "Ready User" +msgstr "Usuario Listo" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_res_users__is_readonly_user +msgid "Set to true and the user are readonly user on all models" +msgstr "" +"Establezcalo como verdadero y el usuario es un usuario de solo lectura en " +"todos los modelos" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_res_users__unrestrict_model_update +msgid "Set to true and the user can update restricted model." +msgstr "" +"Establezcalo como verdadero y bel usuario podrá actualizar el modelo " +"restringido." + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_res_users__unrestrict_model_update +msgid "Unrestrict Model Update" +msgstr "Actualización del Modelo sin Restricciones" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_ir_model__restrict_update +msgid "Update Restrict Model" +msgstr "Actualizar Modelo Restricto" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_res_users +msgid "Users" +msgstr "Usuarios" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_ir_model__restrict_update +msgid "" +"When selected, the model is restricted to read-only unless the user has the " +"special permission." +msgstr "" +"Cuando está seleccionado, el modelo está restringido a solo lectura a menos " +"que el usuario tenga permisos especiales." + +#. module: base_model_restrict_update +#: code:addons/base_model_restrict_update/models/ir_model_access.py:0 +#, python-format +msgid "You are only allowed to read this record. (%(model)s - %(mode)s)" +msgstr "Está permitido solo a leer este registro. (%(model)s - %(mode)s)" + +#. module: base_model_restrict_update +#: code:addons/base_model_restrict_update/models/res_users.py:0 +#, python-format +msgid "You cannot set admin user as a readonly user." +msgstr "" +"No puede configurar al usuario administrador como un usuario de sólo lectura." + +#, python-format +#~ msgid "You are only allowed to read this record. ({} - {})" +#~ msgstr "Solo le está permitido leer este registro. ({} - {})" + +#~ msgid "Display Name" +#~ msgstr "Mostrar Nombre" + +#~ msgid "ID" +#~ msgstr "ID" + +#~ msgid "Last Modified on" +#~ msgstr "Última modificación en" + +#, python-format +#~ msgid "You are only allowed to read this record. (%s - %s)" +#~ msgstr "No está permitido para leer este registro. (%s - %s)" diff --git a/base_model_restrict_update/i18n/ja_JP.po b/base_model_restrict_update/i18n/ja_JP.po new file mode 100644 index 00000000000..414987e0b30 --- /dev/null +++ b/base_model_restrict_update/i18n/ja_JP.po @@ -0,0 +1,78 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * base_model_restrict_update +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 16.0+e\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2024-12-08 15:24+0000\n" +"PO-Revision-Date: 2024-12-08 15:24+0000\n" +"Last-Translator: \n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: \n" + +#. module: base_model_restrict_update +#: model_terms:ir.ui.view,arch_db:base_model_restrict_update.view_users_form +msgid "Read-only" +msgstr "読取専用" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_ir_model_access +msgid "Model Access" +msgstr "モデルアクセス" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_ir_model +msgid "Models" +msgstr "モデル" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_res_users__is_readonly_user +msgid "Read-only User" +msgstr "読取専用ユーザ" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_res_users__is_readonly_user +msgid "" +"Select this option to prevent the user from updating any business records." +msgstr "選択すると、ユーザがビジネスレコードを更新できなくなります。" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_ir_model__restrict_update +msgid "Update Restrict Model" +msgstr "更新制限モデル" + +#. module: base_model_restrict_update +#: model:ir.model.fields,field_description:base_model_restrict_update.field_ir_model__update_allowed_group_ids +msgid "Update-Allowed Groups" +msgstr "更新許可グループ" + +#. module: base_model_restrict_update +#: model:ir.model,name:base_model_restrict_update.model_res_users +msgid "User" +msgstr "ユーザ" + +#. module: base_model_restrict_update +#: model:ir.model.fields,help:base_model_restrict_update.field_ir_model__restrict_update +msgid "" +"When selected, the model is restricted to read-only unless the user belongs " +"to an Update-Allowed Group." +msgstr "有効化すると、更新許可グループに属するユーザのみモデルレコードを更新できます。" + +#. module: base_model_restrict_update +#. odoo-python +#: code:addons/base_model_restrict_update/models/ir_model_access.py:0 +#, python-format +msgid "You are only allowed to read this record. (%(model)s - %(mode)s)" +msgstr "このレコードの更新は許可されていません。(%(model)s - %(mode)s)" + +#. module: base_model_restrict_update +#. odoo-python +#: code:addons/base_model_restrict_update/models/res_users.py:0 +#, python-format +msgid "You cannot make the admin user read-only." +msgstr "管理者ユーザは読取専用にできません。" \ No newline at end of file diff --git a/base_model_restrict_update/models/__init__.py b/base_model_restrict_update/models/__init__.py new file mode 100644 index 00000000000..4f02d73ba29 --- /dev/null +++ b/base_model_restrict_update/models/__init__.py @@ -0,0 +1,3 @@ +from . import ir_model_access +from . import ir_model +from . import res_users diff --git a/base_model_restrict_update/models/ir_model.py b/base_model_restrict_update/models/ir_model.py new file mode 100644 index 00000000000..1d06254cb14 --- /dev/null +++ b/base_model_restrict_update/models/ir_model.py @@ -0,0 +1,19 @@ +# Copyright 2021-2024 Quartile +# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl). + +from odoo import fields, models + + +class IrModel(models.Model): + _inherit = "ir.model" + + restrict_update = fields.Boolean( + "Update Restrict Model", + help="When selected, the model is restricted to read-only unless the " + "user belongs to an Update-Allowed Group.", + ) + update_allowed_group_ids = fields.Many2many( + "res.groups", + "ir_model_res_groups_update_allowed_rel", + string="Update-Allowed Groups", + ) diff --git a/base_model_restrict_update/models/ir_model_access.py b/base_model_restrict_update/models/ir_model_access.py new file mode 100644 index 00000000000..63b1ea87d2a --- /dev/null +++ b/base_model_restrict_update/models/ir_model_access.py @@ -0,0 +1,67 @@ +# Copyright 2021-2024 Quartile +# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl). + +from odoo import api, models +from odoo.exceptions import AccessError +from odoo.tools.translate import _ + + +class IrModelAccess(models.Model): + _inherit = "ir.model.access" + + @api.model + def check(self, model, mode="read", raise_exception=True): + if self.env.su: + return True + res = super().check(model, mode, raise_exception) + if mode != "read" and raise_exception: + if self._test_readonly(model) or self._test_restrict_update(model): + raise AccessError( + _( + "You are only allowed to read this record. (%(model)s - %(mode)s)" + ) + % {"model": model, "mode": mode} + ) + return res + + @api.model + def _test_readonly(self, model): + exclude_models = self._readonly_exclude_models() + if model not in exclude_models and self.env.user.is_readonly_user: + return True + return False + + @api.model + def _test_restrict_update(self, model): + # Get the IDs of unresticted users for the model if it's restricted + self.env.cr.execute( + """ + SELECT gurel.uid + FROM ir_model m + LEFT JOIN ir_model_res_groups_update_allowed_rel mgrel ON m.id = mgrel.ir_model_id + LEFT JOIN res_groups_users_rel gurel ON mgrel.res_groups_id = gurel.gid + WHERE m.model = %s + AND m.restrict_update = true + """, + (model,), + ) + query_res = self.env.cr.fetchall() + return bool(query_res) and (self.env.uid,) not in query_res + + @api.model + def _readonly_exclude_models(self): + """Models updtate/create by system, and should be excluded from checking""" + return ( + self.sudo() + .search( + [ + ("group_id", "=", False), + "|", + ("perm_write", "=", True), + "|", + ("perm_create", "=", True), + ("perm_unlink", "=", True), + ] + ) + .mapped("model_id.model") + ) diff --git a/base_model_restrict_update/models/res_users.py b/base_model_restrict_update/models/res_users.py new file mode 100644 index 00000000000..32ed09f0802 --- /dev/null +++ b/base_model_restrict_update/models/res_users.py @@ -0,0 +1,24 @@ +# Copyright 2021-2024 Quartile +# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl). + +from odoo import _, api, fields, models +from odoo.exceptions import UserError + + +class ResUsers(models.Model): + _inherit = "res.users" + + unrestrict_model_update = fields.Boolean( + help="Set to true and the user can update restricted model.", + ) + is_readonly_user = fields.Boolean( + "Read-only User", + help="Select this option to prevent the user from updating any business " + "records.", + ) + + @api.constrains("is_readonly_user", "groups_id") + def _check_is_readonly_user(self): + for user in self: + if user.has_group("base.group_system") and user.is_readonly_user: + raise UserError(_("You cannot make the admin user read-only.")) diff --git a/base_model_restrict_update/readme/CONFIGURE.rst b/base_model_restrict_update/readme/CONFIGURE.rst new file mode 100644 index 00000000000..6013e0e45e0 --- /dev/null +++ b/base_model_restrict_update/readme/CONFIGURE.rst @@ -0,0 +1,11 @@ +When you want to limit the update permissions of a model to certain groups: + +#. Go to *Settings > Techinical > Database Structure > Models* +#. Open the form view of the model, and select 'Update Restrict Model' +#. Assign the groups that should be exempt from the restriction to 'Update-allowed Groups' + + +When you want revoke update permissions for a specific user: + +#. Go to *Settings > Users & Companies > Users* +#. Open the form view of the user, and click the 'Read-only' smart button \ No newline at end of file diff --git a/base_model_restrict_update/readme/CONTRIBUTORS.rst b/base_model_restrict_update/readme/CONTRIBUTORS.rst new file mode 100644 index 00000000000..55db4372b02 --- /dev/null +++ b/base_model_restrict_update/readme/CONTRIBUTORS.rst @@ -0,0 +1,7 @@ +* `Quartile `__: + + * Yoshi Tashiro + +* Ecosoft + + * Kitti U. diff --git a/base_model_restrict_update/readme/CREDITS.rst b/base_model_restrict_update/readme/CREDITS.rst new file mode 100644 index 00000000000..ac1be061efa --- /dev/null +++ b/base_model_restrict_update/readme/CREDITS.rst @@ -0,0 +1 @@ +* This module borrows the idea from 'Moises Lopez ' diff --git a/base_model_restrict_update/readme/DESCRIPTION.rst b/base_model_restrict_update/readme/DESCRIPTION.rst new file mode 100644 index 00000000000..54060e6cd5e --- /dev/null +++ b/base_model_restrict_update/readme/DESCRIPTION.rst @@ -0,0 +1,3 @@ +This module adds the following features: +* The ability to limit the update permissions for a model to certain groups +* The ability to revoke update permissions for specific users \ No newline at end of file diff --git a/base_model_restrict_update/static/description/icon.png b/base_model_restrict_update/static/description/icon.png new file mode 100644 index 00000000000..3a0328b516c Binary files /dev/null and b/base_model_restrict_update/static/description/icon.png differ diff --git a/base_model_restrict_update/static/description/index.html b/base_model_restrict_update/static/description/index.html new file mode 100644 index 00000000000..fbb27f565fb --- /dev/null +++ b/base_model_restrict_update/static/description/index.html @@ -0,0 +1,451 @@ + + + + + +Update Restrict Model + + + +
+

Update Restrict Model

+ + +

Beta License: LGPL-3 OCA/server-tools Translate me on Weblate Try me on Runboat

+

This module adds the following features: +* The ability to limit the update permissions for a model to certain groups +* The ability to revoke update permissions for specific users

+

Table of contents

+ +
+

Configuration

+

When you want to limit the update permissions of a model to certain groups:

+
    +
  1. Go to Settings > Techinical > Database Structure > Models
    2. +
  2. Open the form view of the model, and select ‘Update Restrict Model’
    3. +
  3. Assign the groups that should be exempt from the restriction to ‘Update-allowed Groups’
    4. +
+

When you want revoke update permissions for a specific user:

+
    +
  1. Go to Settings > Users & Companies > Users
    2. +
  2. Open the form view of the user, and click the ‘Read-only’ smart button
    3. +
+
+
+

Bug Tracker

+

Bugs are tracked on GitHub Issues. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +feedback.

+

Do not contact contributors directly about support or help with technical issues.

+
+
+

Credits

+
+

Authors

+
    +
  • Quartile Limited
    • +
+
+
+

Contributors

+ +
+
+

Other credits

+ +
+
+

Maintainers

+

This module is maintained by the OCA.

+Odoo Community Association +

OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use.

+

This module is part of the OCA/server-tools project on GitHub.

+

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

+
+
+
+ + diff --git a/base_model_restrict_update/tests/__init__.py b/base_model_restrict_update/tests/__init__.py new file mode 100644 index 00000000000..6b23d93c704 --- /dev/null +++ b/base_model_restrict_update/tests/__init__.py @@ -0,0 +1 @@ +from . import test_base_model_restrict_update diff --git a/base_model_restrict_update/tests/test_base_model_restrict_update.py b/base_model_restrict_update/tests/test_base_model_restrict_update.py new file mode 100644 index 00000000000..01ca617fd58 --- /dev/null +++ b/base_model_restrict_update/tests/test_base_model_restrict_update.py @@ -0,0 +1,82 @@ +# Copyright 2021-2024 Quartile +# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl). + +from odoo.exceptions import AccessError, UserError +from odoo.fields import Command +from odoo.tests import common, tagged + + +@tagged("post_install", "-at_install") +class TestBaseModelRestrictUpdate(common.TransactionCase): + @classmethod + def setUpClass(cls): + super().setUpClass() + cls.model_partner = cls.env["ir.model"].search([("model", "=", "res.partner")]) + cls.group_partner_update = cls.env["res.groups"].create( + {"name": "Partner Update Group"} + ) + cls.test_user = cls.env["res.users"].create({"name": "test", "login": "test"}) + cls.partner_model_with_test_user = cls.env["res.partner"].with_user( + cls.test_user.id + ) + cls.test_partner_with_test_user = ( + cls.env["res.partner"].with_user(cls.test_user.id).create({"name": "foo"}) + ) + + def test_no_restriction(self): + self.partner_model_with_test_user.create({"name": "bar"}) + self.test_partner_with_test_user.write({"name": "bar"}) + self.test_partner_with_test_user.unlink() + + def test_with_model_restriction(self): + self.model_partner.restrict_update = True + with self.assertRaises(AccessError): + self.partner_model_with_test_user.create({"name": "bar"}) + with self.assertRaises(AccessError): + self.test_partner_with_test_user.write({"name": "bar"}) + with self.assertRaises(AccessError): + self.test_partner_with_test_user.unlink() + self.model_partner.update_allowed_group_ids = self.group_partner_update + with self.assertRaises(AccessError): + self.partner_model_with_test_user.create({"name": "bar"}) + with self.assertRaises(AccessError): + self.test_partner_with_test_user.write({"name": "bar"}) + with self.assertRaises(AccessError): + self.test_partner_with_test_user.unlink() + self.test_user.groups_id = [Command.link(self.group_partner_update.id)] + self.partner_model_with_test_user.create({"name": "bar"}) + self.test_partner_with_test_user.write({"name": "bar"}) + self.test_partner_with_test_user.unlink() + + def test_with_user_readonly(self): + self.test_user.is_readonly_user = True + with self.assertRaises(AccessError): + self.partner_model_with_test_user.create({"name": "bar"}) + with self.assertRaises(AccessError): + self.test_partner_with_test_user.write({"name": "bar"}) + with self.assertRaises(AccessError): + self.test_partner_with_test_user.unlink() + # To confirm that is_readonly_user prevails + self.model_partner.restrict_update = True + self.model_partner.update_allowed_group_ids = self.group_partner_update + self.test_user.groups_id = [Command.link(self.group_partner_update.id)] + with self.assertRaises(AccessError): + self.partner_model_with_test_user.create({"name": "bar"}) + with self.assertRaises(AccessError): + self.test_partner_with_test_user.write({"name": "bar"}) + with self.assertRaises(AccessError): + self.test_partner_with_test_user.unlink() + self.test_user.is_readonly_user = False + self.partner_model_with_test_user.create({"name": "bar"}) + self.test_partner_with_test_user.write({"name": "bar"}) + self.test_partner_with_test_user.unlink() + + def test_set_user_readonly(self): + group_system_id = self.env.ref("base.group_system").id + self.test_user.groups_id = [Command.link(group_system_id)] + with self.assertRaises(UserError): + self.test_user.is_readonly_user = True + self.test_user.groups_id = [Command.unlink(group_system_id)] + self.test_user.is_readonly_user = True + with self.assertRaises(UserError): + self.test_user.groups_id = [Command.link(group_system_id)] diff --git a/base_model_restrict_update/views/ir_model_views.xml b/base_model_restrict_update/views/ir_model_views.xml new file mode 100644 index 00000000000..bff1edb5e5f --- /dev/null +++ b/base_model_restrict_update/views/ir_model_views.xml @@ -0,0 +1,20 @@ + + + + + ir.model form + ir.model + + + + + + + + + + diff --git a/base_model_restrict_update/views/res_users_views.xml b/base_model_restrict_update/views/res_users_views.xml new file mode 100644 index 00000000000..a09a02a0f0e --- /dev/null +++ b/base_model_restrict_update/views/res_users_views.xml @@ -0,0 +1,22 @@ + + + + + res.users.form + res.users + + +
+
+ Read-only + +
+
+ + + + diff --git a/setup/base_model_restrict_update/odoo/addons/base_model_restrict_update b/setup/base_model_restrict_update/odoo/addons/base_model_restrict_update new file mode 120000 index 00000000000..5feb2772198 --- /dev/null +++ b/setup/base_model_restrict_update/odoo/addons/base_model_restrict_update @@ -0,0 +1 @@ +../../../../base_model_restrict_update \ No newline at end of file diff --git a/setup/base_model_restrict_update/setup.py b/setup/base_model_restrict_update/setup.py new file mode 100644 index 00000000000..28c57bb6403 --- /dev/null +++ b/setup/base_model_restrict_update/setup.py @@ -0,0 +1,6 @@ +import setuptools + +setuptools.setup( + setup_requires=['setuptools-odoo'], + odoo_addon=True, +)