From d0a5407a4f437c4f50732f94efb87cef9aba2c8d Mon Sep 17 00:00:00 2001
From: Sylvain LE GAL <sylvain.legal@grap.coop>
Date: Mon, 16 Dec 2024 13:55:23 +0100
Subject: [PATCH] [IMP] user_limited_access_settings: add demo section. [ADD]
 dependency to base_user_role to make compatibility with this module.

---
 user_limited_access_settings/README.rst       | 27 ---------------
 user_limited_access_settings/__manifest__.py  | 13 ++++++--
 .../demo/res_partner.xml                      | 15 +++++++++
 .../demo/res_users.xml                        | 19 +++++++++++
 .../models/res_users.py                       | 33 +++++--------------
 .../readme/DESCRIPTION.rst                    |  7 ++--
 .../security/ir.model.access.csv              |  2 ++
 .../tests/test_module.py                      |  6 +---
 8 files changed, 60 insertions(+), 62 deletions(-)
 create mode 100644 user_limited_access_settings/demo/res_partner.xml
 create mode 100644 user_limited_access_settings/demo/res_users.xml

diff --git a/user_limited_access_settings/README.rst b/user_limited_access_settings/README.rst
index 3b5f3f39..09623cd5 100644
--- a/user_limited_access_settings/README.rst
+++ b/user_limited_access_settings/README.rst
@@ -3,30 +3,3 @@ User Limited Access Settings
 ============================
 
 Create a new Administration group with limited access to create only users and companies
-
-Purpose
-=======
-
-This module does this and that...
-
-Explain the use case.
-
-Configuration
-=============
-
-To configure this module, you need to:
-
-#. Go to ...
-
-Usage
-=====
-
-To use this module, you need to:
-
-#. Go to ...
-
-
-How to test
-===========
-
-...
diff --git a/user_limited_access_settings/__manifest__.py b/user_limited_access_settings/__manifest__.py
index 37f0e4a6..4f3f9eec 100644
--- a/user_limited_access_settings/__manifest__.py
+++ b/user_limited_access_settings/__manifest__.py
@@ -9,12 +9,21 @@
     "license": "AGPL-3",
     "author": "GRAP",
     "website": "https://github.com/grap/grap-odoo-incubator",
-    "depends": ["base_setup", "auth_signup"],
+    "depends": [
+        # Odoo
+        "base_setup",
+        "auth_signup",
+        # OCA
+        "base_user_role",
+    ],
     "data": [
         "security/res_groups.xml",
         "security/ir_rule.xml",
         "security/ir.model.access.csv",
         "views/menu.xml",
     ],
-    "demo": [],
+    "demo": [
+        "demo/res_partner.xml",
+        "demo/res_users.xml",
+    ],
 }
diff --git a/user_limited_access_settings/demo/res_partner.xml b/user_limited_access_settings/demo/res_partner.xml
new file mode 100644
index 00000000..96db4826
--- /dev/null
+++ b/user_limited_access_settings/demo/res_partner.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2024 Sylvain LE GAL - GRAP
+     License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). -->
+
+<odoo>
+
+    <record id="partner_demo" model="res.partner">
+        <field name="name">Limited Access</field>
+        <field name="company_id" ref="base.main_company"/>
+        <field name="country_id" ref="base.us"/>
+        <field name="tz">Europe/Brussels</field>
+        <field name="email">limited@access.com</field>
+    </record>
+
+</odoo>
diff --git a/user_limited_access_settings/demo/res_users.xml b/user_limited_access_settings/demo/res_users.xml
new file mode 100644
index 00000000..b91f91b3
--- /dev/null
+++ b/user_limited_access_settings/demo/res_users.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2024 Sylvain LE GAL - GRAP
+     License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). -->
+
+<odoo>
+
+    <record id="user_demo" model="res.users">
+        <field name="partner_id" ref="partner_demo"/>
+        <field name="login">limited</field>
+        <field name="password">limited</field>
+        <field name="signature" type="html"><span>-- <br/>+Mr Limited Access</span></field>
+        <field name="company_id" ref="base.main_company"/>
+        <field name="groups_id" eval="[Command.set([
+            ref('user_limited_access_settings.group_limited_settings'),
+            ref('base.group_partner_manager'),
+            ])]"/>
+    </record>
+
+</odoo>
diff --git a/user_limited_access_settings/models/res_users.py b/user_limited_access_settings/models/res_users.py
index 68226557..4545e35f 100644
--- a/user_limited_access_settings/models/res_users.py
+++ b/user_limited_access_settings/models/res_users.py
@@ -1,13 +1,21 @@
 # Copyright 2024 Sylvain LE GAL - GRAP
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
-from odoo import _, api, models
+from odoo import _, api, fields, models
 from odoo.exceptions import ValidationError
 
 
 class ResUsers(models.Model):
     _inherit = "res.users"
 
+    role_line_ids = fields.One2many(
+        groups="base.group_erp_manager,user_limited_access_settings.group_limited_settings",
+    )
+
+    role_ids = fields.One2many(
+        groups="base.group_erp_manager,user_limited_access_settings.group_limited_settings",
+    )
+
     @api.constrains("groups_id")
     def _check_escalation(self):
         if self.env.user._is_admin():
@@ -33,26 +41,3 @@ def _check_escalation(self):
                         ),
                     )
                 )
-
-    # def write(self, vals):
-    #     print("write", self.ids, vals)
-    #     if not self.env.user.has_privilege_escalation:
-    #         group_ids = []
-    #         for k, v in vals.items():
-    #             if k.startswith("in_group_") and v:
-    #                 group_ids.append(int(k.split("in_group_")[1]))
-    #         print("group_ids", group_ids)
-    #         for group_id in group_ids:
-    #             if group_id not in self.env.user.groups_id.ids:
-    #                 group = self.env["res.groups"].browse(group_id)
-    #                 raise ValidationError(
-    #                     _(
-    #                         "You can set the group '%(group_name)s'"
-    #                         " to users, because you are not member of this group.",
-    #                         group_name=group.display_name,
-    #                     )
-    #                 )
-
-    #     # Peut être utiliser une contrainte ?
-
-    #     return super().write(vals)
diff --git a/user_limited_access_settings/readme/DESCRIPTION.rst b/user_limited_access_settings/readme/DESCRIPTION.rst
index 423365c9..02488af9 100644
--- a/user_limited_access_settings/readme/DESCRIPTION.rst
+++ b/user_limited_access_settings/readme/DESCRIPTION.rst
@@ -1,9 +1,8 @@
-This module adds a new basic Administration group named,
-"Limited Settings".
+This module adds a new basic Administration group named, "Limited Settings".
 
-Members of this group can only create users and companies.
+Members of this group can only create users and companies, and see User Roles.
 
-Note:
+**Note:**
 
 We prevent right escalation, by preventing user to give access to
 groups if he is not member of the group himself.
diff --git a/user_limited_access_settings/security/ir.model.access.csv b/user_limited_access_settings/security/ir.model.access.csv
index 37982cab..678a9982 100644
--- a/user_limited_access_settings/security/ir.model.access.csv
+++ b/user_limited_access_settings/security/ir.model.access.csv
@@ -4,3 +4,5 @@ access_change_password_wizard,access.change.password.wizard,base.model_change_pa
 access_res_company_group_erp_manager,res_company group_erp_manager,base.model_res_company,group_limited_settings,1,1,1,1
 access_res_users_group_erp_manager,res_users group_erp_manager,base.model_res_users,group_limited_settings,1,1,1,1
 access_ir_module_category_group_user,ir_module_category group_user,base.model_ir_module_category,group_limited_settings,1,0,0,0
+access_res_users_role_limited,access_res_users_role_limited,base_user_role.model_res_users_role,group_limited_settings,1,0,0,0
+access_res_users_role_line_limited,access_res_users_role_line_limited,base_user_role.model_res_users_role_line,group_limited_settings,1,1,1,1
diff --git a/user_limited_access_settings/tests/test_module.py b/user_limited_access_settings/tests/test_module.py
index 9e4338a6..dc2f8daa 100644
--- a/user_limited_access_settings/tests/test_module.py
+++ b/user_limited_access_settings/tests/test_module.py
@@ -11,15 +11,11 @@ class TestModule(TransactionCase):
     @classmethod
     def setUpClass(cls):
         super().setUpClass()
-        cls.demo_user = cls.env.ref("base.user_demo")
+        cls.demo_user = cls.env.ref("user_limited_access_settings.user_demo")
         cls.limited_group = cls.env.ref(
             "user_limited_access_settings.group_limited_settings"
         )
         cls.random_group = cls.env.ref("base.group_private_addresses")
-        cls.demo_user.groups_id = [
-            Command.link(cls.limited_group.id),
-            Command.unlink(cls.random_group.id),
-        ]
         cls.user_vals = {
             "name": "User 1",
             "login": "login1",