thirdparty
/
CybroAddons
mirror of https://github.com/CybroOdoo/CybroAddons.git
5
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Aug 18: [FIX] Bug Fixed 'model_access_rights'

pull/313/merge
Risvana Cybro 4 weeks ago
parent
a99ebff711
commit
1f12d835ba
8 changed files with 168 additions and 70 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      model_access_rights/__manifest__.py
  2. 7
      model_access_rights/doc/RELEASE_NOTES.md
  3. 37
      model_access_rights/models/access_right.py
  4. 78
      model_access_rights/models/models.py
  5. 30
      model_access_rights/static/src/views/form_controller.js
  6. 33
      model_access_rights/static/src/views/kanban_controller.js
  7. 41
      model_access_rights/static/src/views/list_controller.js
  8. 10
      model_access_rights/views/access_right_views.xml

2
model_access_rights/__manifest__.py
View File

@ -21,7 +21,7 @@
############################################################################# #############################################################################
{ {
'name': 'Hide Create|Delete|Archive|Export Options - Model Wise', 'name': 'Hide Create|Delete|Archive|Export Options - Model Wise',
'version': '17.0.1.0.0', 'version': '17.0.2.0.0',
'category': 'Extra Tools, Productivity', 'category': 'Extra Tools, Productivity',
'summary': """ Can hide options from user """, 'summary': """ Can hide options from user """,
'description': """ By using this module we can hide the options like create, 'description': """ By using this module we can hide the options like create,

7
model_access_rights/doc/RELEASE_NOTES.md
View File

@ -3,3 +3,10 @@
#### Version 17.0.1.0.0 #### Version 17.0.1.0.0
##### ADD ##### ADD
- Initial Commit for Hide Create|Delete|Archive|Export Options - Model Wise - Initial Commit for Hide Create|Delete|Archive|Export Options - Model Wise
#### 13.07.2025
#### Version 17.0.2.0.0
#### UPDT
- Added a new option to restrict model access rights for certain user.

37
model_access_rights/models/access_right.py
View File

@ -32,9 +32,10 @@ class ModelAccessRights(models.Model):
_description = 'Manage Modules Access Control' _description = 'Manage Modules Access Control'
_rec_name = 'model_id' _rec_name = 'model_id'
model_id = fields.Many2one('ir.model', ondelete='cascade', required=True, model_id = fields.Many2one('ir.model', ondelete='cascade',
required=True,
help="select the model") help="select the model")
groups_id = fields.Many2one('res.groups', required=True, groups_id = fields.Many2one('res.groups',
help="select the group") help="select the group")
is_delete = fields.Boolean(string="Delete", help="hide the delete option") is_delete = fields.Boolean(string="Delete", help="hide the delete option")
is_export = fields.Boolean(string="Export", is_export = fields.Boolean(string="Export",
@ -45,6 +46,12 @@ class ModelAccessRights(models.Model):
" as well as form view") " as well as form view")
is_archive = fields.Boolean(string="Archive/UnArchive", is_archive = fields.Boolean(string="Archive/UnArchive",
help="hide the archive option") help="hide the archive option")
restriction_type = fields.Selection([
('user', 'User Wise'),
('group', 'Group Wise')
], 'Restriction Type',required=True,default="group")
user_id = fields.Many2one('res.users',
help="select the user")
@api.model @api.model
def hide_buttons(self): def hide_buttons(self):
@ -54,21 +61,29 @@ class ModelAccessRights(models.Model):
'is_export', 'is_export',
'is_create_or_update', 'is_create_or_update',
'is_archive', 'is_archive',
'restriction_type',
'user_id',
'groups_id']) 'groups_id'])
for dic in access_right_rec: for dic in access_right_rec:
model = self.env['ir.model'].sudo().browse(dic['model_id'][0]).model model = self.env['ir.model'].sudo().browse(dic['model_id'][0]).model
group_name = self.env['ir.model.data'].sudo().search([ if dic['restriction_type'] == "group":
('model', '=', 'res.groups'), group_name = self.env['ir.model.data'].sudo().search([
('res_id', '=', dic['groups_id'][0]) ('model', '=', 'res.groups'),
]).name ('res_id', '=', dic['groups_id'][0])
]).name
module_name = self.env['ir.model.data'].sudo().search([ module_name = self.env['ir.model.data'].sudo().search([
('model', '=', 'res.groups'), ('model', '=', 'res.groups'),
('res_id', '=', dic['groups_id'][0]) ('res_id', '=', dic['groups_id'][0])
]).module ]).module
else:
group_name=False
module_name=False
dic.update({ dic.update({
'model': model, 'model': model,
'group_name': group_name, 'group_name': group_name,
'module': module_name 'module': module_name,
'restriction_type': dic['restriction_type'],
'user': dic['user_id']
}) })
return access_right_rec return access_right_rec

78
model_access_rights/models/models.py
View File

@ -153,24 +153,33 @@ def _create(self, data_list):
[('model', '=', self._name)]).id [('model', '=', self._name)]).id
access_right_rec = self.env['access.right'].sudo().search_read( access_right_rec = self.env['access.right'].sudo().search_read(
[('model_id', '=', current_model_id)], [('model_id', '=', current_model_id)],
['model_id', 'is_create_or_update', ['model_id', 'is_create_or_update','restriction_type','user_id',
'groups_id']) 'groups_id'])
if access_right_rec and not self.env.is_admin(): if access_right_rec and not self.env.is_admin():
for rec in access_right_rec: for rec in access_right_rec:
group_name = self.env['ir.model.data'].sudo().search([ if rec['restriction_type']=='group':
('model', '=', 'res.groups'), group_name = self.env['ir.model.data'].sudo().search([
('res_id', '=', rec['groups_id'][0]) ('model', '=', 'res.groups'),
]).name ('res_id', '=', rec['groups_id'][0])
module_name = self.env['ir.model.data'].sudo().search([ ]).name
('model', '=', 'res.groups'), module_name = self.env['ir.model.data'].sudo().search([
('res_id', '=', rec['groups_id'][0]) ('model', '=', 'res.groups'),
]).module ('res_id', '=', rec['groups_id'][0])
group = module_name + "." + group_name ]).module
if self.env.user.has_group(group): group = module_name + "." + group_name
if rec['is_create_or_update']: if self.env.user.has_group(group):
raise UserError('You are restricted from performing this' if rec['is_create_or_update']:
' operation. Please contact the' raise UserError(
' administrator.') 'You are restricted from performing this'
' operation. Please contact the'
' administrator.')
if rec['restriction_type']=='user':
if self.env.user.id == rec['user_id'][0]:
if rec['is_create_or_update']:
raise UserError(
'You are restricted from performing this'
' operation. Please contact the'
' administrator.')
return records return records
@ -283,25 +292,34 @@ def unlink(self):
[('model', '=', self._name)]).id [('model', '=', self._name)]).id
access_right_rec = self.env['access.right'].sudo().search_read( access_right_rec = self.env['access.right'].sudo().search_read(
[('model_id', '=', current_model_id)], ['model_id', 'is_delete', [('model_id', '=', current_model_id)], ['model_id', 'is_delete',
'restriction_type','user_id',
'groups_id']) 'groups_id'])
if access_right_rec and not self.env.is_admin(): if access_right_rec and not self.env.is_admin():
for rec in access_right_rec: for rec in access_right_rec:
group_name = self.env['ir.model.data'].sudo().search([ if rec['restriction_type'] == 'group':
('model', '=', 'res.groups'), group_name = self.env['ir.model.data'].sudo().search([
('res_id', '=', rec['groups_id'][0]) ('model', '=', 'res.groups'),
]).name ('res_id', '=', rec['groups_id'][0])
module_name = self.env['ir.model.data'].sudo().search([ ]).name
('model', '=', 'res.groups'), module_name = self.env['ir.model.data'].sudo().search([
('res_id', '=', rec['groups_id'][0]) ('model', '=', 'res.groups'),
]).module ('res_id', '=', rec['groups_id'][0])
group = module_name + "." + group_name ]).module
if self.env.user.has_group(group): group = module_name + "." + group_name
if rec['is_delete']: if self.env.user.has_group(group):
raise UserError(_('You are restricted from performing this' if rec['is_delete']:
' operation. Please contact the' raise UserError(
' administrator.')) _('You are restricted from performing this'
' operation. Please contact the'
' administrator.'))
if rec['restriction_type']=='user':
if self.env.user.id == rec['user_id'][0]:
if rec['is_delete']:
raise UserError(
'You are restricted from performing this'
' operation. Please contact the'
' administrator.')
return True return True
BaseModel._create = _create BaseModel._create = _create
BaseModel.unlink = unlink BaseModel.unlink = unlink

30
model_access_rights/static/src/views/form_controller.js
View File

@ -4,6 +4,7 @@
*/ */
import { FormController} from "@web/views/form/form_controller"; import { FormController} from "@web/views/form/form_controller";
import { patch} from "@web/core/utils/patch"; import { patch} from "@web/core/utils/patch";
import {useService} from "@web/core/utils/hooks";
const { onWillStart} = owl; const { onWillStart} = owl;
patch(FormController.prototype,{ patch(FormController.prototype,{
/** /**
@ -11,7 +12,8 @@ patch(FormController.prototype,{
*/ */
setup() { setup() {
super.setup(...arguments); super.setup(...arguments);
this.rpc = this.env.services.rpc this.rpc = useService("rpc")
this.user = useService("user");
onWillStart(async () => { onWillStart(async () => {
var self = this var self = this
var result; var result;
@ -22,16 +24,30 @@ patch(FormController.prototype,{
for (var i = 0; i < result.length; i++) { for (var i = 0; i < result.length; i++) {
var group = result[i].module + "." + result[i].group_name var group = result[i].module + "." + result[i].group_name
if (self.props.resModel == result[i].model) { if (self.props.resModel == result[i].model) {
if (await self.user.hasGroup(group)) { if (result[i].restriction_type == "group") {
if (!this.user.isAdmin) { if (await self.user.hasGroup(group)) {
if (result[i].is_create_or_update) { if (!this.user.isAdmin) {
self.canCreate = false if (result[i].is_create_or_update) {
self.canCreate = false
}
if (result[i].is_delete) {
this.archInfo.activeActions.delete = false
}
} }
if (result[i].is_delete) { }
this.archInfo.activeActions.delete = false } else {
if (await self.user.userId == result[i].user[0]) {
if (!this.user.isAdmin) {
if (result[i].is_create_or_update) {
self.canCreate = false
}
if (result[i].is_delete) {
this.archInfo.activeActions.delete = false
}
} }
} }
} }
} }
} }
}); });

33
model_access_rights/static/src/views/kanban_controller.js
View File

@ -4,6 +4,7 @@
*/ */
import { KanbanController } from '@web/views/kanban/kanban_controller'; import { KanbanController } from '@web/views/kanban/kanban_controller';
import { patch} from "@web/core/utils/patch"; import { patch} from "@web/core/utils/patch";
import {useService} from "@web/core/utils/hooks";
const {onWillStart} = owl; const {onWillStart} = owl;
patch(KanbanController.prototype,{ patch(KanbanController.prototype,{
/** /**
@ -11,7 +12,8 @@ patch(KanbanController.prototype,{
*/ */
setup() { setup() {
super.setup(...arguments); super.setup(...arguments);
this.rpc = this.env.services.rpc this.rpc = useService("rpc")
this.user = useService("user");
onWillStart(async () => { onWillStart(async () => {
var self = this var self = this
var result; var result;
@ -22,17 +24,32 @@ patch(KanbanController.prototype,{
for (var i = 0; i < result.length; i++) { for (var i = 0; i < result.length; i++) {
var group = result[i].module + "." + result[i].group_name var group = result[i].module + "." + result[i].group_name
if (self.props.resModel == result[i].model) { if (self.props.resModel == result[i].model) {
if (await self.model.user.hasGroup(group)) { if (result[i].restriction_type == "group") {
if (!self.model.user.isAdmin) { if (await self.user.hasGroup(group)) {
if (result[i].is_create_or_update) { if (!self.user.isAdmin) {
self.props.archInfo.activeActions.create=false if (result[i].is_create_or_update) {
self.props.archInfo.activeActions.edit=false self.props.archInfo.activeActions.create = false
self.props.archInfo.activeActions.edit = false
}
if (result[i].is_delete) {
self.props.archInfo.activeActions.delete = false
}
} }
if (result[i].is_delete) { }
self.props.archInfo.activeActions.delete=false } else {
if (await self.user.userId == result[i].user[0]) {
if (!self.user.isAdmin) {
if (result[i].is_create_or_update) {
self.props.archInfo.activeActions.create = false
self.props.archInfo.activeActions.edit = false
}
if (result[i].is_delete) {
self.props.archInfo.activeActions.delete = false
}
} }
} }
} }
} }
} }
}); });

41
model_access_rights/static/src/views/list_controller.js
View File

@ -4,6 +4,7 @@
*/ */
import { ListController} from '@web/views/list/list_controller'; import { ListController} from '@web/views/list/list_controller';
import { patch} from "@web/core/utils/patch"; import { patch} from "@web/core/utils/patch";
import { useService } from "@web/core/utils/hooks";
const {onWillStart} = owl; const {onWillStart} = owl;
patch(ListController.prototype, { patch(ListController.prototype, {
/** /**
@ -11,7 +12,8 @@ patch(ListController.prototype, {
*/ */
setup() { setup() {
super.setup(...arguments); super.setup(...arguments);
this.rpc = this.env.services.rpc this.rpc = useService("rpc")
this.user = useService("user");
onWillStart(async () => { onWillStart(async () => {
var self = this var self = this
var result; var result;
@ -22,17 +24,34 @@ patch(ListController.prototype, {
for (var i = 0; i < result.length; i++) { for (var i = 0; i < result.length; i++) {
var group = result[i].module + "." + result[i].group_name var group = result[i].module + "." + result[i].group_name
if (self.props.resModel == result[i].model) { if (self.props.resModel == result[i].model) {
if (await self.userService.hasGroup(group)) { if (result[i].restriction_type == "group") {
if (!this.userService.isAdmin) { if (await self.user.hasGroup(group)) {
if (result[i].is_create_or_update) { if (!this.user.isAdmin) {
self.activeActions.create = false; if (result[i].is_create_or_update) {
self.activeActions.create = false;
}
if (result[i].is_export) {
self.isExportEnable = false
self.isExportEnable = false
}
if (result[i].is_delete) {
self.activeActions.delete = false;
}
} }
if (result[i].is_export) { }
self.isExportEnable = false } else {
self.isExportEnable = false if (await self.user.userId == result[i].user[0]) {
} if (!this.user.isAdmin) {
if (result[i].is_delete) { if (result[i].is_create_or_update) {
self.activeActions.delete = false; self.activeActions.create = false;
}
if (result[i].is_export) {
self.isExportEnable = false
self.isExportEnable = false
}
if (result[i].is_delete) {
self.activeActions.delete = false;
}
} }
} }
} }

10
model_access_rights/views/access_right_views.xml
View File

@ -30,8 +30,14 @@
<sheet> <sheet>
<group> <group>
<group> <group>
<field name="model_id"/> <field name="model_id"/>
<field name="groups_id"/> <field name="restriction_type"/>
<field name="user_id"
required="restriction_type == 'user'"
invisible="restriction_type == 'group'"/>
<field name="groups_id"
required="restriction_type == 'group'"
invisible="restriction_type == 'user'"/>
</group> </group>
<group> <group>
<field name="is_delete"/> <field name="is_delete"/>

Write Preview
Loading…
Cancel
Save