Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[14.0][FIX][IMP] base_user_role_profile : add the missing swiching widget, add new options to further improve the usability #310

Open
wants to merge 10 commits into
base: 14.0
Choose a base branch
from
37 changes: 29 additions & 8 deletions base_user_role_profile/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ User profiles
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:7f308b13d03b7b0e6850750c99b22d6402ac11c6dffc22e98b902f25d888360b
!! source digest: sha256:f0a35c3f15b1acf7c8ebc040651638e87cb2ded68c502f1d0260f48498d10330
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
Expand All @@ -31,13 +31,21 @@ User profiles
Extending the base_user_role module, this one adds the notion of profiles. Effectively profiles act as an additional filter to how the roles are used.

This allows users to switch their permission groups dynamically. This can be useful for example to:
- finer grain control on menu and model permissions (with record rules this becomes very flexible)
- break down complicated menus into simpler ones
- easily restrict users accidentally editing or creating records in O2M fields and in general misusing the interface, instead of excessively explaining things to them

* finer grain control on menu and model permissions (with record rules this becomes very flexible)
* break down complicated menus into simpler ones
* easily restrict users accidentally editing or creating records in O2M fields and in general misusing the interface, instead of excessively explaining things to them

When you define a role, you have the possibility to link it to a profile. Roles are applied to users in the following way:
- Apply user's roles without profiles in any case
- Apply user's roles that are linked to the currently selected profile

* Apply user's roles without profiles in any case
* Apply user's roles that are linked to the currently selected profile

In addition you can:

* Add a 'no profile' profile to the user's choice of profile, to allow him to select a specific profile which enables only the roles without a profile.
* Restrict the user to change it's profile, which can be usefull in a security emergency.


**Table of contents**

Expand All @@ -47,12 +55,24 @@ When you define a role, you have the possibility to link it to a profile. Roles
Configuration
=============

Go to Configuration / Users / Profiles and create a profile. Go to Configuration / Users / Roles and define some role lines with profiles.
To configure this module, you need to go to *Configuration / Users / Profiles*,
and create a new profile.

Then go to *Configuration / Users / Roles* and set some roles with a profile.

Then go to *Configuration / Users / Users* and add some roles if not already done. The allowed profiles will computes automatically.

In addition you can:

* Check the "Include Default Profile" box to have the default profile as an allowed profile.
* Change the current profile if needed.
* Check the "Restrict Profile Switching" to restrict the user to change it's profile, in that case you can still change it from the user's settings form.

Usage
=====

Once you have set up at least one profile for a user, use the widget in the top bar to switch user profiles. Note that it is possible to use no profile; in this case, the user will only get the roles that always apply (i.e the ones with no profile_id).
Once you have set up at least one profile for a user, use the widget in the top bar to switch user profiles.
Note that it is possible to use no profile; in this case, the user will only get the roles that always apply (i.e the ones with no profile_id).

Bug Tracker
===========
Expand All @@ -75,6 +95,7 @@ Authors
Contributors
~~~~~~~~~~~~

* Olivier Nibart <[email protected]>
* Kevin Khao <[email protected]>
* Sébastien Beau <[email protected]>

Expand Down
1 change: 1 addition & 0 deletions base_user_role_profile/__manifest__.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
"author": "Akretion, Odoo Community Association (OCA)",
"license": "AGPL-3",
"website": "https://github.com/OCA/server-backend",
"maintainers": ["nayatec"],
"depends": ["base_user_role", "web"],
"post_init_hook": "post_init_hook",
"data": [
Expand Down
7 changes: 6 additions & 1 deletion base_user_role_profile/models/ir_http.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,12 @@ class Http(models.AbstractModel):
def session_info(self): # pragma: no cover
result = super().session_info()
user = request.env.user
allowed_profiles = [(profile.id, profile.name) for profile in user.profile_ids]
if not user.restrict_profile_switching:
allowed_profiles = [
(profile.id, profile.name) for profile in user.profile_ids
]
else:
allowed_profiles = []
if len(allowed_profiles) > 1:
current_profile = (user.profile_id.id, user.profile_id.name)
result["user_profiles"] = {
Expand Down
7 changes: 7 additions & 0 deletions base_user_role_profile/models/role.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,13 @@
"Profile",
)

def write(self, vals):
res = super().write(vals)

Check warning on line 14 in base_user_role_profile/models/role.py

View check run for this annotation

Codecov / codecov/patch

base_user_role_profile/models/role.py#L14

Added line #L14 was not covered by tests
if "profile_id" in vals:
# update the user's allowed profiles
self.user_ids._compute_profile_ids()
return res

Check warning on line 18 in base_user_role_profile/models/role.py

View check run for this annotation

Codecov / codecov/patch

base_user_role_profile/models/role.py#L17-L18

Added lines #L17 - L18 were not covered by tests


class ResUsersRoleLine(models.Model):
_inherit = "res.users.role.line"
Expand Down
31 changes: 27 additions & 4 deletions base_user_role_profile/models/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,21 @@ def _get_default_profile(self):
string="Currently allowed profiles",
)

restrict_profile_switching = fields.Boolean(
"Restrict Profile Switching",
help="If enabled, the user will be prevented from changing their profile. "
"This acts as a security measure to "
"lock users into their current profile.",
)

include_default_profile = fields.Boolean(
"Include Default Profile",
help="If enabled, the default profile ('no profile') will be added to "
"the user's allowed profiles. "
"This allows the user to select a profile that activates only the roles "
"not associated with any specific profile.",
)

def _get_action_root_menu(self):
# used JS-side. Reload the client; open the first available root menu
menu = self.env["ir.ui.menu"].search([("parent_id", "=", False)])[:1]
Expand All @@ -31,7 +46,8 @@ def _get_action_root_menu(self):
}

def action_profile_change(self, vals):
self.write(vals)
if not self.restrict_profile_switching:
self.write(vals)
return self._get_action_root_menu()

@api.model
Expand All @@ -42,12 +58,15 @@ def create(self, vals):
return new_record

def write(self, vals):
# inspired by base/models/res_users.py l. 491
if self == self.env.user and vals.get("profile_id"):
if not self.env.su and vals.get("profile_id"):
self.sudo().write({"profile_id": vals["profile_id"]})
del vals["profile_id"]
res = super().write(vals)
if vals.get("profile_id") or vals.get("role_line_ids"):
if (
"profile_id" in vals
or "role_line_ids" in vals
or "include_default_profile" in vals
):
self.sudo()._compute_profile_ids()
return res

Expand All @@ -67,9 +86,13 @@ def _update_profile_id(self):
self.write({"profile_id": self.profile_ids[0].id})

def _compute_profile_ids(self):
default_profile = self._get_default_profile()
for rec in self:
role_lines = rec.role_line_ids
profiles = role_lines.mapped("profile_id")
if rec.include_default_profile:
profiles = default_profile + profiles

rec.profile_ids = profiles
# set defaults in case applicable profile changes
rec._update_profile_id()
13 changes: 12 additions & 1 deletion base_user_role_profile/readme/CONFIGURE.rst
Original file line number Diff line number Diff line change
@@ -1 +1,12 @@
Go to Configuration / Users / Profiles and create a profile. Go to Configuration / Users / Roles and define some role lines with profiles.
To configure this module, you need to go to *Configuration / Users / Profiles*,
and create a new profile.

Then go to *Configuration / Users / Roles* and set some roles with a profile.

Then go to *Configuration / Users / Users* and add some roles if not already done. The allowed profiles will computes automatically.

In addition you can:

* Check the "Include Default Profile" box to have the default profile as an allowed profile.
* Change the current profile if needed.
* Check the "Restrict Profile Switching" to restrict the user to change it's profile, in that case you can still change it from the user's settings form.
1 change: 1 addition & 0 deletions base_user_role_profile/readme/CONTRIBUTORS.rst
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
* Olivier Nibart <[email protected]>
* Kevin Khao <[email protected]>
* Sébastien Beau <[email protected]>
17 changes: 12 additions & 5 deletions base_user_role_profile/readme/DESCRIPTION.rst
Original file line number Diff line number Diff line change
@@ -1,10 +1,17 @@
Extending the base_user_role module, this one adds the notion of profiles. Effectively profiles act as an additional filter to how the roles are used.

This allows users to switch their permission groups dynamically. This can be useful for example to:
- finer grain control on menu and model permissions (with record rules this becomes very flexible)
- break down complicated menus into simpler ones
- easily restrict users accidentally editing or creating records in O2M fields and in general misusing the interface, instead of excessively explaining things to them

* finer grain control on menu and model permissions (with record rules this becomes very flexible)
* break down complicated menus into simpler ones
* easily restrict users accidentally editing or creating records in O2M fields and in general misusing the interface, instead of excessively explaining things to them

When you define a role, you have the possibility to link it to a profile. Roles are applied to users in the following way:
- Apply user's roles without profiles in any case
- Apply user's roles that are linked to the currently selected profile

* Apply user's roles without profiles in any case
* Apply user's roles that are linked to the currently selected profile

In addition you can:

* Add a 'no profile' profile to the user's choice of profile, to allow him to select a specific profile which enables only the roles without a profile.
* Restrict the user to change it's profile, which can be usefull in a security emergency.
3 changes: 2 additions & 1 deletion base_user_role_profile/readme/USAGE.rst
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
Once you have set up at least one profile for a user, use the widget in the top bar to switch user profiles. Note that it is possible to use no profile; in this case, the user will only get the roles that always apply (i.e the ones with no profile_id).
Once you have set up at least one profile for a user, use the widget in the top bar to switch user profiles.
Note that it is possible to use no profile; in this case, the user will only get the roles that always apply (i.e the ones with no profile_id).
42 changes: 31 additions & 11 deletions base_user_role_profile/static/description/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -366,25 +366,32 @@ <h1 class="title">User profiles</h1>
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:7f308b13d03b7b0e6850750c99b22d6402ac11c6dffc22e98b902f25d888360b
!! source digest: sha256:f0a35c3f15b1acf7c8ebc040651638e87cb2ded68c502f1d0260f48498d10330
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-backend/tree/14.0/base_user_role_profile"><img alt="OCA/server-backend" src="https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-backend-14-0/server-backend-14-0-base_user_role_profile"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-backend&amp;target_branch=14.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
<p>Extending the base_user_role module, this one adds the notion of profiles. Effectively profiles act as an additional filter to how the roles are used.</p>
<dl class="docutils">
<dt>This allows users to switch their permission groups dynamically. This can be useful for example to:</dt>
<dd><ul class="first last simple">
<p>This allows users to switch their permission groups dynamically. This can be useful for example to:</p>
<blockquote>
<ul class="simple">
<li>finer grain control on menu and model permissions (with record rules this becomes very flexible)</li>
<li>break down complicated menus into simpler ones</li>
<li>easily restrict users accidentally editing or creating records in O2M fields and in general misusing the interface, instead of excessively explaining things to them</li>
</ul>
</dd>
<dt>When you define a role, you have the possibility to link it to a profile. Roles are applied to users in the following way:</dt>
<dd><ul class="first last simple">
</blockquote>
<p>When you define a role, you have the possibility to link it to a profile. Roles are applied to users in the following way:</p>
<blockquote>
<ul class="simple">
<li>Apply user’s roles without profiles in any case</li>
<li>Apply user’s roles that are linked to the currently selected profile</li>
</ul>
</dd>
</dl>
</blockquote>
<p>In addition you can:</p>
<blockquote>
<ul class="simple">
<li>Add a ‘no profile’ profile to the user’s choice of profile, to allow him to select a specific profile which enables only the roles without a profile.</li>
<li>Restrict the user to change it’s profile, which can be usefull in a security emergency.</li>
</ul>
</blockquote>
<p><strong>Table of contents</strong></p>
<div class="contents local topic" id="contents">
<ul class="simple">
Expand All @@ -401,11 +408,23 @@ <h1 class="title">User profiles</h1>
</div>
<div class="section" id="configuration">
<h1><a class="toc-backref" href="#toc-entry-1">Configuration</a></h1>
<p>Go to Configuration / Users / Profiles and create a profile. Go to Configuration / Users / Roles and define some role lines with profiles.</p>
<p>To configure this module, you need to go to <em>Configuration / Users / Profiles</em>,
and create a new profile.</p>
<p>Then go to <em>Configuration / Users / Roles</em> and set some roles with a profile.</p>
<p>Then go to <em>Configuration / Users / Users</em> and add some roles if not already done. The allowed profiles will computes automatically.</p>
<p>In addition you can:</p>
<blockquote>
<ul class="simple">
<li>Check the “Include Default Profile” box to have the default profile as an allowed profile.</li>
<li>Change the current profile if needed.</li>
<li>Check the “Restrict Profile Switching” to restrict the user to change it’s profile, in that case you can still change it from the user’s settings form.</li>
</ul>
</blockquote>
</div>
<div class="section" id="usage">
<h1><a class="toc-backref" href="#toc-entry-2">Usage</a></h1>
<p>Once you have set up at least one profile for a user, use the widget in the top bar to switch user profiles. Note that it is possible to use no profile; in this case, the user will only get the roles that always apply (i.e the ones with no profile_id).</p>
<p>Once you have set up at least one profile for a user, use the widget in the top bar to switch user profiles.
Note that it is possible to use no profile; in this case, the user will only get the roles that always apply (i.e the ones with no profile_id).</p>
</div>
<div class="section" id="bug-tracker">
<h1><a class="toc-backref" href="#toc-entry-3">Bug Tracker</a></h1>
Expand All @@ -426,6 +445,7 @@ <h2><a class="toc-backref" href="#toc-entry-5">Authors</a></h2>
<div class="section" id="contributors">
<h2><a class="toc-backref" href="#toc-entry-6">Contributors</a></h2>
<ul class="simple">
<li>Olivier Nibart &lt;<a class="reference external" href="mailto:olivier.nibart&#64;akretion.com">olivier.nibart&#64;akretion.com</a>&gt;</li>
<li>Kevin Khao &lt;<a class="reference external" href="mailto:kevin.khao&#64;akretion.com">kevin.khao&#64;akretion.com</a>&gt;</li>
<li>Sébastien Beau &lt;<a class="reference external" href="mailto:sebastien.beau&#64;akretion.com">sebastien.beau&#64;akretion.com</a>&gt;</li>
</ul>
Expand Down
83 changes: 83 additions & 0 deletions base_user_role_profile/static/src/js/switch_profile_menu.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
odoo.define("base_user_role_profile.SwitchProfileMenu", function (require) {
"use strict";

var config = require("web.config");
var core = require("web.core");
var session = require("web.session");
var SystrayMenu = require("web.SystrayMenu");
var Widget = require("web.Widget");
var _t = core._t;

var SwitchProfileMenu = Widget.extend({
template: "SwitchProfileMenu",
events: {
"click .dropdown-item[data-menu]": "_onClick",
},

init: function () {
this._super.apply(this, arguments);
this.isMobile = config.device.isMobile;
this._onClick = _.debounce(this._onClick, 1500, true);
},

start: function () {
var profilesList = "";
if (this.isMobile) {
profilesList =
'<li class="bg-info">' +
_t("Tap on the list to change profile") +
"</li>";
} else {
this.$(".oe_topbar_name").text(
session.user_profiles.current_profile[1]
);
}
_.each(session.user_profiles.allowed_profiles, function (profile) {
var a = "";
if (profile[0] === session.user_profiles.current_profile[0]) {
a = '<i class="fa fa-check mr8"></i>';
} else {
a = '<span style="margin-right: 24px;"/>';
}
profilesList +=
'<a role="menuitem" href="#" class="dropdown-item" data-menu="profile" data-profile-id="' +
profile[0] +
'">' +
a +
profile[1] +
"</a>";
});
this.$(".dropdown-menu").html(profilesList);
return this._super();
},

_onClick: function (ev) {
var self = this;
ev.preventDefault();
var profileID = $(ev.currentTarget).data("profile-id");
// We use this instead of the location.reload() because permissions change
// and we might land on a menu that we don't have permissions for. Thus it
// is cleaner to reload any root menu
this._rpc({
model: "res.users",
method: "action_profile_change",
args: [
[session.uid],
{
profile_id: profileID,
},
],
}).then(function (result) {
self.trigger_up("do_action", {
action: result,
});
});
},
});

if (session.user_profiles) {
SystrayMenu.Items.push(SwitchProfileMenu);
}

return SwitchProfileMenu;
});
Loading
Loading