Merge pull request OCA#253 from OCA/16.0

Syncing from upstream OCA/server-backend (16.0)

README.md

@@ -28,6 +28,7 @@ addon | version | maintainers | summary
 [base_import_match](base_import_match/) | 16.0.1.0.0 |  | Try to avoid duplicates before importing
 [base_portal_type](base_portal_type/) | 16.0.1.0.0 | [![hbrunn](https://github.com/hbrunn.png?size=30px)](https://github.com/hbrunn) | Base module to allow different types of portals
 [base_user_role](base_user_role/) | 16.0.1.2.1 | [![sebalix](https://github.com/sebalix.png?size=30px)](https://github.com/sebalix) [![jcdrubay](https://github.com/jcdrubay.png?size=30px)](https://github.com/jcdrubay) [![novawish](https://github.com/novawish.png?size=30px)](https://github.com/novawish) | User roles
+[base_user_role_company](base_user_role_company/) | 16.0.1.0.0 |  | User roles by company
 [base_user_role_history](base_user_role_history/) | 16.0.1.0.0 | [![ThomasBinsfeld](https://github.com/ThomasBinsfeld.png?size=30px)](https://github.com/ThomasBinsfeld) | This module allows to track the changes on users roles.
 
 [//]: # (end addons)

base_user_role_company/README.rst

@@ -0,0 +1,116 @@
+=====================
+User roles by company
+=====================
+
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-backend/tree/16.0/base_user_role_company
+    :alt: OCA/server-backend
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-backend-16-0/server-backend-16-0-base_user_role_company
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
+    :target: https://runbot.odoo-community.org/runbot/253/16.0
+    :alt: Try me on Runbot
+
+|badge1| |badge2| |badge3| |badge4| |badge5| 
+
+Enable User Roles depending on the Companies selected.
+
+A company specific Role will only be enabled
+if it is set for **all** the currently selected companies.
+
+For example, if a user is "Sales Manager" only for Company A,
+it will see that role enabled only if Company A is selected.
+If the user selects Company A and Company B,
+then the "Sales Manager" role won't be enabled.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+Roles are set on the User form.
+
+The "Company" additional column allows to set a Role as only valid for specific companies.
+
+There is also a "Active Role" techincal field, only visible in developer mode.
+It shows what roles are active, after applying the company selection rules.
+
+Usage
+=====
+
+Select the active companies from the web client widget, near the top right corner.
+When doing so, the User's security Groups are recomputed, based on the Roles.
+
+When the user changes the company selection, only the groups available to all active companies will be activated.
+
+For example:
+
+* A "SALES PERSON" and a "SALES MANAGER" roles are created.
+
+* A user is assigned to the roles:
+    * "SALES PERSON", with no specific company assigned (meaning all)
+    * "SALES MANAGER" only to "My Company (Chicago)"
+
+* When selecting active companies from the UI widget:
+    * If only "My Company (San Francisco)" is active, "SALES PERSON" will be active.
+    * If only "My Company (Chicago)" is active, "SALES PERSON" and "SALES MANAGER" will be active.
+    * If both "My Company (San Francisco)" and "My Company (Chicago)" is active, "SALES PERSON" will be active.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-backend/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-backend/issues/new?body=module:%20base_user_role_company%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Open Source Integrators
+
+Contributors
+~~~~~~~~~~~~
+
+`Open Source Integrators <http://opensourceintegrators.com>`_
+
+  * Daniel Reis <[email protected]>
+  * Chandresh Thakkar <[email protected]>
+  * Urvisha Desai <[email protected]>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-backend <https://github.com/OCA/server-backend/tree/16.0/base_user_role_company>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

base_user_role_company/__init__.py

@@ -0,0 +1,5 @@
+# Copyright (C) 2021 Open Source Integrators
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import controllers
+from . import models

base_user_role_company/__manifest__.py

@@ -0,0 +1,19 @@
+# Copyright (C) 2021 Open Source Integrators
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "User roles by company",
+    "version": "16.0.1.0.0",
+    "category": "Tools",
+    "author": "Open Source Integrators, Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "website": "https://github.com/OCA/server-backend",
+    "depends": ["base_user_role"],
+    "data": [
+        "views/role.xml",
+    ],
+    "installable": True,
+    "auto_install": True,
+    "maintainer": "dreispt",
+    "development_status": "Beta",
+}

base_user_role_company/controllers/__init__.py

@@ -0,0 +1 @@
+from . import main

base_user_role_company/controllers/main.py

@@ -0,0 +1,16 @@
+# Copyright (C) 2022 Open Source Integrators
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from odoo import http
+
+from odoo.addons.web.controllers.home import Home
+
+
+class HomeExtended(Home):
+    @http.route()
+    def web_load_menus(self, unique):
+        response = super().web_load_menus(unique)
+        # On logout & re-login we could see wrong menus being rendered
+        # To avoid this, menu http cache must be disabled
+        response.headers.remove("Cache-Control")
+        return response

base_user_role_company/i18n/base_user_role_company.pot

@@ -0,0 +1,58 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* base_user_role_company
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: base_user_role_company
+#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__allowed_company_ids
+msgid "Companies"
+msgstr ""
+
+#. module: base_user_role_company
+#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__company_id
+msgid "Company"
+msgstr ""
+
+#. module: base_user_role_company
+#: model:ir.model,name:base_user_role_company.model_ir_http
+msgid "HTTP Routing"
+msgstr ""
+
+#. module: base_user_role_company
+#: model:ir.model.fields,help:base_user_role_company.field_res_users_role_line__company_id
+msgid ""
+"If set, this role only applies when this is the main company selected. "
+"Otherwise it applies to all companies."
+msgstr ""
+
+#. module: base_user_role_company
+#: model:ir.model.constraint,message:base_user_role_company.constraint_res_users_role_line_user_role_uniq
+msgid "Roles can be assigned to a user only once at a time"
+msgstr ""
+
+#. module: base_user_role_company
+#: model:ir.model,name:base_user_role_company.model_res_users
+msgid "User"
+msgstr ""
+
+#. module: base_user_role_company
+#. odoo-python
+#: code:addons/base_user_role_company/models/role.py:0
+#, python-format
+msgid "User \"{}\" does not have access to the company \"{}\""
+msgstr ""
+
+#. module: base_user_role_company
+#: model:ir.model,name:base_user_role_company.model_res_users_role_line
+msgid "Users associated to a role"
+msgstr ""

base_user_role_company/i18n/it.po

@@ -0,0 +1,78 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* base_user_role_company
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 14.0\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2023-03-07 19:24+0000\n"
+"Last-Translator: Francesco Foresti <[email protected]>\n"
+"Language-Team: none\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.14.1\n"
+
+#. module: base_user_role_company
+#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__allowed_company_ids
+msgid "Companies"
+msgstr ""
+
+#. module: base_user_role_company
+#: model:ir.model.fields,field_description:base_user_role_company.field_res_users_role_line__company_id
+msgid "Company"
+msgstr "Azienda"
+
+#. module: base_user_role_company
+#: model:ir.model,name:base_user_role_company.model_ir_http
+msgid "HTTP Routing"
+msgstr "Instradamento HTTP"
+
+#. module: base_user_role_company
+#: model:ir.model.fields,help:base_user_role_company.field_res_users_role_line__company_id
+msgid ""
+"If set, this role only applies when this is the main company selected. "
+"Otherwise it applies to all companies."
+msgstr ""
+"Se impostato, questo ruolo si applica solo quando questa è l'azienda "
+"principale selezionata. Altrimenti vale per tutte le aziende."
+
+#. module: base_user_role_company
+#: model:ir.model.constraint,message:base_user_role_company.constraint_res_users_role_line_user_role_uniq
+msgid "Roles can be assigned to a user only once at a time"
+msgstr "I ruoli possono essere assegnati all'utente solo uno alla volta"
+
+#. module: base_user_role_company
+#: model:ir.model,name:base_user_role_company.model_res_users
+msgid "User"
+msgstr ""
+
+#. module: base_user_role_company
+#. odoo-python
+#: code:addons/base_user_role_company/models/role.py:0
+#, python-format
+msgid "User \"{}\" does not have access to the company \"{}\""
+msgstr "L'utente \"{}\" non ha l'accesso all'azienda \"{}\""
+
+#. module: base_user_role_company
+#: model:ir.model,name:base_user_role_company.model_res_users_role_line
+msgid "Users associated to a role"
+msgstr "Utenti associati al ruolo"
+
+#~ msgid "Display Name"
+#~ msgstr "Nome visualizzato"
+
+#~ msgid "ID"
+#~ msgstr "ID"
+
+#~ msgid "Last Modified on"
+#~ msgstr "Ultima modifica il"
+
+#~ msgid "Users"
+#~ msgstr "Utenti"
+
+#~ msgid "Active Role"
+#~ msgstr "Ruolo attivo"

base_user_role_company/models/__init__.py

@@ -0,0 +1,6 @@
+# Copyright (C) 2021 Open Source Integrators
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import role
+from . import user
+from . import ir_http

base_user_role_company/models/ir_http.py

@@ -0,0 +1,23 @@
+# Copyright (C) 2021 Open Source Integrators
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from odoo import models
+from odoo.http import request
+
+
+class IrHttp(models.AbstractModel):
+    _inherit = "ir.http"
+
+    def session_info(self):
+        """
+        Based on the selected companies (cids),
+        calculate the roles to enable.
+        A role should be enabled only when it applies to all selected companies.
+        """
+        result = super(IrHttp, self).session_info()
+        if self.env.user.role_line_ids:
+            cids_str = request.httprequest.cookies.get("cids", str(self.env.company.id))
+            cids = [int(cid) for cid in cids_str.split(",")]
+            # The first element of cids is the currently selected company
+            self.env.user.set_groups_from_roles(company_id=cids[0])
+        return result

base_user_role_company/models/role.py

@@ -0,0 +1,40 @@
+# Copyright (C) 2021 Open Source Integrators
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from odoo import _, api, fields, models
+from odoo.exceptions import ValidationError
+
+
+class ResUsersRoleLine(models.Model):
+    _inherit = "res.users.role.line"
+
+    allowed_company_ids = fields.Many2many(related="user_id.company_ids")
+    company_id = fields.Many2one(
+        "res.company",
+        "Company",
+        domain="[('id', 'in', allowed_company_ids)]",
+        help="If set, this role only applies when this is the main company selected."
+        " Otherwise it applies to all companies.",
+    )
+
+    @api.constrains("user_id", "company_id")
+    def _check_company(self):
+        for record in self:
+            if (
+                record.company_id
+                and record.company_id != record.user_id.company_id
+                and record.company_id not in record.user_id.company_ids
+            ):
+                raise ValidationError(
+                    _('User "{}" does not have access to the company "{}"').format(
+                        record.user_id.name, record.company_id.name
+                    )
+                )
+
+    _sql_constraints = [
+        (
+            "user_role_uniq",
+            "unique (user_id,role_id,company_id)",
+            "Roles can be assigned to a user only once at a time",
+        )
+    ]