Skip to content

Commit

Permalink
[ADD] base_user_effective_permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
hbrunn committed Nov 21, 2024
1 parent 778242d commit c18bda0
Show file tree
Hide file tree
Showing 20 changed files with 785 additions and 0 deletions.
22 changes: 22 additions & 0 deletions base_user_effective_permissions/=
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Copyright 2023 Hunki Enterprises BV
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0)

{
"name": "Effective permissions",
"summary": "Inspect effective permissions applying to a user",
"version": "16.0.1.0.0",
"development_status": "Alpha",
"category": "Technical",
"website": "https://github.com/OCA/server-backend",
"author": "Hunki Enterprises BV, Odoo Community Association (OCA)",
"maintainers": ["hbrunn"],
"license": "AGPL-3",
"depends": [
"base",
],
"data": [
"security/ir.model.access.csv",
"views/res_users_effective_permission.xml",
"views/res_users.xml",
],
}
99 changes: 99 additions & 0 deletions base_user_effective_permissions/README.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
=====================
Effective permissions
=====================

..
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:3cc525388bdbfdd6ea4e40ff9cc8d49b41c9e20aa0a7a50b52916158b6f99ccc
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
.. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png
:target: https://odoo-community.org/page/development-status
:alt: Alpha
.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
:target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
:alt: License: AGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github
:target: https://github.com/OCA/server-backend/tree/16.0/base_user_effective_permissions
:alt: OCA/server-backend
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
:target: https://translation.odoo-community.org/projects/server-backend-16-0/server-backend-16-0-base_user_effective_permissions
:alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
:target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=16.0
:alt: Try me on Runboat

|badge1| |badge2| |badge3| |badge4| |badge5|

This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions.

.. IMPORTANT::
This is an alpha version, the data model and design can change at any time without warning.
Only for development or testing purpose, do not use in production.
`More details on development status <https://odoo-community.org/page/development-status>`_

**Table of contents**

.. contents::
:local:

Usage
=====

To use this module, you need to:

#. Go to Settings/Users & Companies
#. Open a user
#. Click the `Effective permissions` button
#. Note you can switch between the rule domains in text form or as domain widget

Bug Tracker
===========

Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-backend/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/OCA/server-backend/issues/new?body=module:%20base_user_effective_permissions%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.

Do not contact contributors directly about support or help with technical issues.

Credits
=======

Authors
~~~~~~~

* Hunki Enterprises BV

Contributors
~~~~~~~~~~~~

* Holger Brunn <[email protected]> (https://hunki-enterprises.com)

Maintainers
~~~~~~~~~~~

This module is maintained by the OCA.

.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org

OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.

.. |maintainer-hbrunn| image:: https://github.com/hbrunn.png?size=40px
:target: https://github.com/hbrunn
:alt: hbrunn

Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:

|maintainer-hbrunn|

This module is part of the `OCA/server-backend <https://github.com/OCA/server-backend/tree/16.0/base_user_effective_permissions>`_ project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
1 change: 1 addition & 0 deletions base_user_effective_permissions/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
from . import models
22 changes: 22 additions & 0 deletions base_user_effective_permissions/__manifest__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Copyright 2023 Hunki Enterprises BV
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0)

{
"name": "Effective permissions",
"summary": "Inspect effective permissions applying to a user",
"version": "16.0.1.0.0",
"development_status": "Alpha",
"category": "Technical",
"website": "https://github.com/OCA/server-backend",
"author": "Hunki Enterprises BV, Odoo Community Association (OCA)",
"maintainers": ["hbrunn"],
"license": "AGPL-3",
"depends": [
"base",
],
"data": [
"security/ir.model.access.csv",
"views/res_users_effective_permission.xml",
"views/res_users.xml",
],
}
Empty file.
2 changes: 2 additions & 0 deletions base_user_effective_permissions/models/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
from . import res_users
from . import res_users_effective_permission
22 changes: 22 additions & 0 deletions base_user_effective_permissions/models/res_users.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Copyright 2023 Hunki Enterprises BV
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0)


from odoo import _, models


class ResUsers(models.Model):
_inherit = "res.users"

def action_show_effective_permissions(self):
self.ensure_one()
permissions = self.env["res.users.effective.permission"]._generate_permissions(
self
)
return {
"type": "ir.actions.act_window",
"name": _("Effective permissions for %s") % self.name,
"res_model": "res.users.effective.permission",
"view_mode": "tree",
"domain": [("id", "in", permissions.ids)],
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
# Copyright 2023 Hunki Enterprises BV
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0)


from odoo import fields, models


class ResUsersEffectivePermission(models.TransientModel):
_name = "res.users.effective.permission"
_order = "model_human_name"
_description = "Effective permissions"

model_id = fields.Many2one("ir.model", string="Model")
model_name = fields.Char(related="model_id.model", string="Model name")
model_human_name = fields.Char(
related="model_id.name", store=True, string="Human readable model name"
)
create_permission = fields.Boolean("Create")
create_domain = fields.Char("Create restrictions")
create_domain_widget = fields.Char(related="create_domain", string="Create domain")
read_permission = fields.Boolean("Read")
read_domain = fields.Char("Read restrictions")
read_domain_widget = fields.Char(related="read_domain", string="Read domain")
write_permission = fields.Boolean("Write")
write_domain = fields.Char("Write restrictions")
write_domain_widget = fields.Char(related="write_domain", string="Write domain")
unlink_permission = fields.Boolean("Delete")
unlink_domain = fields.Char("Delete restrictions")
unlink_domain_widget = fields.Char(related="unlink_domain", string="Delete domain")

def _generate_permissions(self, user):
permissions = self.browse([])
operations = ("create", "unlink", "read", "write")
IrRule = (
self.env["ir.rule"]
.with_user(user)
.with_company(user.company_id)
.with_context(
allowed_company_ids=user.company_id.ids,
)
)
for model_record in self.env["ir.model"].search([]):
if model_record.model not in self.env:
continue

Check warning on line 44 in base_user_effective_permissions/models/res_users_effective_permission.py

View check run for this annotation

Codecov / codecov/patch

base_user_effective_permissions/models/res_users_effective_permission.py#L44

Added line #L44 was not covered by tests
model = (
self.env[model_record.model]
.with_user(user)
.with_company(user.company_id)
.with_context(allowed_company_ids=user.company_id.ids)
)
vals = {"model_id": model_record.id}
vals.update(
{
"%s_permission"
% operation: model.check_access_rights(operation, False)
for operation in operations
}
)
vals.update(
{
"%s_domain"
% operation: IrRule._compute_domain(model._name, operation)
for operation in operations
}
)
permissions += self.create(vals)
return permissions
1 change: 1 addition & 0 deletions base_user_effective_permissions/readme/CONTRIBUTORS.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* Holger Brunn <[email protected]> (https://hunki-enterprises.com)
1 change: 1 addition & 0 deletions base_user_effective_permissions/readme/DESCRIPTION.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions.
6 changes: 6 additions & 0 deletions base_user_effective_permissions/readme/USAGE.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
To use this module, you need to be in developer mode and:

#. Go to Settings/Users & Companies
#. Open a user
#. Click the `Effective permissions` button
#. Note you can switch between the rule domains in text form or as domain widget
2 changes: 2 additions & 0 deletions base_user_effective_permissions/security/ir.model.access.csv
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_res_users_effective_permission,access_res_users_effective_permission,base_user_effective_permissions.model_res_users_effective_permission,base.group_user,1,0,1,0
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit c18bda0

Please sign in to comment.