[16.0][ADD] base_user_effective_permissions

base_user_effective_permissions/=

@@ -0,0 +1,22 @@
+# Copyright 2023 Hunki Enterprises BV
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0)
+
+{
+    "name": "Effective permissions",
+    "summary": "Inspect effective permissions applying to a user",
+    "version": "16.0.1.0.0",
+    "development_status": "Alpha",
+    "category": "Technical",
+    "website": "https://github.com/OCA/server-backend",
+    "author": "Hunki Enterprises BV, Odoo Community Association (OCA)",
+    "maintainers": ["hbrunn"],
+    "license": "AGPL-3",
+    "depends": [
+        "base",
+    ],
+    "data": [
+        "security/ir.model.access.csv",
+        "views/res_users_effective_permission.xml",
+        "views/res_users.xml",
+    ],
+}

base_user_effective_permissions/README.rst

@@ -0,0 +1,99 @@
+=====================
+Effective permissions
+=====================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:3cc525388bdbfdd6ea4e40ff9cc8d49b41c9e20aa0a7a50b52916158b6f99ccc
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Alpha
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-backend/tree/16.0/base_user_effective_permissions
+    :alt: OCA/server-backend
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-backend-16-0/server-backend-16-0-base_user_effective_permissions
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions.
+
+.. IMPORTANT::
+   This is an alpha version, the data model and design can change at any time without warning.
+   Only for development or testing purpose, do not use in production.
+   `More details on development status <https://odoo-community.org/page/development-status>`_
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Usage
+=====
+
+To use this module, you need to be in developer mode and:
+
+#. Go to Settings/Users & Companies
+#. Open a user
+#. Click the `Effective permissions` button
+#. Note you can switch between the rule domains in text form or as domain widget
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-backend/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-backend/issues/new?body=module:%20base_user_effective_permissions%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Hunki Enterprises BV
+
+Contributors
+~~~~~~~~~~~~
+
+* Holger Brunn <[email protected]> (https://hunki-enterprises.com)
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-hbrunn| image:: https://github.com/hbrunn.png?size=40px
+    :target: https://github.com/hbrunn
+    :alt: hbrunn
+
+Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-hbrunn| 
+
+This module is part of the `OCA/server-backend <https://github.com/OCA/server-backend/tree/16.0/base_user_effective_permissions>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

base_user_effective_permissions/__init__.py

@@ -0,0 +1 @@
+from . import models

base_user_effective_permissions/__manifest__.py

@@ -0,0 +1,22 @@
+# Copyright 2023 Hunki Enterprises BV
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0)
+
+{
+    "name": "Effective permissions",
+    "summary": "Inspect effective permissions applying to a user",
+    "version": "16.0.1.0.0",
+    "development_status": "Alpha",
+    "category": "Technical",
+    "website": "https://github.com/OCA/server-backend",
+    "author": "Hunki Enterprises BV, Odoo Community Association (OCA)",
+    "maintainers": ["hbrunn"],
+    "license": "AGPL-3",
+    "depends": [
+        "base",
+    ],
+    "data": [
+        "security/ir.model.access.csv",
+        "views/res_users_effective_permission.xml",
+        "views/res_users.xml",
+    ],
+}

base_user_effective_permissions/models/__init__.py

@@ -0,0 +1,2 @@
+from . import res_users
+from . import res_users_effective_permission

base_user_effective_permissions/models/res_users.py

@@ -0,0 +1,22 @@
+# Copyright 2023 Hunki Enterprises BV
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0)
+
+
+from odoo import _, models
+
+
+class ResUsers(models.Model):
+    _inherit = "res.users"
+
+    def action_show_effective_permissions(self):
+        self.ensure_one()
+        permissions = self.env["res.users.effective.permission"]._generate_permissions(
+            self
+        )
+        return {
+            "type": "ir.actions.act_window",
+            "name": _("Effective permissions for %s") % self.name,
+            "res_model": "res.users.effective.permission",
+            "view_mode": "tree",
+            "domain": [("id", "in", permissions.ids)],
+        }

base_user_effective_permissions/models/res_users_effective_permission.py

@@ -0,0 +1,67 @@
+# Copyright 2023 Hunki Enterprises BV
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl-3.0)
+
+
+from odoo import fields, models
+
+
+class ResUsersEffectivePermission(models.TransientModel):
+    _name = "res.users.effective.permission"
+    _order = "model_human_name"
+    _description = "Effective permissions"
+
+    model_id = fields.Many2one("ir.model", string="Model")
+    model_name = fields.Char(related="model_id.model", string="Model name")
+    model_human_name = fields.Char(
+        related="model_id.name", store=True, string="Human readable model name"
+    )
+    create_permission = fields.Boolean("Create")
+    create_domain = fields.Char("Create restrictions")
+    create_domain_widget = fields.Char(related="create_domain", string="Create domain")
+    read_permission = fields.Boolean("Read")
+    read_domain = fields.Char("Read restrictions")
+    read_domain_widget = fields.Char(related="read_domain", string="Read domain")
+    write_permission = fields.Boolean("Write")
+    write_domain = fields.Char("Write restrictions")
+    write_domain_widget = fields.Char(related="write_domain", string="Write domain")
+    unlink_permission = fields.Boolean("Delete")
+    unlink_domain = fields.Char("Delete restrictions")
+    unlink_domain_widget = fields.Char(related="unlink_domain", string="Delete domain")
+
+    def _generate_permissions(self, user):
+        permissions = self.browse([])
+        operations = ("create", "unlink", "read", "write")
+        IrRule = (
+            self.env["ir.rule"]
+            .with_user(user)
+            .with_company(user.company_id)
+            .with_context(
+                allowed_company_ids=user.company_id.ids,
+            )
+        )
+        for model_record in self.env["ir.model"].search([]):
+            if model_record.model not in self.env:
+                continue
+            model = (
+                self.env[model_record.model]
+                .with_user(user)
+                .with_company(user.company_id)
+                .with_context(allowed_company_ids=user.company_id.ids)
+            )
+            vals = {"model_id": model_record.id}
+            vals.update(
+                {
+                    "%s_permission"
+                    % operation: model.check_access_rights(operation, False)
+                    for operation in operations
+                }
+            )
+            vals.update(
+                {
+                    "%s_domain"
+                    % operation: IrRule._compute_domain(model._name, operation)
+                    for operation in operations
+                }
+            )
+            permissions += self.create(vals)
+        return permissions

base_user_effective_permissions/readme/CONTRIBUTORS.rst

@@ -0,0 +1 @@
+* Holger Brunn <[email protected]> (https://hunki-enterprises.com)

base_user_effective_permissions/readme/DESCRIPTION.rst

@@ -0,0 +1 @@
+This module shows administrators a combined view of access rights and record rules per model with expressions expanded. This is convenient for reviewing permissions.

base_user_effective_permissions/readme/USAGE.rst

@@ -0,0 +1,6 @@
+To use this module, you need to be in developer mode and:
+
+#. Go to Settings/Users & Companies
+#. Open a user
+#. Click the `Effective permissions` button
+#. Note you can switch between the rule domains in text form or as domain widget

base_user_effective_permissions/security/ir.model.access.csv

@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_res_users_effective_permission,access_res_users_effective_permission,base_user_effective_permissions.model_res_users_effective_permission,base.group_user,1,0,1,0