openerp-community-reviewer team mailing list archive
-
openerp-community-reviewer team
-
Mailing list archive
-
Message #01355
[Merge] lp:~dreis-pt/project-service/7.0-baseuser-dr into lp:project-service
Daniel Reis has proposed merging lp:~dreis-pt/project-service/7.0-baseuser-dr into lp:project-service.
Requested reviews:
Project Core Editors (project-core-editors)
For more details, see:
https://code.launchpad.net/~dreis-pt/project-service/7.0-baseuser-dr/+merge/195183
Added new features: Extend Project user roles to support more complex use cases.
Highlights:
* Regular "Employees" can create Tasks or Issues, but have read-only access when they are initiated.
* Projects can be private to a particular Manager and Team (Project Manager no longer sees everything from everyone)
It's being used in a production instance right now.
--
https://code.launchpad.net/~dreis-pt/project-service/7.0-baseuser-dr/+merge/195183
Your team Project Core Editors is requested to review the proposed merge of lp:~dreis-pt/project-service/7.0-baseuser-dr into lp:project-service.
=== added directory 'project_baseuser'
=== added file 'project_baseuser/__init__.py'
--- project_baseuser/__init__.py 1970-01-01 00:00:00 +0000
+++ project_baseuser/__init__.py 2013-11-14 09:08:10 +0000
@@ -0,0 +1,3 @@
+# -*- encoding: utf-8 -*-
+pass
+# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
=== added file 'project_baseuser/__openerp__.py'
--- project_baseuser/__openerp__.py 1970-01-01 00:00:00 +0000
+++ project_baseuser/__openerp__.py 2013-11-14 09:08:10 +0000
@@ -0,0 +1,95 @@
+# -*- encoding: utf-8 -*-
+##############################################################################
+#
+# Daniel Reis, 2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+
+{
+ 'name': 'Projects extensions for user roles',
+ 'version': '1.0',
+ 'category': 'Project Management',
+ 'summary': 'Extend Project user roles to support more complex use cases',
+ 'description': """\
+Employees are now basic Project users, able to create new documents (Issues
+or Tasks). These are kept editable while in New and Cancelled states, to
+allow for corrections or for the user himself to cancel an incorretly
+created request.
+Previously, Employee users did not have any write nor craete access to project
+documents.
+
+Project Users, on the other hand, are supposed to act on these documents,
+sucha as reported issues, and update them accordingly, so they have write
+access for all states. Employee users don't have write access on later states,
+but can still write comments and communicate through the message board (open
+chatter).
+
+In general, users will only be able to see documents where:
+
+ * They are assigned/responsible for, or
+ * They are following, or
+ * They are a team member for the corresponding Project (but not if only in
+ the project's follower list).
+
+
+Project Managers have access rules similar to Project Users, but additionally
+can create new projects and can see all documents for the projects they are
+the Manager.
+As a consequence, Project Managers no longer have inconditional access to all
+Tasks and Issues, and will only be able to edit the definitions of Projects
+they manage.
+
+This makes it possible for a Project Manager to have private projects that
+other users, Project Managers inlcuded, will not be able to see. They will
+need to be added as followers or team members to able to see it.
+
+Public Projects and their documents are still visible to everyone.
+Portal users access rules are kept unchanged.
+
+
+---------------------
+Access Rules summary:
+---------------------
+
+Employee Users
+ Can see only documents followed or responebile for (in "user_id").
+ Can create new documents and edit them while in "New"/"Cancelled" states.
+
+Project Users
+ Can edit Project Issues and Tasks in any stage/state.
+ Can see all documents for projects they are followers on team memebers.
+ Can see only documents followed or assigned to for other projects.
+
+Project Managers
+ Can create new projects and edit their attributes.
+ Can see all documents (Tasks or Issues) but only for their managed
+ projects.
+ For the other Projects, will see only followed documents, just like the
+ other users.
+
+""",
+ 'author': 'Daniel Reis',
+ 'depends': [
+ 'project',
+ ],
+ 'data': [
+ 'project_view.xml',
+ 'security/ir.model.access.csv',
+ 'security/project_security.xml',
+ ],
+ 'installable': True,
+}
+# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
=== added file 'project_baseuser/project_view.xml'
--- project_baseuser/project_view.xml 1970-01-01 00:00:00 +0000
+++ project_baseuser/project_view.xml 2013-11-14 09:08:10 +0000
@@ -0,0 +1,12 @@
+<?xml version="1.0"?>
+<openerp>
+ <data>
+
+ <!-- Maken top menu item also visible for Employees -->
+ <menuitem name="Project"
+ id="base.menu_main_pm"
+ groups="project.group_project_manager,project.group_project_user,base.group_user"
+ sequence="40"/>
+
+ </data>
+</openerp>
=== added directory 'project_baseuser/security'
=== added file 'project_baseuser/security/ir.model.access.csv'
--- project_baseuser/security/ir.model.access.csv 1970-01-01 00:00:00 +0000
+++ project_baseuser/security/ir.model.access.csv 2013-11-14 09:08:10 +0000
@@ -0,0 +1,8 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_project_empl,project_empl,project.model_project_project,base.group_user,1,0,0,0
+access_account_analytic_account_empl,account_analytic_account_empl,analytic.model_account_analytic_account,base.group_user,1,0,0,0
+access_project_task_empl,project.task.employees,project.model_project_task,base.group_user,1,1,1,0
+access_project_task_type_empl,project.task.type.employees,project.model_project_task_type,base.group_user,1,0,0,0
+access_project_task_work_empl,project.task.work.employees,project.model_project_task_work,base.group_user,1,0,0,0
+access_project_task_history_empl,project.task.history.employees,project.model_project_task_history,base.group_user,1,0,1,0
+access_project_task_hist_cum_empl,project.task.history.cumulative.employees,project.model_project_task_history_cumulative,base.group_user,1,0,1,0
=== added file 'project_baseuser/security/project_security.xml'
--- project_baseuser/security/project_security.xml 1970-01-01 00:00:00 +0000
+++ project_baseuser/security/project_security.xml 2013-11-14 09:08:10 +0000
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="utf-8"?>
+<openerp>
+ <data noupdate="1">
+
+ <!--
+ PROJECT access rules
+ -->
+
+ <!-- Project Managers (modified): no longer see all projects: will have same visibility rules as Project Users -->
+ <record model="ir.rule" id="project.project_project_manager_rule">
+ <field name="name">Project: project manager: does not see all (modified)</field>
+ <field name="domain_force">[]</field>
+ <!-- Original data:
+ <field name="model_id" ref="model_project_project"/>
+ <field name="domain_force">[(1, '=', 1)]</field>
+ <field name="groups" eval="[(4,ref('project.group_project_manager'))]"/>
+ -->
+ <field name="perm_read" eval="True"/>
+ <field name="perm_create" eval="False"/>
+ <field name="perm_write" eval="False"/>
+ <field name="perm_unlink" eval="False"/>
+ </record>
+
+
+ <!-- Project Managers (new): can edit only managed projects -->
+ <record model="ir.rule" id="project_project_manager_rule_write">
+ <field name="name">Project: project manager: EDIT only managed projects</field>
+ <field name="model_id" ref="project.model_project_project"/>
+ <field name="domain_force">[('user_id', '=', user.id)]</field>
+ <field name="groups" eval="[(4,ref('project.group_project_manager'))]"/>
+ <field name="perm_read" eval="True"/>
+ <field name="perm_create" eval="True"/>
+ <field name="perm_write" eval="True"/>
+ <field name="perm_unlink" eval="True"/>
+ </record>
+
+
+ <!-- Employees (modified): Projects also visible to team members not in followers list -->
+ <record model="ir.rule" id="project.project_public_members_rule">
+ <field name="name">Project: employees: public, employees, followers or team members (modified)</field>
+ <field name="domain_force">['|','|',
+ ('privacy_visibility', 'in', ['public', 'portal', 'employees']),
+ ('message_follower_ids', 'in', [user.partner_id.id]),
+ ('members', 'in', [user.id]),
+ ]</field>
+ </record>
+
+
+ <!--
+ TASK access rules
+ -->
+
+ <!-- Project Managers (modified): no longer sees all Tasks - only so for Projects they Manage -->
+ <record model="ir.rule" id="project.project_manager_all_project_tasks_rule">
+ <field name="name">Project/Task: project manager: see all in managed projects (modified)</field>
+ <field name="domain_force">[('project_id.user_id', '=', user.id)]</field>
+ <!-- Original data:
+ <field name="model_id" ref="model_project_task"/>
+ <field name="domain_force">[(1, '=', 1)]</field>
+ <field name="groups" eval="[(4,ref('project.group_project_manager'))]"/>
+ -->
+ </record>
+
+
+ <!-- Project Users (new): can access public, followed/member or assigned -->
+ <record model="ir.rule" id="task_project_user_visibility_rule">
+ <field name="name">Project/Task: project users: public, followed/member or assigned</field>
+ <field name="model_id" ref="project.model_project_task"/>
+ <field name="domain_force">['|','|','|',
+ ('user_id', '=', user.id),
+ ('project_id.privacy_visibility', 'in', ['public']),
+ ('message_follower_ids', 'in', [user.partner_id.id]),
+ ('project_id.members', 'in', [user.id]),
+ ]</field>
+ <field name="groups" eval="[(4,ref('project.group_project_user'))]"/>
+ <field name="perm_read" eval="True"/>
+ <field name="perm_create" eval="True"/>
+ <field name="perm_write" eval="True"/>
+ <field name="perm_unlink" eval="False"/>
+ </record>
+
+
+ <!-- Employees (modified): can access public or followed; can edit only in "draft" and "cancelled" states -->
+ <record model="ir.rule" id="project.task_visibility_rule">
+ <field name="name">Project/Task: employees READ: public or followed /member</field>
+ <field name="domain_force">['|','|','|',
+ ('user_id', '=', user.id),
+ ('project_id.privacy_visibility', 'in', ['public']),
+ ('message_follower_ids', 'in', [user.partner_id.id]),
+ ('project_id.members', 'in', [user.id]),
+ ]</field>
+ <field name="perm_read" eval="True"/>
+ <field name="perm_create" eval="False"/>
+ <field name="perm_write" eval="False"/>
+ <field name="perm_unlink" eval="False"/>
+ </record>
+
+
+ <!-- Employees (new, for limited edit access): can edit public or followed/member, if in "draft" or "cancelled" states -->
+ <record model="ir.rule" id="task_visibility_rule_write">
+ <field name="name">Project/Task: employees WRITE: public or followed/member</field>
+ <field name="model_id" ref="project.model_project_task"/>
+ <field name="domain_force">['&', ('stage_id.state', 'in', ['draft', 'cancelled', None]),
+ '|','|','|',
+ ('user_id', '=', user.id),
+ ('project_id.privacy_visibility', 'in', ['public']),
+ ('message_follower_ids', 'in', [user.partner_id.id]),
+ ('project_id.members', 'in', [user.id]),
+ ]</field>
+ <field name="groups" eval="[(4,ref('base.group_user'))]"/>
+ <field name="perm_read" eval="True"/>
+ <field name="perm_create" eval="True"/>
+ <field name="perm_write" eval="True"/>
+ <field name="perm_unlink" eval="False"/>
+ </record>
+
+ </data>
+</openerp>
=== added directory 'project_issue_baseuser'
=== added file 'project_issue_baseuser/__init__.py'
--- project_issue_baseuser/__init__.py 1970-01-01 00:00:00 +0000
+++ project_issue_baseuser/__init__.py 2013-11-14 09:08:10 +0000
@@ -0,0 +1,3 @@
+# -*- encoding: utf-8 -*-
+import project_issue
+# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
=== added file 'project_issue_baseuser/__openerp__.py'
--- project_issue_baseuser/__openerp__.py 1970-01-01 00:00:00 +0000
+++ project_issue_baseuser/__openerp__.py 2013-11-14 09:08:10 +0000
@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+##############################################################################
+#
+# Daniel Reis, 2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+
+{
+ 'name': 'Projects Issue extensions for user roles',
+ 'version': '1.0',
+ 'category': 'Project Management',
+ 'summary': 'Extend Project user roles to support more complex use cases',
+ 'description': """\
+Also implements the Project user role extensions to the Project Issue
+documents.
+
+This module is automatically installed if the Issue Tracker is also installed.
+Please refer to the ``project_baseuser`` module for more details.
+""",
+ 'author': 'Daniel Reis',
+ 'depends': [
+ 'project_issue',
+ 'project_baseuser',
+ ],
+ 'data': [
+ 'security/ir.model.access.csv',
+ 'security/portal_security.xml',
+ ],
+ 'installable': True,
+ 'auto_install': True,
+}
+
+# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
=== added file 'project_issue_baseuser/project_issue.py'
--- project_issue_baseuser/project_issue.py 1970-01-01 00:00:00 +0000
+++ project_issue_baseuser/project_issue.py 2013-11-14 09:08:10 +0000
@@ -0,0 +1,43 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# Copyright (C) 2013 Daniel Reis
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+
+from openerp.osv import orm
+
+
+# Backport from trunk(v8) fix required. See Bug#1243628.
+class ProjectIssue(orm.Model):
+ _inherit = 'project.issue'
+
+ def _get_default_partner(self, cr, uid, context=None):
+ """
+ If no other deafult is found, the current user is automatically
+ added as the Contact for the issue.
+ """
+ res = super(ProjectIssue, self
+ )._get_default_partner(cr, uid, context=context)
+ if not res:
+ user = self.pool.get('res.users'
+ ).browse(cr, uid, uid, context=context)
+ res = user.partner_id and user.partner_id.id
+ return res
+
+ _defaults = {
+ 'partner_id': lambda s, cr, uid, c: s._get_default_partner(cr, uid, c),
+ }
=== added directory 'project_issue_baseuser/security'
=== added file 'project_issue_baseuser/security/ir.model.access.csv'
--- project_issue_baseuser/security/ir.model.access.csv 1970-01-01 00:00:00 +0000
+++ project_issue_baseuser/security/ir.model.access.csv 2013-11-14 09:08:10 +0000
@@ -0,0 +1,4 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_project_issue_user,project.issue.employees,project_issue.model_project_issue,base.group_user,1,1,1,0
+access_project_issue_version,project.issue.version.employee,project_issue.model_project_issue_version,base.group_user,1,0,0,0
+access_crm_case_section,crm.case.section.employees,crm.model_crm_case_section,base.group_user,1,0,0,0
=== added file 'project_issue_baseuser/security/portal_security.xml'
--- project_issue_baseuser/security/portal_security.xml 1970-01-01 00:00:00 +0000
+++ project_issue_baseuser/security/portal_security.xml 2013-11-14 09:08:10 +0000
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<openerp>
+ <data noupdate="1">
+
+
+ <!-- Project Managers (modified): now can access all documents *only in own projects* -->
+ <record model="ir.rule" id="project_issue.issue_project_manager_rule">
+ <field name="name">Project/Issue: project managers: sees all for Managed projects (modified)</field>
+ <field name="domain_force">[('user_id', '=', user.id)]</field>
+ <!-- Standard rule:
+ <field name="model_id" ref="model_project_issue"/>
+ <field name="domain_force">[(1, '=', 1)]</field>
+ <field name="groups" eval="[(4,ref('project.group_project_manager'))]"/>
+ -->
+ </record>
+
+
+ <!-- Project Users (new): can access public, followed/member or assigned -->
+ <record model="ir.rule" id="issue_employee_rule_read">
+ <field name="name">Project/Issue: project users: public, following/member or assigned</field>
+ <field name="model_id" ref="project_issue.model_project_issue"/>
+ <field name="domain_force">['|', '|','|',
+ ('user_id', '=', user.id),
+ ('project_id.privacy_visibility', 'in', ['public']),
+ ('message_follower_ids', 'in', [user.partner_id.id]),
+ ('project_id.members', 'in', [user.id]),
+ ]</field>
+ <field name="groups" eval="[(4,ref('project.group_project_user'))]"/>
+ <field name="perm_read" eval="True"/>
+ <field name="perm_create" eval="True"/>
+ <field name="perm_write" eval="True"/>
+ <field name="perm_unlink" eval="False"/>
+ </record>
+
+
+ <!-- Employees (modified): can access public or followed/member; can edit only in "draft" and "cancelled" states -->
+ <record model="ir.rule" id="project_issue.issue_user_rule">
+ <field name="name">Project/Issue: employees: READ public or followed/member)</field>
+ <field name="domain_force">['|','|','|',
+ ('user_id', '=', user.id),
+ ('project_id.privacy_visibility', 'in', ['public']),
+ ('message_follower_ids', 'in', [user.partner_id.id]),
+ ('project_id.members', 'in', [user.id]),
+ ]</field>
+ <field name="perm_read" eval="True"/>
+ <field name="perm_create" eval="False"/>
+ <field name="perm_write" eval="False"/>
+ <field name="perm_unlink" eval="False"/>
+ </record>
+
+
+ <!-- Employees (new for limited edit access): can edit public or followed/member, if in "draft" or "cancelled" states -->
+ <record model="ir.rule" id="issue_employee_rule_write">
+ <field name="name">Project/Issue: employees: WRITE public or followed/member</field>
+ <field name="model_id" ref="project_issue.model_project_issue"/>
+ <field name="domain_force">['&', ('stage_id.state', 'in', ['draft', 'cancelled', None]),
+ '|','|','|',
+ ('user_id', '=', user.id),
+ ('project_id.privacy_visibility', 'in', ['public']),
+ ('message_follower_ids', 'in', [user.partner_id.id]),
+ ('project_id.members', 'in', [user.id]),
+ ]</field>
+ <field name="groups" eval="[(4,ref('base.group_user'))]"/>
+ <field name="perm_read" eval="True"/>
+ <field name="perm_create" eval="True"/>
+ <field name="perm_write" eval="True"/>
+ <field name="perm_unlink" eval="False"/>
+ </record>
+
+
+ </data>
+</openerp>
