openerp-community-reviewer team mailing list archive

Thread
Date

[Merge] lp:~learts92/sale-wkfl/7.0-add-sale-order-authorized-users into lp:sale-wkfl

To: mp+227325@xxxxxxxxxxxxxxxxxx
From: Leonardo Donelli <learts92@xxxxxxxxx>
Date: Fri, 18 Jul 2014 13:46:20 -0000
Reply-to: mp+227325@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Leonardo Donelli has proposed merging lp:~learts92/sale-wkfl/7.0-add-sale-order-authorized-users into lp:sale-wkfl.

Requested reviews:
  Sale Core Editors (sale-core-editors)

For more details, see:
https://code.launchpad.net/~learts92/sale-wkfl/7.0-add-sale-order-authorized-users/+merge/227325

Let Admin (or any user in the base.group_erp_manager) choose, for each sale order,
which users will be able to access and see it. Any other user won't be able
to see it.
If no users are set, the sale order has normal permissions.
The field to set allowed users will be visibile only to admin, which makes it
possible to make the users unaware of this feature.

Things that could be improved:
 - Tests?
 - create security rule also for sale_order_line if it's not automatic.

It's not 100% secure atm, but probably good enough for normal users.
-- 
https://code.launchpad.net/~learts92/sale-wkfl/7.0-add-sale-order-authorized-users/+merge/227325
Your team Sale Core Editors is requested to review the proposed merge of lp:~learts92/sale-wkfl/7.0-add-sale-order-authorized-users into lp:sale-wkfl.

=== added directory 'sale_order_authorized_users'
=== added file 'sale_order_authorized_users/__init__.py'
--- sale_order_authorized_users/__init__.py	1970-01-01 00:00:00 +0000
+++ sale_order_authorized_users/__init__.py	2014-07-18 13:45:51 +0000
@@ -0,0 +1,1 @@
+import sale

=== added file 'sale_order_authorized_users/__openerp__.py'
--- sale_order_authorized_users/__openerp__.py	1970-01-01 00:00:00 +0000
+++ sale_order_authorized_users/__openerp__.py	2014-07-18 13:45:51 +0000
@@ -0,0 +1,47 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# Author: Leonardo Donelli @ Creativi Quadrati
+# Copyright (C) 2014 Leonardo Donelli
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+
+
+{
+    'name': 'Sale Order Authorized Users',
+    'version': '1.0',
+    'category': 'Sale',
+    'summary': 'Sale orders, Security, Permissions, Users',
+    'description': """
+Sale Order Authorized Users
+======================================
+
+Let Admin (or any user in the base.group_erp_manager) choose, for each sale order,
+which users will be able to access and see it. Any other user won't be able
+to see it.
+If no users are set, the sale order has normal permissions.
+The field to set allowed users will be visibile only to admin, which makes it
+possible to make the users unaware of this feature.
+""",
+    'author': 'Leonardo Donelli @ Creativi Quadrati',
+    'depends': ['sale'],
+    'data': [
+        'sale_view.xml',
+        'security/hide_sale_orders_security.xml',
+    ],
+    'installable': True,
+    'auto_install': False,
+}

=== added file 'sale_order_authorized_users/sale.py'
--- sale_order_authorized_users/sale.py	1970-01-01 00:00:00 +0000
+++ sale_order_authorized_users/sale.py	2014-07-18 13:45:51 +0000
@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+#    OpenERP, Open Source Management Solution
+#    Copyright (C) 2004-2010 Tiny SPRL (<http://tiny.be>).
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU Affero General Public License as
+#    published by the Free Software Foundation, either version 3 of the
+#    License, or (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU Affero General Public License for more details.
+#
+#    You should have received a copy of the GNU Affero General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+from openerp.osv import orm, fields
+
+class sale_order(orm.Model):
+    _inherit = 'sale.order'
+
+    _columns = {
+        'allowed_users_ids': fields.many2many(
+            'res.users',
+            'sale_order_res_users_rel',
+            'sale_order_id',
+            'user_id',
+            'Allowed Users',
+            groups='base.group_erp_manager',
+        ),
+    }

=== added file 'sale_order_authorized_users/sale_view.xml'
--- sale_order_authorized_users/sale_view.xml	1970-01-01 00:00:00 +0000
+++ sale_order_authorized_users/sale_view.xml	2014-07-18 13:45:51 +0000
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<openerp>
+    <data>
+
+        <!-- Partners inherited form -->
+        <record id="view_order_form_allowed_users" model="ir.ui.view">
+            <field name="name">sale.order.form.allowed.users</field>
+            <field name="model">sale.order</field>
+            <field name="inherit_id" ref="sale.view_order_form"/>
+            <field name="arch" type="xml">
+                <field name="client_order_ref" position="after">
+                    <field name="allowed_users_ids" widget="many2many_tags"/>
+                </field>
+            </field>
+        </record>
+
+   </data>
+</openerp>

=== added directory 'sale_order_authorized_users/security'
=== added file 'sale_order_authorized_users/security/hide_sale_orders_security.xml'
--- sale_order_authorized_users/security/hide_sale_orders_security.xml	1970-01-01 00:00:00 +0000
+++ sale_order_authorized_users/security/hide_sale_orders_security.xml	2014-07-18 13:45:51 +0000
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<openerp>
+	<data noupdate="0">
+
+		<record model="ir.rule" id="rule_hidden_orders">
+			<field name="name">Hidden orders</field>
+			<field name="model_id" ref="model_sale_order" />
+			<field name="global" eval="True" />
+			<field name="domain_force">['|',('allowed_users_ids','in',user.id),('allowed_users_ids','=',False)]</field>
+		</record>
+
+	</data>
+</openerp>

Follow ups

Re: [Merge] lp:~learts92/sale-wkfl/7.0-add-sale-order-authorized-users into lp:~sale-core-editors/sale-wkfl/7.0
From: Pedro Manuel Baeza, 2014-08-08