[305] Create a new authorisation group in v16 for User Management

user_management/__init__.py

@@ -0,0 +1,4 @@
+# -*- coding: utf-8 -*-
+
+# from . import controllers
+from . import models

user_management/__manifest__.py

@@ -0,0 +1,57 @@
+# -*- coding: utf-8 -*-
+{
+    'name': "user_management",
+
+    'summary': """
+       This group should provide access to the following menu items:
+
+Settings
+Settings / Users & Companies
+Settings / Users & Companies / Users (only to this sub-menu, not to other sub-menus)
+In case of a Keycloak setup, the group should enable pushing to Keycloak (or not block this).
+
+This group should enable the creation of a new user, only allowing changes in the following tabs in the user object:
+
+Roles
+Preferences
+""",
+
+    'description': """
+        This group should provide access to the following menu items:
+
+Settings
+Settings / Users & Companies
+Settings / Users & Companies / Users (only to this sub-menu, not to other sub-menus)
+In case of a Keycloak setup, the group should enable pushing to Keycloak (or not block this).
+
+This group should enable the creation of a new user, only allowing changes in the following tabs in the user object:
+
+Roles
+Preferences
+
+    """,
+
+    'author': "K.Sushma TOSC",
+    'website': "https://www.tosc.nl",
+
+    # Categories can be used to filter modules in modules listing
+    # Check https://github.com/odoo/odoo/blob/16.0/odoo/addons/base/data/ir_module_category_data.xml
+    # for the full list
+    'category': 'Uncategorized',
+    'version': '0.1',
+
+    # any module necessary for this one to work correctly
+    'depends': ['base_user_role', 'auth_totp'],
+
+    # always loaded
+    'data': [
+        'security/security.xml',
+        'security/ir.model.access.csv',
+        'views/menuitems.xml',
+        'views/res_users_views.xml',
+    ],
+    # only loaded in demonstration mode
+    'demo': [
+        # 'demo/demo.xml',
+    ],
+}

user_management/controllers/__init__.py

@@ -0,0 +1,3 @@
+# -*- coding: utf-8 -*-
+
+from . import controllers

user_management/controllers/controllers.py

@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+# from odoo import http
+
+
+# class UserManagement(http.Controller):
+#     @http.route('/user_management/user_management', auth='public')
+#     def index(self, **kw):
+#         return "Hello, world"
+
+#     @http.route('/user_management/user_management/objects', auth='public')
+#     def list(self, **kw):
+#         return http.request.render('user_management.listing', {
+#             'root': '/user_management/user_management',
+#             'objects': http.request.env['user_management.user_management'].search([]),
+#         })
+
+#     @http.route('/user_management/user_management/objects/<model("user_management.user_management"):obj>', auth='public')
+#     def object(self, obj, **kw):
+#         return http.request.render('user_management.object', {
+#             'object': obj
+#         })

user_management/demo/demo.xml

@@ -0,0 +1,30 @@
+<odoo>
+    <data>
+<!--
+          <record id="object0" model="user_management.user_management">
+            <field name="name">Object 0</field>
+            <field name="value">0</field>
+          </record>
+
+          <record id="object1" model="user_management.user_management">
+            <field name="name">Object 1</field>
+            <field name="value">10</field>
+          </record>
+
+          <record id="object2" model="user_management.user_management">
+            <field name="name">Object 2</field>
+            <field name="value">20</field>
+          </record>
+
+          <record id="object3" model="user_management.user_management">
+            <field name="name">Object 3</field>
+            <field name="value">30</field>
+          </record>
+
+          <record id="object4" model="user_management.user_management">
+            <field name="name">Object 4</field>
+            <field name="value">40</field>
+          </record>
+-->
+    </data>
+</odoo>

user_management/models/__init__.py

@@ -0,0 +1,3 @@
+# -*- coding: utf-8 -*-
+
+from . import res_users

user_management/models/res_users.py

@@ -0,0 +1,89 @@
+# -*- coding: utf-8 -*-
+
+from odoo import models, fields, api
+from lxml import etree
+import json
+
+class Users(models.Model):
+    _inherit = 'res.users'
+
+    @api.depends('groups_id')
+    def _compute_group(self):
+        for obj in self:
+            obj.is_user_management_group = self.env.user.has_group("user_management.group_user_management")
+
+    is_user_management_group = fields.Boolean(compute=_compute_group, default=False, string='Is User Management Group?')
+
+
+
+    # @api.model
+    # def get_view(self, view_id=None, view_type='form', **options):
+    #     result = super(Users, self).get_view(view_id, view_type, **options)
+    #     print ('------------usermanagement', view_type)
+    #     if view_type == "form":
+    #         # import pdb; pdb.set_trace();
+    #         view = etree.XML(result["arch"])
+    #         page = view.find(".//page[@name='access_rights']/group[0]")
+    #         if page is not None:
+    #             import pdb;
+    #             pdb.set_trace();
+    #             page.attrib["invisible"]= "1"
+    #             # modifiers = json.loads(page.get("modifiers", {}))
+    #             # modifiers.update(
+    #             #     {
+    #             #         "invisible": True,
+    #             #     }
+    #             # )
+    #             # page.set("modifiers", json.dumps(modifiers))
+    #         result["arch"] = etree.tostring(view)
+        # if (self.user_has_groups(
+        #         "hr.group_hr_manager,hr.group_hr_user") or SUPERUSER_ID == self._uid) and view_type == 'tree':
+        #     doc = etree.XML(result['arch'])
+        #     pro_nodes = doc.xpath("//field[@name='project_id']")
+        #     if pro_nodes:
+        #         # pro_nodes[0].set('widget', 'many2one_clickable')
+        #         # setup_modifiers(
+        #         #     pro_nodes[0], result['fields']['project_id'])
+        #         pro_nodes[0].attrib["widget"] = "many2one_clickable"
+        #     tsk_nodes = doc.xpath("//field[@name='task_id']")
+        #     if tsk_nodes:
+        #         # tsk_nodes[0].set('widget', 'many2one_clickable')
+        #         # setup_modifiers(
+        #         #     tsk_nodes[0], result['fields']['task_id'])
+        #         tsk_nodes[0].attrib["widget"] = "many2one_clickable"
+        #     result['arch'] = etree.tostring(doc)
+        # return result
+
+    # def fields_view_get(
+    #     self, view_id=None, view_type="form", toolbar=False, submenu=False
+    # ):
+    #     result = super().fields_view_get(
+    #         view_id=view_id, view_type=view_type, toolbar=toolbar, submenu=submenu
+    #     )
+    #     print ('------------1111',)
+    #     doc = etree.XML(res["arch"])
+    #     if view_type == 'form':
+    #
+    #
+    #         for node in doc.xpath("//page[@name='access_rights']"):
+    #             node.set("invisible", "1")
+    #             modifiers = json.loads(node.get("modifiers"))
+    #             node.set("modifiers", json.dumps(modifiers))
+    #
+    #     result['arch'] = etree.tostring(doc, encoding='unicode')
+    #         # page = doc.xpath("//page[@name='access_rights']")
+    #         # if page:
+    #         #     page[0].set("invisible", "1")
+    #         #     page.set("invisible", "1")
+    #         #     modifiers = json.loads(page.get("modifiers"))
+    #         #     modifiers.update(
+    #         #         {
+    #         #             "column_invisible": False,
+    #         #         }
+    #         #     )
+    #         #     field.set("modifiers", json.dumps(modifiers))
+    #         # res["arch"] = etree.tostring(
+    #         #     view,
+    #         #     encoding="unicode",
+    #         # ).replace("\t", "")
+    #     return result

user_management/security/ir.model.access.csv

@@ -0,0 +1,7 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_res_users_mgmt,access_res_users_mgmt,base.model_res_users,"group_user_management",1,1,1,1
+access_res_users_mgmt_cmp,access_res_users_mgmt_cmp,base.model_res_company,"group_user_management",1,1,1,1
+access_res_users_role_mgmt,access_res_users_role_mgmt,base_user_role.model_res_users_role,"group_user_management",1,1,1,1
+access_res_users_role_line_mgmt,access_res_users_role_line_mgmt,base_user_role.model_res_users_role_line,"group_user_management",1,1,1,1
+access_wizard_create_role_from_user_mgmt,access_wizard_create_role_from_user_mgmt,base_user_role.model_wizard_create_role_from_user,"group_user_management",1,1,1,1
+

user_management/security/security.xml

@@ -0,0 +1,8 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<odoo>
+    <record id="group_user_management" model="res.groups">
+        <field name="name">User: Management</field>
+        <field name="implied_ids" eval="[(4, ref('base.group_erp_manager'))]" />
+        <field name="category_id" ref="base.module_category_usability"/>
+    </record>
+</odoo>

user_management/views/menuitems.xml

@@ -0,0 +1,11 @@
+<odoo>
+  <data>
+      <record model="ir.ui.menu" id="base.menu_administration">
+            <field name="groups_id" eval="[(4, ref('user_management.group_user_management'))]"/>
+      </record>
+
+      <!--&lt;!&ndash;<menuitem id="base.menu_action_res_users" parent="base.menu_users,group_user_management"/>&ndash;&gt;-->
+      <!--<menuitem id="base.menu_action_res_groups" groups="base.group_no_one,group_user_management"/>-->
+
+  </data>
+</odoo>

user_management/views/res_users_views.xml

@@ -0,0 +1,47 @@
+<odoo>
+
+        <record id="view_res_users_form_inherit" model="ir.ui.view">
+            <field name="name">res.users.form.inherit.management</field>
+            <field name="model">res.users</field>
+            <field name="inherit_id" ref="base_user_role.view_res_users_form_inherit" />
+            <field name="arch" type="xml">
+                <xpath expr="//field[@name='name']" position="after">
+                    <field name="is_user_management_group" invisible="1"/>
+                </xpath>
+                <xpath expr="//page[@name='access_rights']" position="attributes">
+                    <attribute name="attrs">{'invisible':[('is_user_management_group', '=', True)]}</attribute>
+                </xpath>
+            </field>
+        </record>
+
+        <record model="ir.ui.view" id="view_totp_form">
+            <field name="name">user form: add totp management</field>
+            <field name="model">res.users</field>
+            <field name="inherit_id" ref="auth_totp.view_totp_form"/>
+            <field name="arch" type="xml">
+                <xpath expr="//page[@name='security']" position="attributes">
+                    <attribute name="attrs">{'invisible':['|', ('id', '=', False), ('is_user_management_group', '=', True)]}</attribute>
+                </xpath>
+            </field>
+        </record>
+<!--
+        <template id="listing">
+          <ul>
+            <li t-foreach="objects" t-as="object">
+              <a t-attf-href="#{ root }/objects/#{ object.id }">
+                <t t-esc="object.display_name"/>
+              </a>
+            </li>
+          </ul>
+        </template>
+        <template id="object">
+          <h1><t t-esc="object.display_name"/></h1>
+          <dl>
+            <t t-foreach="object._fields" t-as="field">
+              <dt><t t-esc="field"/></dt>
+              <dd><t t-esc="object[field]"/></dd>
+            </t>
+          </dl>
+        </template>
+-->
+</odoo>