Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

10.0 access restricted #66

Merged
merged 72 commits into from
Dec 5, 2017
Merged

10.0 access restricted #66

merged 72 commits into from
Dec 5, 2017

Conversation

iledarn
Copy link

@iledarn iledarn commented Nov 6, 2017
edited
Loading

No description provided.

Ildar Nasyrov added 28 commits October 30, 2017 12:50
[ADD] access_apps: "Allow install apps only from settings"
7d8eace
[DOC] access_apps
d5013a1
[LINT] access_apps
fe1531c
[DOC] access_apps
e118413
[DOC] access_apps
fe7c868
[DOC] access_apps
e7d7d3c
[DOC] access_apps
32cd0b6
[DOC] access_apps
cd1331b
[DOC] access_apps
b402115
[REF] access_apps_website, apps: group_show_modules_menu -> group_all…
00eb443 
…ow_apps
[IMP] access_apps: do not grant full access to group_allow_apps_only_…
32ff0b1 
…from_settings - any modules may be installed through Odoo API using xmlrpc, redefine `_install_modules` of `res.config.settings` instead - underscore methods cannot be accessed through xmlrpc
[DOC] access_apps
29a3b81
[DOC] access_apps
e6d7b97
[DOC] access_apps
823735d
[IMP] access_apps: avoid copy-pasting
31a8dc7
[LINT] access_apps
38b9aec
[IMP] access_restricted: move security data into security folder
3587328
[ADD] access_restricted: allow add groups from settings menu to membe…
7e6b7ce 
…rs of group `allow add from settings`
[ADD] access_restricted: allow users in group allow add implied.. t…
0610340 
…o add groups from settings menu
[IMP] access_restricted: better name for security group
d4a2f1b
[DOC] access_restricted
b340645
[DOC] access_restricted
3d8dd58
[DOC] access_restricted
a989fbf
[DOC] access_restricted
ef8deae
[DOC] access_restricted
5834bc4
[DOC] access_restricted
7ab6db6
[DOC] access_restricted
432a9cf
[DOC] access_restricted
cc2999e
@iledarn iledarn mentioned this pull request Nov 7, 2017
Closed
@yelizariev
Copy link
Collaborator

We probably need to imply Adminstration / Settings rights when user has access Allow add implied groups from settings, otherwise latter doesn't have sense, because user doens't have access to Settings. see https://github.com/it-projects-llc/access-addons/pull/66#discussion_r151070397

[IMP] access_restricted: all settings menu in only available for base…
866e84a 
….group_system - if we allow to add grups from settings then we should give rights to open the settings menu
@yelizariev
Copy link
Collaborator

For squashed commit:

[ADD] set of updates


access_apps:

`1.2.0`
-------

- REF: rename "Show Apps Menu" to "Allow install apps"
- ADD: "Allow install apps only from settings"
- IMP: group "Show Apps Menu" and "Allow install apps only from settings" under "Apps access" security category
 

access_restricted:

`1.3.0`
-------

- [ADD] security group that allows increasing rights from settings menu (by checking ``res.config.settings`` 'group_XXX' boolean fields)

@yelizariev
Copy link
Collaborator

yelizariev commented Nov 16, 2017
edited
Loading

  • write tests for new features of access_restricted (User has access -> no errors, User has not access -> error is raised)

@yelizariev
Copy link
Collaborator

yelizariev commented Nov 16, 2017
edited
Loading

  • test that non-super admin don't see unavailable fields (groups)
    • emulate opening of res.user form -- repeat calls that browser does via xmlrpc when you open view manulally via interface
    • add new groups to users and open form again -- new group must be appeared at the form

yelizariev
yelizariev requested changes Nov 16, 2017
View reviewed changes
Copy link
Collaborator

@yelizariev yelizariev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More tests are required

@iledarn
Copy link
Author

iledarn commented Nov 23, 2017

@yelizariev please check 329739d for > test that non-super admin don't see unavailable fields (groups)

@iledarn
Copy link
Author

iledarn commented Nov 29, 2017
edited
Loading

@yelizariev

We probably need to imply Adminstration / Settings rights when user has access Allow add implied groups from settings, otherwise latter doesn't have sense, because user doens't have access to Settings

Implying the 'Administration / Settings' is excessive.
Access to see a specific settings menu may be given by a custom security group. In other words, we shouldn't give a user full administration privileges just to make him able to open a specific menu item

Ildar Nasyrov added 4 commits November 29, 2017 12:29
Revert "[IMP] access_restricted: all settings menu in only available …
325262e 
…for base.group_system - if we allow to add grups from settings then we should give rights to open the settings menu"

This reverts commit 866e84a.
[IMP] access_restricted: file structure
525ac2a
[ADD] access_restricted: test for implied groups
3834de6
[CI] access_restricted
971534d
@iledarn
Copy link
Author

iledarn commented Dec 4, 2017

@yelizariev ,

write tests for new features of access_restricted (User has access -> no errors, User has not access -> error is raised)

This is also done, please merge

yelizariev
yelizariev requested changes Dec 4, 2017
View reviewed changes
access_restricted/tests/test_allow_implied.py Outdated
self.assertTrue(test_config_settings._get_classified_fields()['group'])

test_config_settings.sudo(demo_user.id).execute()
self.assertTrue(self.env['res.users'].sudo(demo_user.id).has_group('base.group_user'))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add check that demo user doesn't have group_user before calling execute()

@iledarn
Copy link
Author

iledarn commented Dec 4, 2017

@yelizariev

@yelizariev yelizariev merged commit 540597a into itpp-labs:10.0 Dec 5, 2017
yelizariev pushed a commit that referenced this pull request May 13, 2024
@itpp-bot
⬆️1️⃣7️⃣ OCA/odoo-module-migrator
705e680 
close #66

> Made via .github/workflows/DINAR-PORT.yml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ursus102 ursus102 ursus102 left review comments

@yelizariev yelizariev yelizariev requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@iledarn @yelizariev @ursus102