From e4404f30c4e7bdc7edd36d0ff819408f9337bac8 Mon Sep 17 00:00:00 2001
From: Ronald Portier <ronald@therp.nl>
Date: Mon, 12 Aug 2019 13:20:41 +0200
Subject: [PATCH] [IMP] website_menu_permission. Better defaults. Easier
 maintenance.

1. Prevent just installing this module of making most menu's unavailable for logged in users;
2. Make menu's directly configurable from website settings, as not all menu's are linked to a page;
3. Use group_ids field in new website.menu form to edit groups.

With this commit, just installing this module will not change anything in existing permissions.

TODO: update tests and README.rst.
---
 website_menu_permission/README.rst            |  74 ++-
 website_menu_permission/__init__.py           |   3 +-
 website_menu_permission/__manifest__.py       |   6 +-
 website_menu_permission/models/__init__.py    |   3 +-
 .../models/website_menu.py                    |  48 +-
 .../readme/CONTRIBUTORS.rst                   |   2 +
 .../readme/DESCRIPTION.rst                    |   1 +
 website_menu_permission/readme/USAGE.rst      |   5 +
 .../security/record_rules.xml                 |   3 +-
 .../static/description/index.html             | 430 ++++++++++++++++++
 .../tests/test_menu_perm.py                   | 156 +++----
 .../views/website_views.xml                   |  48 +-
 12 files changed, 603 insertions(+), 176 deletions(-)
 create mode 100644 website_menu_permission/readme/CONTRIBUTORS.rst
 create mode 100644 website_menu_permission/readme/DESCRIPTION.rst
 create mode 100644 website_menu_permission/readme/USAGE.rst
 create mode 100644 website_menu_permission/static/description/index.html

diff --git a/website_menu_permission/README.rst b/website_menu_permission/README.rst
index 456803df32..d275635e58 100644
--- a/website_menu_permission/README.rst
+++ b/website_menu_permission/README.rst
@@ -1,51 +1,83 @@
-.. image:: https://img.shields.io/badge/licence-lgpl--3-blue.svg
-   :target: http://www.gnu.org/licenses/LGPL-3.0-standalone.html
-   :alt: License: LGPL-3
-
-
 =======================
 Website Menu Permission
 =======================
 
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+    :alt: License: LGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fwebsite-lightgray.png?logo=github
+    :target: https://github.com/OCA/website/tree/11.0/website_menu_permission
+    :alt: OCA/website
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/website-11-0/website-11-0-website_menu_permission
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
+    :target: https://runbot.odoo-community.org/runbot/186/11.0
+    :alt: Try me on Runbot
+
+|badge1| |badge2| |badge3| |badge4| |badge5| 
+
 Show/hide website menu items by user group.
 
-TODO
+**Table of contents**
 
+.. contents::
+   :local:
 
 Usage
 =====
 
+To use this module, you need to:
 
-TODO
-
+#. Go to Website ==> Configuration ==> Website menu's.
+#. Edit the menu that you want to limit to certain groups, and add
+   the names of the groups that should have access.
 
 Bug Tracker
 ===========
 
-Bugs are tracked on `GitHub Issues <https://github.com/OCA/website/issues>`_. In
-case of trouble, please check there if your issue has already been
-reported. If you spotted it first, help us smashing it by providing a
-detailed and welcomed feedback.
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/website/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/website/issues/new?body=module:%20website_menu_permission%0Aversion:%2011.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
 
 Credits
 =======
 
+Authors
+~~~~~~~
+
+* Camptocamp
+
 Contributors
-------------
+~~~~~~~~~~~~
 
--  Simone Orsi simone.orsi@camptocamp.com
+* Simone Orsi simone.orsi@camptocamp.com
+* Ronald Portier ronald@therp.nl
 
-Maintainer
-----------
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
 
 .. image:: https://odoo-community.org/logo.png
    :alt: Odoo Community Association
    :target: https://odoo-community.org
 
-This module is maintained by the OCA.
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
 
-OCA, or the Odoo Community Association, is a nonprofit organization
-whose mission is to support the collaborative development of Odoo
-features and promote its widespread use.
+This module is part of the `OCA/website <https://github.com/OCA/website/tree/11.0/website_menu_permission>`_ project on GitHub.
 
-To contribute to this module, please visit https://odoo-community.org.
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/website_menu_permission/__init__.py b/website_menu_permission/__init__.py
index cde864bae2..29276a93dd 100644
--- a/website_menu_permission/__init__.py
+++ b/website_menu_permission/__init__.py
@@ -1,3 +1,2 @@
-# -*- coding: utf-8 -*-
-
+# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl).
 from . import models
diff --git a/website_menu_permission/__manifest__.py b/website_menu_permission/__manifest__.py
index 0887aac5ab..db8f42e4d7 100644
--- a/website_menu_permission/__manifest__.py
+++ b/website_menu_permission/__manifest__.py
@@ -1,7 +1,5 @@
-# -*- coding: utf-8 -*-
-# Copyright 2017 Simone Orsi
-# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl)
-
+# Copyright 2017 Simone Orsi.
+# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl).
 {
     'name': 'Website Menu Permission',
     'version': '11.0.1.0.0',
diff --git a/website_menu_permission/models/__init__.py b/website_menu_permission/models/__init__.py
index 2b81276d57..e9aa8b5f46 100644
--- a/website_menu_permission/models/__init__.py
+++ b/website_menu_permission/models/__init__.py
@@ -1,3 +1,2 @@
-# -*- coding: utf-8 -*-
-
+# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl).
 from . import website_menu
diff --git a/website_menu_permission/models/website_menu.py b/website_menu_permission/models/website_menu.py
index 76aae593f2..24379d1755 100644
--- a/website_menu_permission/models/website_menu.py
+++ b/website_menu_permission/models/website_menu.py
@@ -1,55 +1,11 @@
-# -*- coding: utf-8 -*-
-# Copyright 2017 Simone Orsi
-# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+# Copyright 2017 Simone Orsi.
+# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl).
 from odoo import fields, models
 
 
 class WebsiteMenu(models.Model):
     _inherit = 'website.menu'
 
-    # TODO: when we'll have an advanced form for editing groups
-    # we should add an handler to update flags (like `_update_menu_groups`)
     group_ids = fields.Many2many(
         comodel_name='res.groups',
     )
-    user_logged = fields.Boolean(
-        string="User Logged-in",
-        default=True,
-        help="If checked, "
-             "this item will be available for logged-in users.",
-        inverse='_update_menu_groups',
-    )
-    user_not_logged = fields.Boolean(
-        string="User Not Logged-in",
-        default=True,
-        help="If checked, "
-             "this item will be available for not logged-in users.",
-        inverse='_update_menu_groups',
-    )
-
-    @property
-    def menu_group_public(self):
-        return self.env.ref('base.group_public')
-
-    @property
-    def menu_group_logged(self):
-        return self.env.ref('base.group_portal')
-
-    def _get_updated_groups(self):
-        """Get update groups recordset for current menu item."""
-        groups = self.group_ids
-        if self.user_logged:
-            groups |= self.menu_group_logged
-        else:
-            groups -= self.menu_group_logged
-        if self.user_not_logged:
-            groups |= self.menu_group_public
-        else:
-            groups -= self.menu_group_public
-        return groups
-
-    def _update_menu_groups(self):
-        if self.env.context.get('ws_menu_skip_group_update'):
-            return
-        for item in self:
-            item.group_ids = item._get_updated_groups()
diff --git a/website_menu_permission/readme/CONTRIBUTORS.rst b/website_menu_permission/readme/CONTRIBUTORS.rst
new file mode 100644
index 0000000000..eb8c589fd9
--- /dev/null
+++ b/website_menu_permission/readme/CONTRIBUTORS.rst
@@ -0,0 +1,2 @@
+* Simone Orsi simone.orsi@camptocamp.com
+* Ronald Portier ronald@therp.nl
diff --git a/website_menu_permission/readme/DESCRIPTION.rst b/website_menu_permission/readme/DESCRIPTION.rst
new file mode 100644
index 0000000000..501307423b
--- /dev/null
+++ b/website_menu_permission/readme/DESCRIPTION.rst
@@ -0,0 +1 @@
+Show/hide website menu items by user group.
diff --git a/website_menu_permission/readme/USAGE.rst b/website_menu_permission/readme/USAGE.rst
new file mode 100644
index 0000000000..8c00f6e6d0
--- /dev/null
+++ b/website_menu_permission/readme/USAGE.rst
@@ -0,0 +1,5 @@
+To use this module, you need to:
+
+#. Go to Website ==> Configuration ==> Website menu's.
+#. Edit the menu that you want to limit to certain groups, and add
+   the names of the groups that should have access.
diff --git a/website_menu_permission/security/record_rules.xml b/website_menu_permission/security/record_rules.xml
index 38616a9ea9..2dd5393f8c 100644
--- a/website_menu_permission/security/record_rules.xml
+++ b/website_menu_permission/security/record_rules.xml
@@ -4,12 +4,11 @@
   <record id="website_menu_access" model="ir.rule">
     <field name="name">website_menu_permission group access</field>
     <field name="model_id" ref="model_website_menu"/>
-    <field name="domain_force">['|',('group_ids','in', [g.id for g in user.groups_id]), ('group_ids','=',False)]</field>
+    <field name="domain_force">['|',('group_ids','in', user.groups_id.ids), ('group_ids','=',False)]</field>
     <field name="perm_read" eval="True"/>
     <field name="perm_create" eval="False"/>
     <field name="perm_write" eval="False"/>
     <field name="perm_unlink" eval="False"/>
   </record>
 
-
 </odoo>
diff --git a/website_menu_permission/static/description/index.html b/website_menu_permission/static/description/index.html
new file mode 100644
index 0000000000..78c88d7814
--- /dev/null
+++ b/website_menu_permission/static/description/index.html
@@ -0,0 +1,430 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils 0.15.1: http://docutils.sourceforge.net/" />
+<title>Website Menu Permission</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 7952 2016-07-26 18:15:59Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="website-menu-permission">
+<h1 class="title">Website Menu Permission</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.png" /></a> <a class="reference external" href="https://github.com/OCA/website/tree/11.0/website_menu_permission"><img alt="OCA/website" src="https://img.shields.io/badge/github-OCA%2Fwebsite-lightgray.png?logo=github" /></a> <a class="reference external" href="https://translation.odoo-community.org/projects/website-11-0/website-11-0-website_menu_permission"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external" href="https://runbot.odoo-community.org/runbot/186/11.0"><img alt="Try me on Runbot" src="https://img.shields.io/badge/runbot-Try%20me-875A7B.png" /></a></p>
+<p>Show/hide website menu items by user group.</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#usage" id="id1">Usage</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="id2">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="id3">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="id4">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="id5">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="id6">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="usage">
+<h1><a class="toc-backref" href="#id1">Usage</a></h1>
+<p>To use this module, you need to:</p>
+<ol class="arabic simple">
+<li>Go to Website ==&gt; Configuration ==&gt; Website menu’s.</li>
+<li>Edit the menu that you want to limit to certain groups, and add
+the names of the groups that should have access.</li>
+</ol>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#id2">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/website/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/website/issues/new?body=module:%20website_menu_permission%0Aversion:%2011.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#id3">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#id4">Authors</a></h2>
+<ul class="simple">
+<li>Camptocamp</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#id5">Contributors</a></h2>
+<ul class="simple">
+<li>Simone Orsi <a class="reference external" href="mailto:simone.orsi&#64;camptocamp.com">simone.orsi&#64;camptocamp.com</a></li>
+<li>Ronald Portier <a class="reference external" href="mailto:ronald&#64;therp.nl">ronald&#64;therp.nl</a></li>
+</ul>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#id6">Maintainers</a></h2>
+<p>This module is maintained by the OCA.</p>
+<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/website/tree/11.0/website_menu_permission">OCA/website</a> project on GitHub.</p>
+<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/website_menu_permission/tests/test_menu_perm.py b/website_menu_permission/tests/test_menu_perm.py
index 175fe5654d..9791d37f14 100644
--- a/website_menu_permission/tests/test_menu_perm.py
+++ b/website_menu_permission/tests/test_menu_perm.py
@@ -1,98 +1,80 @@
-# -*- coding: utf-8 -*-
-# Copyright 2017 Simone Orsi
-# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl)
+# Copyright 2017 Simone Orsi.
+# Copyright 2019 Therp BV <https://therp.nl>.
+# License LGPL-3.0 or later (https://www.gnu.org/licenses/lgpl).
 import odoo.tests.common as test_common
 
 
-class TestMenuPerm(test_common.TransactionCase):
+class TestMenuPerm(test_common.SavepointCase):
 
-    def setUp(self):
-        super(TestMenuPerm, self).setUp()
-        self.group_logged = self.env.ref('base.group_portal')
-        self.group_public = self.env.ref('base.group_public')
-        user_model = self.env['res.users'].with_context(**{
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.env = cls.env(context=dict(
+            cls.env.context, tracking_disable=True, no_reset_password=True))
+        cls.group_portal = cls.env.ref('base.group_portal')
+        cls.group_user = cls.env.ref('base.group_user')
+        cls.group_public = cls.env.ref('base.group_public')
+        user_model = cls.env['res.users'].with_context(**{
             'no_reset_password': True,
             'mail_create_nosubscribe': True})
-        self.user_public = user_model.create({
-            'name': 'User 1 (test ref)',
-            'login': 'testref_user_public',
-            'email': 'testref_user_public@email.com',
-            # make sure to have only portal group
-            'groups_id': [(6, 0, [self.group_public.id])]
-        })
-        self.user_logged = user_model.create({
-            'name': 'Public User',
-            'login': 'publicuser',
-            'email': 'publicuser@example.com',
-            'groups_id': [(6, 0, [self.group_logged.id])]}
-        )
-        self.menu_model = self.env['website.menu']
-        self.menu_item = self.menu_model.create({'name': 'Foo'})
+        cls.employee_user = user_model.create({
+            'name': 'Employee user (test ref)',
+            'login': 'testref_employee_user',
+            'email': 'testref_employee_user@email.com',
+            'groups_id': [(6, 0, [cls.group_user.id])]})
+        cls.portal_user = user_model.create({
+            'name': 'Portal user',
+            'login': 'portaluser',
+            'email': 'portaluser@example.com',
+            'groups_id': [(6, 0, [cls.group_portal.id])]})
+        cls.public_user = cls.env.ref('base.public_user')
+        cls.menu_model = cls.env['website.menu']
+        cls.menu_item = cls.menu_model.create({'name': 'Foo'})
 
-    def test_menu_groups_default(self):
-        self.assertIn(self.group_logged, self.menu_item.group_ids)
-        self.assertIn(self.group_public, self.menu_item.group_ids)
+    def test_menu_for_all(self):
+        self.menu_item.write({'group_ids': False})
+        self.assertTrue(self._can_see(self.employee_user))
+        self.assertTrue(self._can_see(self.public_user))
+        self.assertTrue(self._can_see(self.portal_user))
 
-    def test_menu_groups_update(self):
-        # wipe groups and flags
-        self.menu_item.with_context(ws_menu_skip_group_update=1).write({
-            'group_ids': False,
-            'user_logged': False,
-            'user_not_logged': False,
-        })
-        self.menu_item.user_logged = True
-        self.assertIn(self.group_logged, self.menu_item.group_ids)
-        self.assertNotIn(self.group_public, self.menu_item.group_ids)
-        self.menu_item.user_not_logged = True
-        self.assertIn(self.group_logged, self.menu_item.group_ids)
-        self.assertIn(self.group_public, self.menu_item.group_ids)
-        self.menu_item.user_logged = False
-        self.assertNotIn(self.group_logged, self.menu_item.group_ids)
-        self.assertIn(self.group_public, self.menu_item.group_ids)
-        self.menu_item.user_not_logged = False
-        self.assertNotIn(self.group_logged, self.menu_item.group_ids)
-        self.assertNotIn(self.group_public, self.menu_item.group_ids)
+    def test_menu_for_employee(self):
+        self.menu_item.write({'group_ids': [(6, 0, [self.group_user.id])]})
+        self.assertTrue(self._can_see(self.employee_user))
+        self.assertFalse(self._can_see(self.public_user))
+        self.assertFalse(self._can_see(self.portal_user))
 
-    def test_perm_default_all_can_view(self):
-        model = self.menu_model.sudo(self.user_public.id)
-        self.assertIn(
-            self.menu_item,
-            model.search([])
-        )
-        model = self.menu_model.sudo(self.user_logged.id)
-        self.assertIn(
-            self.menu_item,
-            model.search([])
-        )
+    def test_menu_for_external(self):
+        self.menu_item.write({'group_ids': [(6, 0, [self.group_portal.id])]})
+        self.assertFalse(self._can_see(self.employee_user))
+        self.assertFalse(self._can_see(self.public_user))
+        self.assertTrue(self._can_see(self.portal_user))
 
-    def test_perm_public_only_can_view(self):
-        self.menu_item.write({
-            'user_logged': False,
-            'user_not_logged': True,
-        })
-        model = self.menu_model.sudo(self.user_public.id)
-        self.assertIn(
-            self.menu_item,
-            model.search([])
-        )
-        model = self.menu_model.sudo(self.user_logged.id)
-        self.assertNotIn(
-            self.menu_item,
-            model.with_context(foo=1).search([])
-        )
+    def test_menu_for_logged_in_users(self):
+        self.menu_item.write(
+            {'group_ids': [(6, 0, [
+                self.group_portal.id, self.group_user.id])]})
+        self.assertTrue(self._can_see(self.employee_user))
+        self.assertFalse(self._can_see(self.public_user))
+        self.assertTrue(self._can_see(self.portal_user))
 
-    def test_perm_logged_only_can_view(self):
-        self.menu_item.write({
-            'user_logged': True,
-            'user_not_logged': False,
-        })
-        model = self.menu_model.sudo(self.user_public.id)
-        self.assertNotIn(
-            self.menu_item,
-            model.search([])
-        )
-        model = self.menu_model.sudo(self.user_logged.id)
-        self.assertIn(
-            self.menu_item,
-            model.with_context(foo=1).search([])
-        )
+    def test_menu_for_not_logged_in_users(self):
+        self.menu_item.write({'group_ids': [(6, 0, [self.group_public.id])]})
+        self.assertFalse(self._can_see(self.employee_user))
+        self.assertTrue(self._can_see(self.public_user))
+        self.assertFalse(self._can_see(self.portal_user))
+
+    def test_menu_for_all_explicit(self):
+        self.menu_item.write(
+            {'group_ids': [(6, 0, [
+                self.group_portal.id,
+                self.group_user.id,
+                self.group_public.id])]})
+        self.assertTrue(self._can_see(self.employee_user))
+        self.assertTrue(self._can_see(self.public_user))
+        self.assertTrue(self._can_see(self.portal_user))
+
+    def _can_see(self, user):
+        """Check wether user can see the test menu."""
+        menu_model_sudo = self.menu_model.sudo(user.id)
+        can_see = self.menu_item in menu_model_sudo.search([])
+        return can_see
diff --git a/website_menu_permission/views/website_views.xml b/website_menu_permission/views/website_views.xml
index 7797a7329b..5eb7b5c968 100644
--- a/website_menu_permission/views/website_views.xml
+++ b/website_menu_permission/views/website_views.xml
@@ -1,16 +1,40 @@
 <?xml version="1.0" encoding="utf-8"?>
 <odoo>
-  <record id="add_menu_permission" model="ir.ui.view">
-    <field name="name">website_menu_permission: show flags</field>
-    <field name="model">website.menu</field>
-    <field name="inherit_id" ref="website.menu_tree"/>
-    <field name="arch" type="xml">
-      <field name="new_window" position="after">
-        <field name="user_logged"/>
-        <field name="user_not_logged"/>
-        <!-- TODO: add action to edit "advanced permissions" and play w/ groups -->
-      </field>
-    </field>
-  </record>
+
+    <record id="form_website_menu_permission" model="ir.ui.view">
+        <field name="name">website.menu.form.permission</field>
+        <field name="model">website.menu</field>
+        <field name="field_parent">child_id</field>
+        <field name="arch" type="xml">
+            <form id="form_website_menu" string="Website menu">
+                <group id="group_website_menu_details" colspan="6" col="4">
+                    <field name="website_id" options="{'no_create': True}"/>
+                    <field name="name"/>
+                    <field name="url"/>
+                    <field name="new_window"/>
+                    <field name="parent_id"/>
+                </group>
+                <group id="group_website_menu_groups" colspan="6" col="1">
+                    <label for="group_ids" />
+                    <field name="group_ids" nolabel="1"/>
+                </group>
+            </form>
+        </field>
+    </record>
+
+    <record id="action_website_menu_permission" model="ir.actions.act_window">
+        <field name="name">Website Menu</field>
+        <field name="res_model">website.menu</field>
+        <field name="view_mode">tree,form</field>
+        <field name="context">{'search_default_my_websites':1}</field>
+    </record>
+
+    <menuitem
+        id="menu_website_menu_permission"
+        name="Website menu's"
+        action="action_website_menu_permission"
+        parent="website.menu_website_global_configuration"
+        sequence="40"
+        groups="base.group_no_one"/>
 
 </odoo>