Merge branch '9.0-workflow-task-sbi' of ssh://github.com/acsone/acson…

…e-addons into 9.0-slg_master
acsone · Jun 22, 2016 · 4648fee · 4648fee
2 parents 5069669 + bad97aa
commit 4648fee
Show file tree

Hide file tree

Showing 32 changed files with 1,237 additions and 0 deletions.
diff --git a/setup/workflow_activity_action/odoo_addons/__init__.py b/setup/workflow_activity_action/odoo_addons/__init__.py
@@ -0,0 +1 @@
+__import__('pkg_resources').declare_namespace(__name__)
diff --git a/setup/workflow_activity_action/odoo_addons/workflow_activity_action b/setup/workflow_activity_action/odoo_addons/workflow_activity_action
@@ -0,0 +1 @@
+../../../workflow_activity_action
diff --git a/setup/workflow_activity_action/setup.py b/setup/workflow_activity_action/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)
diff --git a/setup/workflow_task/odoo_addons/__init__.py b/setup/workflow_task/odoo_addons/__init__.py
@@ -0,0 +1 @@
+__import__('pkg_resources').declare_namespace(__name__)
diff --git a/setup/workflow_task/odoo_addons/workflow_task b/setup/workflow_task/odoo_addons/workflow_task
@@ -0,0 +1 @@
+../../../workflow_task
diff --git a/setup/workflow_task/setup.py b/setup/workflow_task/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)
diff --git a/workflow_activity_action/README.rst b/workflow_activity_action/README.rst
@@ -0,0 +1,27 @@
+.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+
+========================
+Workflow activity action
+========================
+
+This module was written to allow to Manage object action from its activities
+
+Credits
+=======
+
+Contributors
+------------
+
+* Stéphane Bidoul <stephane.bidoul@acsone.eu>
+* Adrien Peiffer <adrien.peiffer@acsone.eu>
+
+Maintainer
+----------
+
+.. image:: https://www.acsone.eu/logo.png
+   :alt: ACSONE SA/NV
+   :target: http://www.acsone.eu
+
+This module is maintained by ACSONE SA/NV.
diff --git a/workflow_activity_action/__init__.py b/workflow_activity_action/__init__.py
@@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+from . import models
diff --git a/workflow_activity_action/__openerp__.py b/workflow_activity_action/__openerp__.py
@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+#     This file is part of workflow_activity_action,
+#     an Odoo module.
+#
+#     Copyright (c) 2015 ACSONE SA/NV (<http://acsone.eu>)
+#
+#     workflow_activity_action is free software:
+#     you can redistribute it and/or modify it under the terms of the GNU
+#     Affero General Public License as published by the Free Software
+#     Foundation,either version 3 of the License, or (at your option) any
+#     later version.
+#
+#     workflow_activity_action is distributed
+#     in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+#     even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#     PURPOSE.  See the GNU Affero General Public License for more details.
+#
+#     You should have received a copy of the GNU Affero General Public License
+#     along with workflow_activity_action.
+#     If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+{
+    'name': "Workflow activity action",
+
+    'summary': """
+        Manage object action from its activities""",
+    'author': 'ACSONE SA/NV',
+    'website': "http://acsone.eu",
+    'category': 'Technical Settings',
+    'version': '9.0.1.0.0',
+    'license': 'AGPL-3',
+    'depends': [
+        'base',
+        'base_suspend_security',
+    ],
+    'data': [
+        'security/ir.model.access.csv',
+        'views/wkf_activity.xml',
+        'views/workflow_activity_action.xml',
+        'views/activity_record_rule_view.xml',
+    ],
+    'qweb': [
+        'static/src/xml/base.xml',
+    ],
+}
diff --git a/workflow_activity_action/models/__init__.py b/workflow_activity_action/models/__init__.py
@@ -0,0 +1,4 @@
+# -*- coding: utf-8 -*-
+from . import wkf_action_model
+from . import wkf_activity
+from . import activity_record_rule
diff --git a/workflow_activity_action/models/activity_record_rule.py b/workflow_activity_action/models/activity_record_rule.py
@@ -0,0 +1,71 @@
+# -*- coding: utf-8 -*-
+# Copyright 2015 ACSONE SA/NV (<http://acsone.eu>)
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
+
+from openerp import api, fields, models
+from openerp.tools import SUPERUSER_ID
+from openerp.addons.base_suspend_security.base_suspend_security import\
+    BaseSuspendSecurityUid
+from openerp.osv import expression
+
+
+class ActivityRecordRule(models.Model):
+    _inherit = 'ir.rule'
+    _name = 'activity.record.rule'
+
+    activity_id = fields.Many2one(comodel_name='workflow.activity',
+                                  string='Activity',
+                                  required=True)
+    model_id = fields.Many2one(required=False, readonly=True)
+
+    @api.model
+    def domain_get(self, model_name, activity_id):
+        dom = self._compute_activity_rule_domain(activity_id)
+        if dom:
+            # _where_calc is called as superuser. This means that rules can
+            # involve objects on which the real uid has no acces rights.
+            # This means also there is no implicit restriction (e.g. an object
+            # references another object the user can't see).
+            query = self.env[model_name].sudo()._where_calc(dom,
+                                                            active_test=False)
+            return query.where_clause, query.where_clause_params, query.tables
+        return [], [], ['"' + self.pool[model_name]._table + '"']
+
+    @api.model
+    def _compute_activity_rule_domain(self, activity_id):
+        if self._uid == SUPERUSER_ID or isinstance(self.env.uid,
+                                                   BaseSuspendSecurityUid):
+            return None
+        self._cr.execute("""SELECT r.id
+                FROM activity_record_rule r
+                WHERE r.active is True
+                AND r.activity_id = %s
+                AND (r.id IN (SELECT rule_group_id FROM rule_group_rel g_rel
+                JOIN res_groups_users_rel u_rel ON (g_rel.group_id = u_rel.gid)
+                WHERE u_rel.uid = %s) OR r.global)""", (activity_id,
+                                                        self._uid))
+        rule_ids = [x[0] for x in self._cr.fetchall()]
+        if rule_ids:
+            # browse user as super-admin root to avoid access errors!
+            user = self.env['res.users'].sudo().browse([self._uid])
+            global_domains = []                 # list of domains
+            group_domains = {}                  # map: group -> list of domains
+            for rule in self.sudo().browse(rule_ids):
+                # read 'domain' as UID to have the correct eval context for
+                # the rule.
+                rule_domain = rule.domain
+                dom = expression.normalize_domain(rule_domain)
+                for group in rule.groups:
+                    if group in user.groups_id:
+                        group_domains.setdefault(group, []).append(dom)
+                if not rule.groups:
+                    global_domains.append(dom)
+            # combine global domains and group domains
+            if group_domains:
+                group_domain = expression.OR(map(expression.OR,
+                                                 group_domains.values()))
+            else:
+                group_domain = []
+            domain = expression.AND(global_domains + [group_domain])
+            return domain
+        return []
diff --git a/workflow_activity_action/models/wkf_action_model.py b/workflow_activity_action/models/wkf_action_model.py
@@ -0,0 +1,51 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+#     This file is part of workflow_activity_action,
+#     an Odoo module.
+#
+#     Copyright (c) 2015 ACSONE SA/NV (<http://acsone.eu>)
+#
+#     workflow_activity_action is free software:
+#     you can redistribute it and/or modify it under the terms of the GNU
+#     Affero General Public License as published by the Free Software
+#     Foundation,either version 3 of the License, or (at your option) any
+#     later version.
+#
+#     workflow_activity_action is distributed
+#     in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+#     even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#     PURPOSE.  See the GNU Affero General Public License for more details.
+#
+#     You should have received a copy of the GNU Affero General Public License
+#     along with workflow_activity_action.
+#     If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+
+from openerp import models, fields, api
+
+
+class WorkflowActionModel(models.AbstractModel):
+    _name = 'workflow.action.model'
+
+    activity_action_ids = fields.One2many(
+        comodel_name='workflow.activity.action',
+        compute='_get_action_ids', string="Action")
+
+    @api.multi
+    def _get_action_ids(self):
+        res_type = str(self._model)
+        for record in self:
+            if record.id:
+                workitem_ids = self.env['workflow.workitem']\
+                    .search([('inst_id.res_id', '=', record.id),
+                             ('inst_id.res_type', '=', res_type)])
+                actions_ids = self.env['workflow.activity.action']
+                activity_ids = workitem_ids.mapped('act_id')
+                for activity in activity_ids:
+                    if activity.use_action_object and\
+                            activity._check_action_security(res_type,
+                                                            record.id):
+                        actions_ids = actions_ids + activity.action_ids
+                self.activity_action_ids = actions_ids
diff --git a/workflow_activity_action/models/wkf_activity.py b/workflow_activity_action/models/wkf_activity.py
@@ -0,0 +1,149 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+#     This file is part of workflow_task,
+#     an Odoo module.
+#
+#     Copyright (c) 2015 ACSONE SA/NV (<http://acsone.eu>)
+#
+#     workflow_task is free software:
+#     you can redistribute it and/or modify it under the terms of the GNU
+#     Affero General Public License as published by the Free Software
+#     Foundation,either version 3 of the License, or (at your option) any
+#     later version.
+#
+#     workflow_task is distributed
+#     in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+#     even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#     PURPOSE.  See the GNU Affero General Public License for more details.
+#
+#     You should have received a copy of the GNU Affero General Public License
+#     along with workflow_task.
+#     If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+
+from openerp import models, fields, api, exceptions, _
+from openerp.tools import SUPERUSER_ID
+from openerp.addons.base_suspend_security.base_suspend_security import\
+    BaseSuspendSecurityUid
+
+
+class WorkflowActivityAction(models.Model):
+    _name = 'workflow.activity.action'
+
+    activity_id = fields.Many2one(comodel_name='workflow.activity',
+                                  string='Activity',
+                                  required=True)
+    name = fields.Char(required=True, translate=True)
+    action = fields.Many2one(comodel_name='ir.actions.server', required=True)
+
+    @api.multi
+    def do_action(self):
+        self.ensure_one()
+        res_id = self.env.context.get('res_id', False)
+        res_type = self.env.context.get('res_type', False)
+        assert res_id and res_type
+        self.activity_id.check_action_security(res_type, res_id)
+        self = self.suspend_security()
+        ctx = dict(self.env.context,
+                   active_model=res_type, active_ids=[res_id],
+                   active_id=res_id)
+        res = self.action.with_context(ctx).run()
+        return res
+
+
+class WorkflowActivity(models.Model):
+    _inherit = 'workflow.activity'
+
+    use_action_object = fields.Boolean(
+        string="Show actions on object",
+        help="""Si vrai et si les conditions de sécurité sont satisfaites,\
+                les actions peuvent être utilisés directement sur l'objet""")
+    action_ids = fields.One2many(comodel_name='workflow.activity.action',
+                                 inverse_name='activity_id',
+                                 string='Actions',
+                                 help="Actions that can be triggered with "
+                                      "buttons on the task form. This is "
+                                      "useful when the activity cannot be "
+                                      "completed through normal actions "
+                                      "on the underlying object.")
+    security_group_ids = fields.Many2many(
+        comodel_name='res.groups', relation='activity_groups_rel',
+        column1='activity_id', column2='group_id', string='Security Groups',
+        help="""Groupes de sécurité pouvant intéragir avec un objet dans\
+                cette activité que ce soit au niveau de la visibilité des\
+                tâches ou des actions""")
+    activity_rule_ids = fields.One2many(
+        comodel_name='activity.record.rule', inverse_name='activity_id',
+        string="Activity Record Rule",
+        help="""Règles de sécurité devant être satisfaites pour l'affichage\
+                et l'utilisation des actions""")
+
+    @api.multi
+    def check_action_security(self, res_type, res_id):
+        if not self._check_action_security(res_type, res_id):
+            raise exceptions.AccessError(
+                _("""The requested operation cannot be completed due to
+                     security restrictions.
+                     Please contact your system administrator."""))
+
+    @api.multi
+    def _check_action_security(self, res_type, res_id):
+        self.ensure_one()
+        if self._uid == SUPERUSER_ID or\
+                isinstance(self.env.uid, BaseSuspendSecurityUid):
+            return True
+        if self.security_group_ids.ids:
+            act = self.search(
+                [('security_group_ids.users', '=', self.env.user.id),
+                 ('id', '=', self.id)])
+            if not act.ids:
+                return False
+        obj = self.env[res_type].browse([res_id])
+        table = obj._table
+        res = False
+        if obj.is_transient():
+            self._cr.execute("""SELECT distinct create_uid
+                                FROM %s
+                                WHERE id IN %%s""" % (obj._table,
+                                                      (tuple(obj._ids),)))
+            uids = [x[0] for x in self._cr.fetchall()]
+            if len(uids) != 1 or uids[0] != SUPERUSER_ID or\
+                    not isinstance(self.env.uid, BaseSuspendSecurityUid):
+                res = False
+        else:
+            where_clause, where_params, tables =\
+                self.env['activity.record.rule'].domain_get(res_type, self.id)
+            if where_clause:
+                where_clause = ' and ' + ' and '.join(where_clause)
+                sub_ids = (obj.id,)
+                self._cr.execute(
+                    'SELECT ' + table + '.id FROM ' + ','.join(tables) +
+                    ' WHERE ' + table + '.id IN %s' + where_clause,
+                    [sub_ids] + where_params)
+                returned_ids = [x['id'] for x in self._cr.dictfetchall()]
+                res = self._check_record_rules_result_count(table, sub_ids,
+                                                            returned_ids)
+            else:
+                res = True
+        return res
+
+    @api.model
+    def _check_record_rules_result_count(self, res_type, sub_res_ids,
+                                         result_ids):
+        ids, result_ids = set(sub_res_ids), set(result_ids)
+        missing_ids = ids - result_ids
+        if missing_ids:
+            self._cr.execute(
+                'SELECT id FROM ' + res_type + ' WHERE id IN %s',
+                (tuple(missing_ids),))
+            forbidden_ids = [x[0] for x in self._cr.fetchall()]
+            if forbidden_ids:
+                if self._uid == SUPERUSER_ID or\
+                        isinstance(self.env.uid, BaseSuspendSecurityUid):
+                    return True
+                return False
+            else:
+                return True
+        return True
diff --git a/workflow_activity_action/security/ir.model.access.csv b/workflow_activity_action/security/ir.model.access.csv
@@ -0,0 +1,5 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_workflow_activity_action_all,access_workflow_activity_action_all,model_workflow_activity_action,,1,0,0,0
+access_workflow_activity_action_group_system,access_workflow_activity_action_group_system,model_workflow_activity_action,base.group_system,1,1,1,1
+access_activity_record_rule_all,access_activity_record_rule_all,model_activity_record_rule,,1,0,0,0
+access_activity_record_rule_group_system,access_activity_record_rule_group_system,model_activity_record_rule,base.group_system,1,1,1,1