forked from OCA/server-tools
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request OCA#112 from hbrunn/6.1-auth_dynamic_groups
[ADD] auth_dynamic_groups
- Loading branch information
Showing
6 changed files
with
271 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# -*- coding: utf-8 -*- | ||
############################################################################## | ||
# | ||
# OpenERP, Open Source Management Solution | ||
# This module copyright (C) 2013 Therp BV (<http://therp.nl>). | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU Affero General Public License as | ||
# published by the Free Software Foundation, either version 3 of the | ||
# License, or (at your option) any later version. | ||
# | ||
# This program is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
# GNU Affero General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU Affero General Public License | ||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
# | ||
############################################################################## | ||
from . import model |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
# -*- coding: utf-8 -*- | ||
############################################################################## | ||
# | ||
# OpenERP, Open Source Management Solution | ||
# This module copyright (C) 2013 Therp BV (<http://therp.nl>). | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU Affero General Public License as | ||
# published by the Free Software Foundation, either version 3 of the | ||
# License, or (at your option) any later version. | ||
# | ||
# This program is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
# GNU Affero General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU Affero General Public License | ||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
# | ||
############################################################################## | ||
{ | ||
"name": "Dynamic groups", | ||
"version": "1.0", | ||
"author": "Therp BV,Odoo Community Association (OCA)", | ||
"complexity": "normal", | ||
"description": """ | ||
Description | ||
----------- | ||
This module allows defining groups whose membership is a condition expressed as | ||
python code. For every user, it is evaluated during login if she belongs to | ||
the group or not. | ||
Usage | ||
----- | ||
Check `Dynamic` on a group you want to be dynamic. Now fill in the condition, | ||
using `user` which is a browse record of the user in question that evaluates | ||
truthy if the user is supposed to be a member of the group and falsy if not. | ||
There is a constraint on the field to check for validity if this expression. | ||
When you're satisfied, click the button `Evaluate` to prefill the group's | ||
members. The condition will be checked now for every user who logs in. | ||
Example | ||
------- | ||
We have a group called `Amsterdam` and want it to contain all users from | ||
city of Amsterdam. So we use the membership condition | ||
``` | ||
user.partner_id.city == 'Amsterdam' | ||
``` | ||
Now we can be sure every user living in this city is in the right group, and we | ||
can start assigning local menus to it, adjust permissions, etc. | ||
""", | ||
"category": "Tools", | ||
"depends": [ | ||
'base', | ||
], | ||
"data": [ | ||
'view/res_groups.xml', | ||
], | ||
"auto_install": False, | ||
"installable": True, | ||
"external_dependencies": { | ||
'python': [], | ||
}, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# -*- coding: utf-8 -*- | ||
############################################################################## | ||
# | ||
# OpenERP, Open Source Management Solution | ||
# This module copyright (C) 2013 Therp BV (<http://therp.nl>). | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU Affero General Public License as | ||
# published by the Free Software Foundation, either version 3 of the | ||
# License, or (at your option) any later version. | ||
# | ||
# This program is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
# GNU Affero General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU Affero General Public License | ||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
# | ||
############################################################################## | ||
from . import res_users | ||
from . import res_groups |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
# -*- coding: utf-8 -*- | ||
############################################################################## | ||
# | ||
# OpenERP, Open Source Management Solution | ||
# This module copyright (C) 2013 Therp BV (<http://therp.nl>). | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU Affero General Public License as | ||
# published by the Free Software Foundation, either version 3 of the | ||
# License, or (at your option) any later version. | ||
# | ||
# This program is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
# GNU Affero General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU Affero General Public License | ||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
# | ||
############################################################################## | ||
import logging | ||
from openerp.osv.orm import Model | ||
from openerp.osv import fields | ||
from openerp.tools.safe_eval import safe_eval | ||
from openerp import SUPERUSER_ID | ||
|
||
|
||
class res_groups(Model): | ||
_inherit = 'res.groups' | ||
|
||
_columns = { | ||
'is_dynamic': fields.boolean('Dynamic'), | ||
'dynamic_group_condition': fields.text( | ||
'Condition', help='The condition to be met for a user to be a ' | ||
'member of this group. It is evaluated as python code at login ' | ||
'time, you get `user` passed as a browse record') | ||
} | ||
|
||
def eval_dynamic_group_condition(self, cr, uid, ids, context=None): | ||
result = True | ||
user = self.pool.get('res.users').browse(cr, SUPERUSER_ID, uid, | ||
context=context) | ||
for this in self.browse(cr, uid, ids, context=context): | ||
result &= bool( | ||
safe_eval( | ||
this.dynamic_group_condition, | ||
{ | ||
'user': user, | ||
'any': any, | ||
'all': all, | ||
'filter': filter, | ||
})) | ||
return result | ||
|
||
def _check_dynamic_group_condition(self, cr, uid, ids, context=None): | ||
try: | ||
for this in self.browse(cr, uid, ids, context=context): | ||
if this.is_dynamic: | ||
this.eval_dynamic_group_condition() | ||
except (NameError, SyntaxError, TypeError) as e: | ||
logging.info(e) | ||
return False | ||
return True | ||
|
||
_constraints = [ | ||
(_check_dynamic_group_condition, | ||
'The condition doesn\'t evaluate correctly!', | ||
['dynamic_group_condition']), | ||
] | ||
|
||
def action_evaluate(self, cr, uid, ids, context=None): | ||
user_obj = self.pool.get('res.users') | ||
for user in user_obj.browse( | ||
cr, uid, | ||
user_obj.search(cr, uid, [], context=context), | ||
context=context): | ||
user_obj.update_dynamic_groups(user.id, cr.dbname) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
# -*- coding: utf-8 -*- | ||
############################################################################## | ||
# | ||
# OpenERP, Open Source Management Solution | ||
# This module copyright (C) 2013 Therp BV (<http://therp.nl>). | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU Affero General Public License as | ||
# published by the Free Software Foundation, either version 3 of the | ||
# License, or (at your option) any later version. | ||
# | ||
# This program is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
# GNU Affero General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU Affero General Public License | ||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
# | ||
############################################################################## | ||
from openerp.osv.orm import Model | ||
from openerp import pooler, SUPERUSER_ID | ||
|
||
|
||
class res_users(Model): | ||
_inherit = 'res.users' | ||
|
||
def login(self, db, login, password): | ||
uid = super(res_users, self).login(db, login, password) | ||
|
||
if uid: | ||
self.update_dynamic_groups(uid, db) | ||
|
||
return uid | ||
|
||
def update_dynamic_groups(self, uid, db): | ||
cr = pooler.get_db(db).cursor() | ||
pool = pooler.get_pool(db) | ||
user = pool.get('res.users').browse(cr, SUPERUSER_ID, uid) | ||
groups_obj = pool.get('res.groups') | ||
user.write( | ||
{ | ||
'groups_id': [ | ||
(4, dynamic_group.id) | ||
if dynamic_group.eval_dynamic_group_condition() | ||
else (3, dynamic_group.id) | ||
for dynamic_group in groups_obj.browse( | ||
cr, uid, | ||
groups_obj.search(cr, uid, | ||
[('is_dynamic', '=', True)])) | ||
], | ||
}) | ||
cr.commit() | ||
cr.close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
<openerp> | ||
<data> | ||
<record model="ir.ui.view" id="view_groups_form"> | ||
<field name="inherit_id" ref="base.view_groups_form" /> | ||
<field name="view_type">form</field> | ||
<field name="model">res.groups</field> | ||
<field name="arch" type="xml"> | ||
<data> | ||
<field name="name" position="after"> | ||
<field name="is_dynamic" /> | ||
</field> | ||
<field name="users" position="attributes"> | ||
<attribute name="attrs">{'readonly': [('is_dynamic', '=', True)]}</attribute> | ||
</field> | ||
<field name="users" position="before"> | ||
<field | ||
name="dynamic_group_condition" | ||
colspan="4" nolabel="1" | ||
attrs="{'invisible': [('is_dynamic', '=', False)]}" /> | ||
<button | ||
type="object" | ||
name="action_evaluate" | ||
string="Evaluate" | ||
attrs="{'invisible': [('is_dynamic', '=', False)]}" /> | ||
</field> | ||
</data> | ||
</field> | ||
</record> | ||
</data> | ||
</openerp> |