[FW][FIX] website: allow publishing without relying on Restricted Editor #198208
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
robodoo
added
forwardport
|
@bso-odoo @qsm-odoo cherrypicking of pull request #112421 failed. stdout: Either perform the forward-port manually (and push to this branch, proceeding as usual) or close this PR (maybe?). In the former case, you may want to edit this PR message as well. More info at https://github.com/odoo/odoo/wiki/Mergebot#forward-port |
bso-odoo
force-pushed
the
saas-17.4-16.0-fix_can_publish_right-bso-413037-fw
branch
from
e50ab32 to
4e1aa85
Compare
Before this commit all systray items of website were hidden for users that did not have the Restricted Editor right. This commit limits only some of the items to users having the Restricted Editor right: - Published: unrelated (but still need to be able to publish) - Mobile preview: technically unrelated, but keeping it limited to Restricted Editor only - Website switcher: unrelated (but still need multi website enabled) - + New: Restricted Editor only - Edit in backend: unrelated - Translate: Restricted Editor only - Edit: Restricted Editor only It therefore now shows the Published button only based on the result of the `_compute_can_publish` method of the `website.published.mixin`. The default implementation now checks whether the user has write access to the `website_published` field on the record. Steps to reproduce: - Install `website_crm_partner_assign`. - Connect as a user without any Website role, and in Sales, the "User: Own Documents Only" role. - Go to a partner in the `/partners` page. => "Published" button did not appear. And on the contrary: - Connect as a Restricted Editor user without Sales rights. - Go to a partner in the `/partners` page. - Click on "Published". => An access right error notification did appear. task-3175890 X-original-commit: e799a27
bso-odoo
force-pushed
the
saas-17.4-16.0-fix_can_publish_right-bso-413037-fw
branch
from
4e1aa85 to
eb5eaa6
Compare
This commit adds tests to verify that partners can only be published by users having the correct access rights. task-3175890 X-original-commit: 5c0a0b5
bso-odoo
force-pushed
the
saas-17.4-16.0-fix_can_publish_right-bso-413037-fw
branch
3 times, most recently
from
6649a0b to
b4955e4
Compare
This commit defines access rights and a dedicated "Tester" role to allow for the edition of the `test.model`. The test verifies that each kind of user either has, or does not have access to each item of the systray. - Checked for: * admins * tester and restricted editor * non-tester but restricted editor * non-restricted editors but testers * neither task-3175890 X-original-commit: 2dccaae
bso-odoo
force-pushed
the
saas-17.4-16.0-fix_can_publish_right-bso-413037-fw
branch
from
b4955e4 to
c4d64b3
Compare
|
@robodoo r+ |
robodoo
pushed a commit
that referenced
this pull request
Feb 21, 2025
Before this commit all systray items of website were hidden for users that did not have the Restricted Editor right. This commit limits only some of the items to users having the Restricted Editor right: - Published: unrelated (but still need to be able to publish) - Mobile preview: technically unrelated, but keeping it limited to Restricted Editor only - Website switcher: unrelated (but still need multi website enabled) - + New: Restricted Editor only - Edit in backend: unrelated - Translate: Restricted Editor only - Edit: Restricted Editor only It therefore now shows the Published button only based on the result of the `_compute_can_publish` method of the `website.published.mixin`. The default implementation now checks whether the user has write access to the `website_published` field on the record. Steps to reproduce: - Install `website_crm_partner_assign`. - Connect as a user without any Website role, and in Sales, the "User: Own Documents Only" role. - Go to a partner in the `/partners` page. => "Published" button did not appear. And on the contrary: - Connect as a Restricted Editor user without Sales rights. - Go to a partner in the `/partners` page. - Click on "Published". => An access right error notification did appear. task-3175890 X-original-commit: e799a27 Part-of: #198208 Related: odoo/enterprise#79612 Signed-off-by: Quentin Smetz (qsm) <qsm@odoo.com> Signed-off-by: Benoit Socias (bso) <bso@odoo.com>
robodoo
pushed a commit
that referenced
this pull request
Feb 21, 2025
This commit adds tests to verify that partners can only be published by users having the correct access rights. task-3175890 X-original-commit: 5c0a0b5 Part-of: #198208 Related: odoo/enterprise#79612 Signed-off-by: Quentin Smetz (qsm) <qsm@odoo.com> Signed-off-by: Benoit Socias (bso) <bso@odoo.com>
robodoo
pushed a commit
that referenced
this pull request
Feb 21, 2025
This commit defines access rights and a dedicated "Tester" role to allow for the edition of the `test.model`. The test verifies that each kind of user either has, or does not have access to each item of the systray. - Checked for: * admins * tester and restricted editor * non-tester but restricted editor * non-restricted editors but testers * neither task-3175890 closes #198208 X-original-commit: 2dccaae Related: odoo/enterprise#79612 Signed-off-by: Quentin Smetz (qsm) <qsm@odoo.com> Signed-off-by: Benoit Socias (bso) <bso@odoo.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Before this commit all systray items of website were hidden for users that did not have the Restricted Editor right.
This commit limits only some of the items to users having the Restricted Editor right:
It therefore now shows the Published button only based on the result of the
_compute_can_publishmethod of thewebsite.published.mixin. The default implementation now checks whether the user has write access to thewebsite_publishedfield on the record.Steps to reproduce:
website_crm_partner_assign./partnerspage. => "Published" button did not appear.And on the contrary:
/partnerspage.task-3175890
Forward-Port-Of: #195866
Forward-Port-Of: #112421