admin.suherdy/access_restriction_by_user
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin.suherdy:main
Branches Tags
admin.suherdy:main
admin.suherdy:19.0
..
compare: admin.suherdy:19.0
Branches Tags
admin.suherdy:19.0
admin.suherdy:main

11 Commits
main ... 19.0

Author SHA1 Message Date
Suherdy Yacob
172d6c1349 refactor: Replace with_context(bypass_user_restriction=True) with sudo() in sale order methods. 2026-02-02 17:13:47 +07:00
Suherdy Yacob
6ce00d0f2f feat: Add bypass_user_restriction context to sale.order's _action_launch_stock_rule and stock.picking's and mrp.production's create methods. 2026-01-29 08:50:52 +07:00
Suherdy Yacob
ea5a37bb70 refactor: Remove redundant list conversion when combining Odoo Domain objects. 2026-01-28 11:27:54 +07:00
Suherdy Yacob
d32984dc04 fix procuerement group error on odoo 19 2026-01-23 13:02:59 +07:00
Suherdy Yacob
4a228662a3 feat: Add ProcurementGroup and StockMove models to bypass user restrictions during procurement run and stock move creation. 2026-01-23 10:08:08 +07:00
Suherdy Yacob
56f526abd6 feat: Implement access restrictions for approval requests and add bypass_user_restriction context to various action methods across multiple models. 2026-01-21 15:17:45 +07:00
Suherdy Yacob
c347e6f4d1 Fix: Stop tracking __pycache__ files 2026-01-19 10:40:30 +07:00
Suherdy Yacob
7a0cf23df9 feat: Update module to Odoo 19 by bumping version, adapting MRP and Stock Picking views, and removing stock valuation layer access rules. 2026-01-19 10:33:18 +07:00
Suherdy Yacob
4eee218534 feat: Implement user-specific control for quality check button visibility on manufacturing orders and inventory transfers via a new allowed_quality_checks field on users. 2026-01-19 10:32:49 +07:00
Suherdy Yacob
88494104cc feat: Hide quality check buttons on manufacturing orders for specific user groups with exceptions for quality roles. 2026-01-19 10:32:23 +07:00
Suherdy Yacob
f3aa161807 feat: Extend user access restrictions to quality check buttons on manufacturing orders and stock pickings, and update domain handling for Odoo 19. 2026-01-16 09:01:05 +07:00
19 changed files with 100 additions and 76 deletions
Show Stats Expand all files Collapse all files

8
__manifest__.py
View File

@ -1,6 +1,6 @@
{ {
'name': 'Access Restriction By User', 'name': 'Access Restriction By User',
'version': '18.0.1.0.0', 'version': '19.0.1.0.1',
'summary': 'Restrict access to Warehouses, Picking Types, Locations, Work Centers, and Approvals by User', 'summary': 'Restrict access to Warehouses, Picking Types, Locations, Work Centers, and Approvals by User',
'description': """ 'description': """
Restricts visibility of: Restricts visibility of:
@ -16,14 +16,14 @@
""", """,
'category': 'Extra Tools', 'category': 'Extra Tools',
'author': 'Suherdy Yacob', 'author': 'Suherdy Yacob',
'depends': ['base', 'stock', 'mrp', 'approvals', 'stock_account', 'sale', 'quality_mrp', 'quality_control'], 'depends': ['base', 'stock', 'mrp', 'approvals', 'stock_account', 'sale', 'quality_mrp'],
'data': [ 'data': [
'security/ir.model.access.csv', 'security/ir.model.access.csv',
'security/ir_rule.xml', 'security/ir_rule.xml',
'security/ir_actions_act_window.xml', 'security/ir_actions_act_window.xml',
'views/res_users_views.xml', 'views/res_users_views.xml',
'views/mrp_production_views.xml', 'views/mrp_production_v19.xml',
'views/stock_picking_views.xml', 'views/stock_picking_v19.xml',
], ],
'installable': True, 'installable': True,
'application': False, 'application': False,

BIN
__pycache__/__init__.cpython-312.pyc
View File

Binary file not shown.

4
models/__init__.py
View File

@ -3,4 +3,6 @@ from . import restricted_models
from . import sale_order from . import sale_order
from . import mrp_production from . import mrp_production
from . import stock_picking from . import stock_picking
from . import approval_request
from . import procurement_group
from . import stock_move

BIN
models/__pycache__/__init__.cpython-312.pyc
View File

Binary file not shown.

BIN
models/__pycache__/res_users.cpython-312.pyc
View File

Binary file not shown.

BIN
models/__pycache__/restricted_models.cpython-312.pyc
View File

Binary file not shown.

BIN
models/__pycache__/sale_order.cpython-312.pyc
View File

Binary file not shown.

40
models/approval_request.py Normal file
View File

@ -0,0 +1,40 @@
from odoo import models, api
from odoo.fields import Domain
def get_allowed_ids(env, table_name, col_name, user_id):
# Use SQL to avoid ORM recursion or self-filtering issues
query = f"SELECT {col_name} FROM {table_name} WHERE user_id = %s"
env.cr.execute(query, (user_id,))
return [r[0] for r in env.cr.fetchall()]
class ApprovalCategory(models.Model):
_inherit = 'approval.category'
@api.model
def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'):
return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
if allowed_ids:
domain = list(Domain(domain or []) & Domain([('id', 'in', allowed_ids)]))
return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
class ApprovalRequest(models.Model):
_inherit = 'approval.request'
@api.model
def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'):
return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_category_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
if allowed_category_ids:
domain = list(Domain(domain or []) & Domain([('category_id', 'in', allowed_category_ids)]))
return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
def action_confirm(self):
return super(ApprovalRequest, self.with_context(bypass_user_restriction=True)).action_confirm()
def action_approve(self):
return super(ApprovalRequest, self.with_context(bypass_user_restriction=True)).action_approve()

8
models/mrp_production.py
View File

@ -5,13 +5,9 @@ class MrpProduction(models.Model):
hide_quality_check_button = fields.Boolean(compute='_compute_hide_quality_check_button') hide_quality_check_button = fields.Boolean(compute='_compute_hide_quality_check_button')
@api.depends('product_id')
@api.depends_context('uid') @api.depends_context('uid')
def _compute_hide_quality_check_button(self): def _compute_hide_quality_check_button(self):
for record in self: for record in self:
# Logic: Hide logic is inverse of "is allowed"
# If allowed_quality_checks is True, hide = False
# If allowed_quality_checks is False, hide = True
record.hide_quality_check_button = not self.env.user.allowed_quality_checks record.hide_quality_check_button = not self.env.user.allowed_quality_checks
def action_confirm(self): def action_confirm(self):
@ -19,3 +15,7 @@ class MrpProduction(models.Model):
def button_mark_done(self): def button_mark_done(self):
return super(MrpProduction, self.with_context(bypass_user_restriction=True)).button_mark_done() return super(MrpProduction, self.with_context(bypass_user_restriction=True)).button_mark_done()
@api.model_create_multi
def create(self, vals_list):
return super(MrpProduction, self.with_context(bypass_user_restriction=True)).create(vals_list)

8
models/procurement_group.py Normal file
View File

@ -0,0 +1,8 @@
from odoo import models, api
class StockRule(models.Model):
_inherit = 'stock.rule'
@api.model
def run(self, procurements, raise_user_error=True):
return super(StockRule, self.with_context(bypass_user_restriction=True)).run(procurements, raise_user_error=raise_user_error)

2
models/res_users.py
View File

@ -51,6 +51,6 @@ class ResUsers(models.Model):
allowed_quality_checks = fields.Boolean( allowed_quality_checks = fields.Boolean(
string="Is Allowed todo Quality Checks?", string="Is Allowed todo Quality Checks?",
default=False, default=False,
help="If checked, this user can see the Quality Checks button on Manufacturing Orders.",
prefetch=False, prefetch=False,
help="If checked, this user can see the Quality Checks button on Manufacturing Orders."
) )

65
models/restricted_models.py
View File

@ -1,6 +1,6 @@
import logging import logging
from odoo import models, api from odoo import models, api
from odoo.osv import expression from odoo.fields import Domain
_logger = logging.getLogger(__name__) _logger = logging.getLogger(__name__)
@ -14,35 +14,35 @@ class StockWarehouse(models.Model):
_inherit = 'stock.warehouse' _inherit = 'stock.warehouse'
@api.model @api.model
def _search(self, domain, offset=0, limit=None, order=None): def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'): if self.env.context.get('bypass_user_restriction'):
return super()._search(domain, offset=offset, limit=limit, order=order) return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'): if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_ids = get_allowed_ids(self.env, 'res_users_stock_warehouse_rel', 'warehouse_id', self.env.user.id) allowed_ids = get_allowed_ids(self.env, 'res_users_stock_warehouse_rel', 'warehouse_id', self.env.user.id)
if allowed_ids: if allowed_ids:
domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]]) domain = Domain(domain or []) & Domain([('id', 'in', allowed_ids)])
return super()._search(domain, offset=offset, limit=limit, order=order) return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
class StockPickingType(models.Model): class StockPickingType(models.Model):
_inherit = 'stock.picking.type' _inherit = 'stock.picking.type'
@api.model @api.model
def _search(self, domain, offset=0, limit=None, order=None): def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'): if self.env.context.get('bypass_user_restriction'):
return super()._search(domain, offset=offset, limit=limit, order=order) return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'): if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_ids = get_allowed_ids(self.env, 'res_users_stock_picking_type_rel', 'picking_type_id', self.env.user.id) allowed_ids = get_allowed_ids(self.env, 'res_users_stock_picking_type_rel', 'picking_type_id', self.env.user.id)
if allowed_ids: if allowed_ids:
domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]]) domain = Domain(domain or []) & Domain([('id', 'in', allowed_ids)])
return super()._search(domain, offset=offset, limit=limit, order=order) return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
class StockLocation(models.Model): class StockLocation(models.Model):
_inherit = 'stock.location' _inherit = 'stock.location'
@api.model @api.model
def _search(self, domain, offset=0, limit=None, order=None): def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'): if self.env.context.get('bypass_user_restriction'):
return super()._search(domain, offset=offset, limit=limit, order=order) return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'): if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_ids = get_allowed_ids(self.env, 'res_users_stock_location_rel', 'location_id', self.env.user.id) allowed_ids = get_allowed_ids(self.env, 'res_users_stock_location_rel', 'location_id', self.env.user.id)
if allowed_ids: if allowed_ids:
@ -52,50 +52,19 @@ class StockLocation(models.Model):
('id', 'child_of', allowed_ids), ('id', 'child_of', allowed_ids),
('usage', 'not in', ['internal', 'transit']) ('usage', 'not in', ['internal', 'transit'])
] ]
domain = expression.AND([domain or [], restrict_domain]) domain = Domain(domain or []) & Domain(restrict_domain)
return super()._search(domain, offset=offset, limit=limit, order=order) return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
class MrpWorkcenter(models.Model): class MrpWorkcenter(models.Model):
_inherit = 'mrp.workcenter' _inherit = 'mrp.workcenter'
@api.model @api.model
def _search(self, domain, offset=0, limit=None, order=None): def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'): if self.env.context.get('bypass_user_restriction'):
return super()._search(domain, offset=offset, limit=limit, order=order) return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'): if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_ids = get_allowed_ids(self.env, 'res_users_mrp_workcenter_rel', 'workcenter_id', self.env.user.id) allowed_ids = get_allowed_ids(self.env, 'res_users_mrp_workcenter_rel', 'workcenter_id', self.env.user.id)
if allowed_ids: if allowed_ids:
domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]]) domain = Domain(domain or []) & Domain([('id', 'in', allowed_ids)])
return super()._search(domain, offset=offset, limit=limit, order=order) return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
class ApprovalCategory(models.Model):
_inherit = 'approval.category'
@api.model
def _search(self, domain, offset=0, limit=None, order=None):
if self.env.context.get('bypass_user_restriction'):
return super()._search(domain, offset=offset, limit=limit, order=order)
if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
if allowed_ids:
domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
return super()._search(domain, offset=offset, limit=limit, order=order)
class ApprovalRequest(models.Model):
_inherit = 'approval.request'
@api.model
def _search(self, domain, offset=0, limit=None, order=None):
if self.env.context.get('bypass_user_restriction'):
return super()._search(domain, offset=offset, limit=limit, order=order)
if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_category_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
if allowed_category_ids:
domain = expression.AND([domain or [], [('category_id', 'in', allowed_category_ids)]])
return super()._search(domain, offset=offset, limit=limit, order=order)
def action_confirm(self):
return super(ApprovalRequest, self.with_context(bypass_user_restriction=True)).action_confirm()
def action_approve(self, approver=None):
return super(ApprovalRequest, self.with_context(bypass_user_restriction=True)).action_approve(approver=approver)

7
models/sale_order.py
View File

@ -4,7 +4,10 @@ class SaleOrder(models.Model):
_inherit = 'sale.order' _inherit = 'sale.order'
def action_confirm(self): def action_confirm(self):
return super(SaleOrder, self.with_context(bypass_user_restriction=True)).action_confirm() return super(SaleOrder, self.sudo()).action_confirm()
def _action_confirm(self): def _action_confirm(self):
return super(SaleOrder, self.with_context(bypass_user_restriction=True))._action_confirm() return super(SaleOrder, self.sudo())._action_confirm()
def _action_launch_stock_rule(self, previous_product_uom_qty=False):
return super(SaleOrder, self.sudo())._action_launch_stock_rule(previous_product_uom_qty=previous_product_uom_qty)

8
models/stock_move.py Normal file
View File

@ -0,0 +1,8 @@
from odoo import models, api
class StockMove(models.Model):
_inherit = 'stock.move'
@api.model_create_multi
def create(self, vals_list):
return super(StockMove, self.with_context(bypass_user_restriction=True)).create(vals_list)

5
models/stock_picking.py
View File

@ -5,7 +5,6 @@ class StockPicking(models.Model):
hide_quality_check_button = fields.Boolean(compute='_compute_hide_quality_check_button') hide_quality_check_button = fields.Boolean(compute='_compute_hide_quality_check_button')
@api.depends('picking_type_id')
@api.depends_context('uid') @api.depends_context('uid')
def _compute_hide_quality_check_button(self): def _compute_hide_quality_check_button(self):
for record in self: for record in self:
@ -16,3 +15,7 @@ class StockPicking(models.Model):
def button_validate(self): def button_validate(self):
return super(StockPicking, self.with_context(bypass_user_restriction=True)).button_validate() return super(StockPicking, self.with_context(bypass_user_restriction=True)).button_validate()
@api.model_create_multi
def create(self, vals_list):
return super(StockPicking, self.with_context(bypass_user_restriction=True)).create(vals_list)

2
security/ir.model.access.csv
View File

@ -1,2 +1,2 @@
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_stock_valuation_layer_internal_user,stock.valuation.layer.internal.user,stock_account.model_stock_valuation_layer,base.group_user,1,0,0,0

1 id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
2

11
security/ir_rule.xml
View File

@ -60,16 +60,7 @@
</record> </record>
<!-- New rules to satisfy Inventory Reporting requirements --> <!-- New rules to satisfy Inventory Reporting requirements -->
<record id="stock_valuation_layer_permissive_rule" model="ir.rule">
<field name="name">Stock Valuation Layer Permissive Access</field>
<field name="model_id" ref="stock_account.model_stock_valuation_layer"/>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<record id="stock_quant_permissive_rule" model="ir.rule"> <record id="stock_quant_permissive_rule" model="ir.rule">
<field name="name">Stock Quant Permissive Access</field> <field name="name">Stock Quant Permissive Access</field>

6
views/mrp_production_views.xml → views/mrp_production_v19.xml
View File

@ -1,14 +1,14 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<odoo> <odoo>
<record id="mrp_production_view_form_inherit_access_restriction" model="ir.ui.view"> <record id="mrp_production_view_form_inherit_access_restriction_v19" model="ir.ui.view">
<field name="name">mrp.production.view.form.inherit.access.restriction</field> <field name="name">mrp.production.view.form.inherit.access.restriction</field>
<field name="model">mrp.production</field> <field name="model">mrp.production</field>
<field name="priority">99999</field> <field name="priority">99999</field>
<field name="inherit_id" ref="mrp.mrp_production_form_view"/> <field name="inherit_id" ref="mrp.mrp_production_form_view"/>
<field name="arch" type="xml"> <field name="arch" type="xml">
<xpath expr="//sheet" position="inside"> <sheet position="inside">
<field name="hide_quality_check_button" invisible="1"/> <field name="hide_quality_check_button" invisible="1"/>
</xpath> </sheet>
<xpath expr="//button[@name='check_quality']" position="attributes"> <xpath expr="//button[@name='check_quality']" position="attributes">
<attribute name="invisible">hide_quality_check_button</attribute> <attribute name="invisible">hide_quality_check_button</attribute>
</xpath> </xpath>

2
views/stock_picking_views.xml → views/stock_picking_v19.xml
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<odoo> <odoo>
<record id="stock_picking_view_form_inherit_access_restriction" model="ir.ui.view"> <record id="stock_picking_view_form_inherit_access_restriction_v19" model="ir.ui.view">
<field name="name">stock.picking.view.form.inherit.access.restriction</field> <field name="name">stock.picking.view.form.inherit.access.restriction</field>
<field name="model">stock.picking</field> <field name="model">stock.picking</field>
<field name="priority">1000</field> <field name="priority">1000</field>