[ADD] 16.0: base_user_group_mgmt_role

Author: benwillig

base_user_group_mgmt_role/README.rst

@@ -0,0 +1,90 @@
+===============================
+Base User Group Management Role
+===============================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:dd01c86cb0ffc51b38a225e5c89c9c0d93f67a914bf06979884faf9a1c232a4d
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-backend/tree/16.0/base_user_group_mgmt_role
+    :alt: OCA/server-backend
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-backend-16-0/server-backend-16-0-base_user_group_mgmt_role
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module extends the functionality of base_user_group_mgmt to support
+roles updates and assignation.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Usage
+=====
+
+This module add roles related actions on security update requests.
+
+Actions added:
+
+-  Add a role to a user
+-  Remove a role from a user
+-  Update role of user
+-  Add a group to a role
+-  Remove a group from a role
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-backend/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-backend/issues/new?body=module:%20base_user_group_mgmt_role%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* ACSONE SA/NV
+
+Contributors
+------------
+
+-  Benjamin Willig [email protected] (https://acsone.eu)
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-backend <https://github.com/OCA/server-backend/tree/16.0/base_user_group_mgmt_role>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

base_user_group_mgmt_role/__init__.py

@@ -0,0 +1 @@
+from . import models

base_user_group_mgmt_role/__manifest__.py

@@ -0,0 +1,20 @@
+# Copyright 2025 ACSONE SA/NV
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Base User Group Management Role",
+    "summary": """
+        Add role features in security management module""",
+    "version": "16.0.1.0.0",
+    "license": "AGPL-3",
+    "author": "ACSONE SA/NV,Odoo Community Association (OCA)",
+    "website": "https://github.com/OCA/server-backend",
+    "depends": [
+        "base_user_role",
+        "base_user_group_mgmt",
+    ],
+    "data": [
+        "views/base_security_update_request_line.xml",
+    ],
+    "demo": [],
+}

base_user_group_mgmt_role/models/__init__.py

@@ -0,0 +1,3 @@
+from . import base_security_update_request_line
+from . import res_users
+from . import res_users_role

base_user_group_mgmt_role/models/base_security_update_request_line.py

@@ -0,0 +1,159 @@
+# Copyright 2025 ACSONE SA/NV
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import Command, _, api, fields, models
+
+
+class BaseSecurityUpdateLine(models.Model):
+
+    _inherit = "base.security.update.request.line"
+
+    action = fields.Selection(
+        default="user_add_role",
+    )
+    role_ids = fields.Many2many(
+        comodel_name="res.users.role",
+        string="Roles",
+    )
+    is_role_ids_visible = fields.Boolean(
+        compute="_compute_is_role_ids_visible",
+    )
+    role_date_from = fields.Date()
+    role_date_to = fields.Date()
+    is_role_edit_data_visible = fields.Boolean(
+        compute="_compute_is_role_edit_data_visible",
+    )
+
+    @api.depends("role_ids")
+    def _compute_name(self):
+        return super()._compute_name()
+
+    @api.depends(
+        "action",
+    )
+    def _compute_is_role_ids_visible(self):
+        for rec in self:
+            rec.is_role_ids_visible = "role" in rec.action
+
+    @api.depends(
+        "action",
+    )
+    def _compute_is_role_edit_data_visible(self):
+        for rec in self:
+            rec.is_role_edit_data_visible = rec.action in (
+                "user_role_edit",
+                "user_add_role",
+            )
+
+    @api.model
+    def _selection_action(self):
+        return [
+            ("user_add_role", _("Add a role to a user")),
+            ("user_remove_role", _("Remove a role from a user")),
+            ("user_role_edit", _("Update role of user")),
+            ("role_add_group", _("Add a group to a role")),
+            ("role_remove_group", _("Remove a group from a role")),
+            *super()._selection_action(),
+        ]
+
+    def _get_name(self):
+        self.ensure_one()
+        action = self.action
+        groups = ", ".join(self.group_1_ids.mapped("display_name")) or _("Groups 1")
+        roles = ", ".join(self.role_ids.mapped("display_name")) or _("Roles")
+        users = ", ".join(self.user_ids.mapped("display_name")) or _("Users")
+        if action == "user_add_role":
+            return _(
+                "Add role(s) '%(roles)s' to user(s) '%(users)s'",
+                roles=roles,
+                users=users,
+            )
+        elif action == "user_remove_role":
+            return _(
+                "Remove role(s) '%(roles)s' from user(s) '%(users)s'",
+                roles=roles,
+                users=users,
+            )
+        elif action == "role_add_group":
+            return _(
+                "Add group(s) '%(groups)s' to role(s) '%(roles)s'",
+                groups=groups,
+                roles=roles,
+            )
+        elif action == "role_remove_group":
+            return _(
+                "Remove group(s) '%(groups)s' from role(s) '%(roles)s'",
+                groups=groups,
+                role=roles,
+            )
+        elif action == "user_role_edit":
+            return _(
+                "Update role(s) '%(roles)s' of user(s) '%(users)s'",
+                role=roles,
+                user=users,
+            )
+        return super()._get_name()
+
+    def _get_role_line_values(self, role, user):
+        self.ensure_one()
+        return {
+            "user_id": user.id,
+            "role_id": role.id,
+            "date_from": self.role_date_from,
+            "date_to": self.role_date_to,
+        }
+
+    def _get_existing_role_line_domain(self, role, user):
+        self.ensure_one()
+        return [
+            ("role_id", "=", role.id),
+            ("user_id", "=", user.id),
+        ]
+
+    def _get_existing_role_line(self, role, user):
+        self.ensure_one()
+        return (
+            self.env["res.users.role.line"]
+            .with_context(active_test=False)
+            .search(self._get_existing_role_line_domain(role, user), limit=1)
+        )
+
+    def _do_update_user_add_role(self):
+        self.ensure_one()
+        for user in self.user_ids:
+            for role in self.role_ids:
+                line = self._get_existing_role_line(role, user)
+                values = self._get_role_line_values(role, user)
+                if line:
+                    line.write(values)
+                    continue
+                user.write(
+                    {
+                        "role_line_ids": [
+                            Command.create(values),
+                        ]
+                    }
+                )
+
+    def _do_update_user_remove_role(self):
+        self.ensure_one()
+        for user in self.user_ids:
+            for role in self.role_ids:
+                line = self._get_existing_role_line(role, user)
+                line.unlink()
+
+    def _do_update_user_role_edit(self):
+        self.ensure_one()
+        return self._do_update_user_add_role()
+
+    def _do_update_role_add_group(self):
+        self.ensure_one()
+        self.role_ids.write(
+            {"implied_ids": [Command.link(group.id) for group in self.group_1_ids]}
+        )
+
+    def _do_update_role_remove_group(self):
+        self.ensure_one()
+        self.role_ids.write(
+            {"implied_ids": [Command.unlink(group.id) for group in self.group_1_ids]}
+        )

base_user_group_mgmt_role/models/res_users.py

@@ -0,0 +1,13 @@
+# Copyright 2025 ACSONE SA/NV
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import fields, models
+
+
+class ResUsers(models.Model):
+
+    _inherit = "res.users"
+
+    role_line_ids = fields.One2many(
+        readonly=True,
+    )

base_user_group_mgmt_role/models/res_users_role.py

@@ -0,0 +1,13 @@
+# Copyright 2025 ACSONE SA/NV
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import fields, models
+
+
+class ResUsersRole(models.Model):
+
+    _inherit = "res.users.role"
+
+    line_ids = fields.One2many(
+        readonly=True,
+    )

base_user_group_mgmt_role/readme/CONTRIBUTORS.md

@@ -0,0 +1 @@
+- Benjamin Willig <[email protected]> (https://acsone.eu)

base_user_group_mgmt_role/readme/DESCRIPTION.md

@@ -0,0 +1 @@
+This module extends the functionality of base_user_group_mgmt to support roles updates and assignation.

base_user_group_mgmt_role/readme/USAGE.md

@@ -0,0 +1,8 @@
+This module add roles related actions on security update requests.
+
+Actions added:
+* Add a role to a user
+* Remove a role from a user
+* Update role of user
+* Add a group to a role
+* Remove a group from a role