Public release from ruodoo-project: 19.0 - 2026-05-31 21:19:12 UTC

access_restricted/tests/__init__.py

@@ -0,0 +1,3 @@
+from . import test_fields_view_get
+from . import test_fields_get
+from . import test_allow_implied

access_restricted/tests/test_allow_implied.py

@@ -0,0 +1,86 @@
+from odoo.exceptions import AccessError
+from odoo.tests.common import TransactionCase
+
+GROUP = "base.group_multi_currency"
+
+
+class TestAllowImplied(TransactionCase):
+    def _get_classified_groups(self, config):
+        groups = config._get_classified_fields()["group"]
+        return [g[0] for g in groups]
+
+    def setUp(self):
+        super().setUp()
+        self.group = self.env.ref(GROUP)
+        self.demo_user = self.env["res.users"].create({
+            "name": "Test Demo User",
+            "login": "test_demo_allow_implied",
+            "groups_id": [(6, 0, [self.env.ref("base.group_user").id])],
+        })
+
+    def test_base(self):
+        demo_user = self.demo_user
+
+        group_system = self.env.ref("base.group_system")
+
+        demo_user.write({"group_ids": [(3, self.group.id)]})
+        self.group.write({"users": [(3, demo_user.id)]})
+        self.assertFalse(self.env["res.users"].with_user(demo_user.id).has_group(GROUP))
+
+        demo_user.write({"group_ids": [(4, group_system.id)]})
+
+        test_config_settings = (
+            self.env["res.config.settings"]
+            .with_user(demo_user.id)
+            .create({"group_test_access_restricted": True})
+        )
+        self.assertFalse(self.env["res.users"].with_user(demo_user.id).has_group(GROUP))
+
+        # check that the field is readonly
+        self.assertTrue(
+            test_config_settings.fields_get()["group_test_access_restricted"][
+                "readonly"
+            ]
+        )
+        # check that test group hasn't got appended to classified
+        self.assertNotIn(
+            "self.group", self._get_classified_groups(test_config_settings)
+        )
+
+        group_allow = self.env.ref(
+            "access_restricted.group_allow_add_implied_from_settings"
+        )
+        demo_user.write({"group_ids": [(4, group_allow.id)]})
+
+        # check that now the field is not readonly
+        self.assertFalse(
+            test_config_settings.fields_get()["group_test_access_restricted"][
+                "readonly"
+            ]
+        )
+        # check that now the group is in classified
+        self.assertIn(
+            "group_test_access_restricted",
+            self._get_classified_groups(test_config_settings),
+        )
+
+        self.assertFalse(self.env["res.users"].with_user(demo_user.id).has_group(GROUP))
+        test_config_settings.with_user(demo_user.id).execute()
+        self.assertTrue(self.env["res.users"].with_user(demo_user.id).has_group(GROUP))
+
+    def test_assert_raises(self):
+        demo_user = self.demo_user
+        group_system = self.env.ref("base.group_system")
+
+        demo_user.write({"group_ids": [(3, self.group.id)]})
+        self.group.write({"users": [(3, demo_user.id)]})
+        self.assertFalse(self.env["res.users"].with_user(demo_user.id).has_group(GROUP))
+
+        demo_user.write({"group_ids": [(4, group_system.id)]})
+        self.assertFalse(self.env["res.users"].with_user(demo_user.id).has_group(GROUP))
+
+        # check that there is no access to put test group into implied_ids anyways
+        with self.assertRaises(AccessError):
+            group_system.with_user(demo_user.id).write(
+                {"implied_ids": [(4, self.group.id)]}
+            )

access_restricted/tests/test_fields_get.py

@@ -0,0 +1,39 @@
+from odoo.tests.common import TransactionCase
+
+
+def _sel_groups_field_name(group_ids):
+    """Generate sel_groups field name from group ids (replaces removed name_selection_groups)."""
+    return 'sel_groups_' + '_'.join(str(i) for i in sorted(group_ids))
+
+
+class TestFieldsGet(TransactionCase):
+    def test_base(self):
+        demo_user = self.env["res.users"].create({
+            "name": "Test Demo User Fields",
+            "login": "test_demo_fields_get",
+            "groups_id": [(6, 0, [self.env.ref("base.group_user").id])],
+        })
+        group_erp_manager = self.env.ref("base.group_erp_manager")
+        group_system = self.env.ref("base.group_system")
+
+        demo_user.write({"group_ids": [(3, group_system.id)]})
+        group_system.write({"user_ids": [(3, demo_user.id)]})
+        demo_user.write({"group_ids": [(4, group_erp_manager.id)]})
+
+        view_users_form = self.env.ref("base.view_users_form")
+        (
+            self.env["res.users"]
+            .with_user(demo_user)
+            .with_context({"uid": demo_user.id})
+            .get_views([[view_users_form.id, "form"]])
+        )
+
+        sel_groups = _sel_groups_field_name([group_erp_manager.id])
+        res = self.env["res.users"].with_user(demo_user).fields_get()
+        self.assertTrue(res.get(sel_groups))
+
+        demo_user.write({"groups_id": [(4, group_system.id)]})
+
+        sel_groups = _sel_groups_field_name([group_erp_manager.id, group_system.id])
+        res = self.env["res.users"].with_user(demo_user).fields_get()
+        self.assertTrue(res.get(sel_groups))

access_restricted/tests/test_fields_view_get.py

@@ -0,0 +1,71 @@
+from odoo.tests.common import TransactionCase, tagged
+
+IR_CONFIG_NAME = "access_restricted.fields_view_get_uid"
+
+
+@tagged("post_install", "-at_install")
+class TestFieldsViewGet(TransactionCase):
+    def clear_config(self):
+        self.env["ir.config_parameter"].search([("key", "=", IR_CONFIG_NAME)]).unlink()
+
+    def clear_access(self, user):
+        user.write(
+            {
+                "group_ids": [
+                    (3, self.env.ref("base.group_erp_manager").id, 0),
+                    (3, self.env.ref("base.group_system").id, 0),
+                ]
+            }
+        )
+
+    def add_access(self, user, group_xmlid):
+        user.write({"group_ids": [(4, self.env.ref(group_xmlid).id, 0)]})
+
+    def _view_form(self, user, view_xmlid):
+        view_id = self.env.ref(view_xmlid).id
+        # context = {'lang': "en_US", 'tz': "Europe/Brussels", 'uid': user.id}
+        self.env["res.users"].with_user(user.id).get_view(view_id=view_id)
+
+    def view_preference_form(self, user):
+        self._view_form(user, "base.view_users_form_simple_modif")
+
+    def view_user_form(self, user):
+        self._view_form(user, "base.view_users_form")
+
+    def view_form_all(self, user):
+        self.view_preference_form(user)
+        self.clear_config()
+
+        self.view_user_form(user)
+        self.clear_config()
+
+    def view_form_mix(self, user1, user2):
+        self.view_preference_form(user1)
+        self.view_user_form(user2)
+
+        self.view_preference_form(user1)
+        self.view_preference_form(user2)
+
+        self.view_form_all(user1)
+        self.view_user_form(user2)
+
+    def test_base(self):
+        admin = self.env.ref("base.user_root")
+        demo = self.env.ref("base.user_demo")
+
+        # test for admin
+        self.view_form_all(admin)
+
+        # demo doesn't have admin rights
+        self.clear_access(demo)
+        self.view_preference_form(demo)
+
+        # demo has "Access Rights"
+        self.add_access(demo, "base.group_erp_manager")
+        self.view_form_all(demo)
+
+        # demo has "Settings"
+        self.add_access(demo, "base.group_system")
+        self.view_form_all(demo)
+
+        self.view_form_mix(admin, demo)