Public release from ruodoo-project: 19.0 - 2026-05-10 21:19:01 UTC

2026-05-10 21:19:11 +00:00
commit cbf9e6e6d6
1213 changed files with 183945 additions and 0 deletions
--- a/access_apps/tests/init.py
+++ b/access_apps/tests/init.py
@ -0,0 +1 @@
+from . import test_access
--- a/access_apps/tests/test_access.py
+++ b/access_apps/tests/test_access.py
@ -0,0 +1,64 @@
+# Copyright 2024 DOB
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+from odoo.exceptions import AccessError
+from odoo.tests import new_test_user
+from odoo.tests.common import TransactionCase
+
+
+class TestAccessApps(TransactionCase):
+    """Tests for access_apps: access control to the Apps section.
+
+    Validates: Requirement 6.1
+    """
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.env = cls.env(
+            context=dict(cls.env.context, tracking_disable=True, no_reset_password=True)
+        )
+        # Regular user without admin rights and without group_allow_apps
+        cls.regular_user = new_test_user(
+            cls.env,
+            name="Regular User",
+            login="test_regular_user_access_apps",
+            groups="base.group_user",
+        )
+
+    def test_non_admin_cannot_read_ir_module_module(self):
+        """WHEN a user without admin rights tries to access the Apps section,
+        access_apps SHALL deny access.
+
+        Validates: Requirement 6.1
+        """
+        # The module deactivates base.access_ir_module_module_group_user,
+        # so only users in group_allow_apps can read ir.module.module.
+        # A regular user (not in group_allow_apps) should get AccessError.
+        with self.assertRaises(AccessError):
+            self.env["ir.module.module"].with_user(self.regular_user).search([])
+
+    def test_admin_can_read_ir_module_module(self):
+        """WHEN the admin user (in group_allow_apps) accesses the Apps section,
+        access_apps SHALL allow access.
+
+        Validates: Requirement 6.1 (positive case)
+        """
+        # Admin is in group_allow_apps by default (see security XML)
+        admin_user = self.env.ref("base.user_admin")
+        modules = self.env["ir.module.module"].with_user(admin_user).search([], limit=1)
+        # Should not raise; result may be empty or non-empty
+        self.assertIsNotNone(modules)
+
+    def test_non_admin_not_in_group_allow_apps(self):
+        """WHEN a regular user is not in group_allow_apps,
+        they SHALL NOT have access to ir.module.module.
+
+        Validates: Requirement 6.1
+        """
+        group_allow_apps = self.env.ref("access_apps.group_allow_apps")
+        self.assertNotIn(
+            self.regular_user,
+            group_allow_apps.users,
+            "Regular user should not be in group_allow_apps",
+        )