Techsystech
/
web
mirror of https://github.com/OCA/web.git
3
0
Fork 1
Code Issues Packages Projects Releases Wiki Activity

[FIX] allow group users

pull/2399/head
KKamaa 2023-02-06 18:56:27 +03:00
parent fcaf19d858
commit 7553f530aa
3 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
support_branding/models/res_company.py
View File

@ -2,7 +2,7 @@
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
from odoo import _, api, models from odoo import _, api, models
from odoo.exceptions import UserError from odoo.exceptions import AccessError, UserError
class ResCompany(models.Model): class ResCompany(models.Model):
@ -10,6 +10,14 @@ class ResCompany(models.Model):
@api.model @api.model
def get_ir_config_param_data(self, key): def get_ir_config_param_data(self, key):
if not self.env.user.has_group("base.group_user"):
raise AccessError(
_(
"You are not allowed to access this "
"functionality, please contact Admin for "
"more support"
)
)
try: try:
self.env.cr.execute( self.env.cr.execute(
"select value from ir_config_parameter where " "key=(%s);", (key,) "select value from ir_config_parameter where " "key=(%s);", (key,)

6
support_branding/static/src/js/res_config_edition.js
View File

@ -8,21 +8,21 @@ odoo.define("support_branding.ResConfigEdition", function (require) {
var self = this; var self = this;
var def_1 = this._rpc({ var def_1 = this._rpc({
model: "res.company", model: "res.company",
method: "_get_support_branding_vals", method: "get_ir_config_param_data",
args: ["support_company"], args: ["support_company"],
}).then(function (name) { }).then(function (name) {
self.support_cp_name = name; self.support_cp_name = name;
}); });
var def_2 = this._rpc({ var def_2 = this._rpc({
model: "res.company", model: "res.company",
method: "_get_support_branding_vals", method: "get_ir_config_param_data",
args: ["support_company_url"], args: ["support_company_url"],
}).then(function (url) { }).then(function (url) {
self.support_cp_url = url; self.support_cp_url = url;
}); });
var def_3 = this._rpc({ var def_3 = this._rpc({
model: "res.company", model: "res.company",
method: "_get_support_branding_vals", method: "get_ir_config_param_data",
args: ["support_email"], args: ["support_email"],
}).then(function (email) { }).then(function (email) {
self.support_cp_email = email; self.support_cp_email = email;

7
support_branding/tests/test_support_branding.py
View File

@ -12,6 +12,7 @@ class TestSupportBranding(TransactionCase):
self.ir_config_obj = self.env["ir.config_parameter"].sudo() self.ir_config_obj = self.env["ir.config_parameter"].sudo()
self.demo_user = self.env.ref("base.user_demo") self.demo_user = self.env.ref("base.user_demo")
self.admin_user = self.env.ref("base.user_admin") self.admin_user = self.env.ref("base.user_admin")
self.portal_user = self.env.ref("base.demo_user0")
self.demo_support_branding_company_name = self.env.ref( self.demo_support_branding_company_name = self.env.ref(
"support_branding.demo_config_parameter_company_name" "support_branding.demo_config_parameter_company_name"
) )
@ -21,6 +22,12 @@ class TestSupportBranding(TransactionCase):
def test_fetch_support_branding_vals_from_res_company(self): def test_fetch_support_branding_vals_from_res_company(self):
# Check if user has the right access rights e.g. portal user not allowed
with self.assertRaises(AccessError):
self.ir_config_obj.with_user(self.portal_user).get_param(
self.demo_support_company_branding_url.key
)
# Check if demo user is able to access. # Check if demo user is able to access.
# NB: ir.config_parameter model requires admin access rights. # NB: ir.config_parameter model requires admin access rights.
with self.assertRaises(AccessError): with self.assertRaises(AccessError):