diff --git a/web_access_rule_buttons/README.rst b/web_access_rule_buttons/README.rst index 087301c3e..171ef5ed3 100644 --- a/web_access_rule_buttons/README.rst +++ b/web_access_rule_buttons/README.rst @@ -64,6 +64,7 @@ Contributors * Guewen Baconnier * Antonio Esposito +* Dhara Solanki Maintainers ~~~~~~~~~~~ diff --git a/web_access_rule_buttons/models/models.py b/web_access_rule_buttons/models/models.py index d36fa3a8e..94d4fd85b 100644 --- a/web_access_rule_buttons/models/models.py +++ b/web_access_rule_buttons/models/models.py @@ -1,7 +1,7 @@ # Copyright 2016 Camptocamp SA # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). -from odoo import api, exceptions, models +from odoo import exceptions, models class Base(models.AbstractModel): @@ -9,7 +9,6 @@ class Base(models.AbstractModel): _inherit = "base" - @api.multi def check_access_rule_all(self, operations=None): """Verifies that the operation given by ``operations`` is allowed for the user according to ir.rules. @@ -23,16 +22,19 @@ class Base(models.AbstractModel): operations = ["read", "create", "write", "unlink"] result = {} for operation in operations: - if self.is_transient() or not self.ids: - # If we call check_access_rule() without id, it will try to - # run a SELECT without ID which will crash, so we just blindly - # allow the operations - result[operation] = True - continue try: self.check_access_rule(operation) except exceptions.AccessError: result[operation] = False - else: + if ( + self.is_transient() + or self.ids + and self.env.user.has_group("base.user_admin") + ): + # If we call check_access_rule() without id, it will try to + # run a SELECT without ID which will crash, so we just blindly + # allow the operations result[operation] = True + else: + result[operation] = False return result diff --git a/web_access_rule_buttons/readme/CONTRIBUTORS.rst b/web_access_rule_buttons/readme/CONTRIBUTORS.rst index 37444b54b..830abe4c6 100644 --- a/web_access_rule_buttons/readme/CONTRIBUTORS.rst +++ b/web_access_rule_buttons/readme/CONTRIBUTORS.rst @@ -1,2 +1,3 @@ * Guewen Baconnier * Antonio Esposito +* Dhara Solanki diff --git a/web_access_rule_buttons/static/src/js/form_controller.js b/web_access_rule_buttons/static/src/js/form_controller.js index 3cb6bb918..0002f3338 100644 --- a/web_access_rule_buttons/static/src/js/form_controller.js +++ b/web_access_rule_buttons/static/src/js/form_controller.js @@ -5,8 +5,8 @@ odoo.define("web_access_rule_buttons.main", function (require) { "use strict"; var FormController = require("web.FormController"); FormController.include({ - _update: function (state) { - return this._super(state).then(this.show_hide_buttons(state)); + async _update(state, params) { + return this._super(state, params).then(this.show_hide_buttons(state)); }, show_hide_buttons: function (state) { var self = this; diff --git a/web_access_rule_buttons/tests/test_access_rule_buttons.py b/web_access_rule_buttons/tests/test_access_rule_buttons.py index bcccad191..0708507d1 100644 --- a/web_access_rule_buttons/tests/test_access_rule_buttons.py +++ b/web_access_rule_buttons/tests/test_access_rule_buttons.py @@ -12,8 +12,15 @@ class TestAccessRuleButtons(TransactionCase): def test_check_access_rule_1(self): res = self.curr_obj.check_access_rule_all(["write"]) - self.assertTrue(res["write"]) + self.assertFalse(res["write"]) def test_check_access_rule_2(self): res = self.curr_record.check_access_rule_all(["write"]) self.assertTrue(res["write"]) + + def test_check_access_rule_3(self): + res = self.curr_record.check_access_rule_all() + self.assertTrue(res["read"]) + self.assertTrue(res["create"]) + self.assertTrue(res["write"]) + self.assertTrue(res["unlink"])