From 7553f530aac1b67c1434c3ae58e2110138710f11 Mon Sep 17 00:00:00 2001 From: KKamaa Date: Mon, 6 Feb 2023 18:56:27 +0300 Subject: [PATCH] [FIX] allow group users --- support_branding/models/res_company.py | 10 +++++++++- support_branding/static/src/js/res_config_edition.js | 6 +++--- support_branding/tests/test_support_branding.py | 7 +++++++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/support_branding/models/res_company.py b/support_branding/models/res_company.py index d7d2dccc2..670598e4c 100644 --- a/support_branding/models/res_company.py +++ b/support_branding/models/res_company.py @@ -2,7 +2,7 @@ # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). from odoo import _, api, models -from odoo.exceptions import UserError +from odoo.exceptions import AccessError, UserError class ResCompany(models.Model): @@ -10,6 +10,14 @@ class ResCompany(models.Model): @api.model def get_ir_config_param_data(self, key): + if not self.env.user.has_group("base.group_user"): + raise AccessError( + _( + "You are not allowed to access this " + "functionality, please contact Admin for " + "more support" + ) + ) try: self.env.cr.execute( "select value from ir_config_parameter where " "key=(%s);", (key,) diff --git a/support_branding/static/src/js/res_config_edition.js b/support_branding/static/src/js/res_config_edition.js index 716576804..0db5961cb 100644 --- a/support_branding/static/src/js/res_config_edition.js +++ b/support_branding/static/src/js/res_config_edition.js @@ -8,21 +8,21 @@ odoo.define("support_branding.ResConfigEdition", function (require) { var self = this; var def_1 = this._rpc({ model: "res.company", - method: "_get_support_branding_vals", + method: "get_ir_config_param_data", args: ["support_company"], }).then(function (name) { self.support_cp_name = name; }); var def_2 = this._rpc({ model: "res.company", - method: "_get_support_branding_vals", + method: "get_ir_config_param_data", args: ["support_company_url"], }).then(function (url) { self.support_cp_url = url; }); var def_3 = this._rpc({ model: "res.company", - method: "_get_support_branding_vals", + method: "get_ir_config_param_data", args: ["support_email"], }).then(function (email) { self.support_cp_email = email; diff --git a/support_branding/tests/test_support_branding.py b/support_branding/tests/test_support_branding.py index 2eccc5847..c836d596c 100644 --- a/support_branding/tests/test_support_branding.py +++ b/support_branding/tests/test_support_branding.py @@ -12,6 +12,7 @@ class TestSupportBranding(TransactionCase): self.ir_config_obj = self.env["ir.config_parameter"].sudo() self.demo_user = self.env.ref("base.user_demo") self.admin_user = self.env.ref("base.user_admin") + self.portal_user = self.env.ref("base.demo_user0") self.demo_support_branding_company_name = self.env.ref( "support_branding.demo_config_parameter_company_name" ) @@ -21,6 +22,12 @@ class TestSupportBranding(TransactionCase): def test_fetch_support_branding_vals_from_res_company(self): + # Check if user has the right access rights e.g. portal user not allowed + with self.assertRaises(AccessError): + self.ir_config_obj.with_user(self.portal_user).get_param( + self.demo_support_company_branding_url.key + ) + # Check if demo user is able to access. # NB: ir.config_parameter model requires admin access rights. with self.assertRaises(AccessError):