Merge pull request #556 from ecino/fix-view-rights

CO-1911 FIX View security accesses for opening partner view to external

oca_dependencies.txt

@@ -22,8 +22,9 @@ hr
 social
 website-cms
 geospatial
+survey
+bank-payment
 web https://github.com/daramousk/web 10.0-MIG-CKEditor
-bank-payment https://github.com/CompassionCH/bank-payment 10.0-payment-cancel
 l10n-switzerland https://github.com/CompassionCH/l10n-switzerland 10.0-pain-sepa
 compassion-accounting https://github.com/CompassionCH/compassion-accounting 10.0
 compassion-modules https://github.com/CompassionCH/compassion-modules 10.0

partner_compassion/__manifest__.py

@@ -44,6 +44,8 @@
         'geoengine_partner',
         'base_geolocalize',
         'web_notify',
+        'partner_survey',
+        'website_partner',
     ],
     'external_dependencies': {
         'python': ['pandas', 'pyminizip']

partner_compassion/models/ambassador_details.py

@@ -48,6 +48,7 @@ class AmbassadorDetails(models.Model):
         related='partner_id.birthdate_date', store=True, readonly=True)
     lang = fields.Selection(
         related='partner_id.lang', store=True, readonly=True)
+    number_surveys = fields.Integer(related='partner_id.survey_input_count')
 
     # Advocacy fields
     #################
@@ -67,11 +68,13 @@ class AmbassadorDetails(models.Model):
     has_car = fields.Selection('_yes_no_selection', 'Has a car')
     formation_ids = fields.Many2many(
         'calendar.event', string='Formation taken',
-        compute='_compute_formation', inverse='_inverse_formation'
+        compute='_compute_formation', inverse='_inverse_formation',
+        groups="base.group_user"
     )
     engagement_ids = fields.Many2many(
         'ambassador.engagement', 'ambassador_engagement_rel',
-        'ambassador_details_id', 'engagement_id', 'Engagement type'
+        'ambassador_details_id', 'engagement_id', 'Engagement type',
+        groups="base.group_user"
     )
     t_shirt_size = fields.Selection([
         ('XS', 'XS'), ('S', 'S'), ('M', 'M'), ('L', 'L'), ('XL', 'XL'),
@@ -153,6 +156,18 @@ def open_events(self):
             'domain': [('id', 'in', self.event_ids.ids)],
         }
 
+    @api.multi
+    def open_surveys(self):
+        return {
+            'name': _('Surveys'),
+            'type': 'ir.actions.act_window',
+            'view_type': 'form',
+            'view_mode': 'tree,form',
+            'res_model': 'survey.user_input',
+            'target': 'current',
+            'domain': [('partner_id', '=', self.partner_id.id)],
+        }
+
     def set_on_break(self):
         self.env.user.notify_info(
             _("Please don't forget to put a break end date"), sticky=True)

partner_compassion/views/ambassador_details.xml

@@ -6,31 +6,34 @@
         <field name="arch" type="xml">
             <form>
                 <header>
-                    <button name="set_active" string="Set active" type="object" states="new,on_break,inactive" class="oe_highlight"/>
-                    <button name="set_on_break" string="Put on break" type="object" states="active"/>
-                    <button name="set_inactive" string="Set inactive" type="object" states="new,on_break,active"/>
-                    <field name="state" widget="statusbar" statusbar_visible="new,active,inactive"/>
+                    <button name="set_active" string="Set active" type="object" states="new,on_break,inactive" class="oe_highlight" groups="base.group_user"/>
+                    <button name="set_on_break" string="Put on break" type="object" states="active" groups="base.group_user"/>
+                    <button name="set_inactive" string="Set inactive" type="object" states="new,on_break,active" groups="base.group_user"/>
+                    <field name="state" widget="statusbar" statusbar_visible="new,active,inactive" groups="base.group_user"/>
                 </header>
                 <sheet>
                     <div class="oe_right oe_button_box" name="buttons">
-                        <button name="open_events" type="object" icon="fa-calendar" class="oe_stat_button">
+                        <button name="open_events" type="object" icon="fa-calendar" class="oe_stat_button" groups="base.group_user">
                             <field name="number_events" widget="statinfo" string="Events"/>
                         </button>
+                        <button name="open_surveys" type="object" icon="fa-list-alt" class="oe_stat_button">
+                            <field name="number_surveys" widget="statinfo" string="Surveys"/>
+                        </button>
                     </div>
                     <group>
                         <group string="Advocacy">
-                            <field name="partner_id"/>
+                            <field name="partner_id" string="Partner"/>
                             <field name="event_type_formation" invisible="1"/>
-                            <field name="active_since"/>
-                            <label for="break_end" style="color: red;" states="on_break"/>
-                            <field name="break_end" states="on_break" nolabel="1"/>
-                            <field name="end_date" states="inactive"/>
-                            <field name="last_event"/>
-                            <field name="advocacy_source"/>
-                            <field name="engagement_ids" widget="many2many_tags"/>
+                            <field name="active_since" groups="base.group_user"/>
+                            <label for="break_end" style="color: red;" states="on_break" groups="base.group_user"/>
+                            <field name="break_end" states="on_break" nolabel="1" groups="base.group_user"/>
+                            <field name="end_date" states="inactive" groups="base.group_user"/>
+                            <field name="last_event" groups="base.group_user"/>
+                            <field name="advocacy_source" groups="base.group_user"/>
+                            <field name="engagement_ids" widget="many2many_tags" groups="base.group_user"/>
                             <field name="t_shirt_size"/>
                             <field name="has_car"/>
-                            <field name="formation_ids"
+                            <field name="formation_ids" groups="base.group_user"
                                    domain="[('categ_ids', '=', event_type_formation)]"
                                    context="{'default_partner_ids': [(4, partner_id)], 'default_categ_ids': [(4, event_type_formation)]}">
                                 <tree order="stop_date desc">
@@ -54,8 +57,8 @@
                     </group>
                 </sheet>
                 <div class="oe_chatter">
-                    <field name="message_follower_ids" widget="mail_followers"/>
-                    <field name="message_ids" widget="mail_thread"/>
+                    <field name="message_follower_ids" widget="mail_followers" groups="base.group_user"/>
+                    <field name="message_ids" widget="mail_thread" groups="base.group_user"/>
                 </div>
             </form>
         </field>

partner_compassion/views/partner_compassion_view.xml

@@ -57,11 +57,11 @@
         <field name="arch" type="xml">
             <!-- Add a Check double button on the top of the view-->
             <field name="preferred_name" position="after">
-                <field name="partner_duplicate_ids" widget="many2many_tags" attrs="{'invisible': [('partner_duplicate_ids','=', [])]}"/>
+                <field name="partner_duplicate_ids" widget="many2many_tags" attrs="{'invisible': [('partner_duplicate_ids','=', [])]}" groups="child_compassion.group_sponsorship"/>
             </field>
             <xpath expr="//form/*[1]" position="before">
                 <header>
-                    <button type='object' name='open_duplicates' string="Check duplicates" attrs="{'invisible': [('partner_duplicate_ids','=', [])]}"/>
+                    <button type='object' name='open_duplicates' string="Check duplicates" attrs="{'invisible': [('partner_duplicate_ids','=', [])]}" groups="child_compassion.group_sponsorship"/>
                 </header>
             </xpath>
             <!-- Move some fields -->
@@ -107,7 +107,7 @@
 
             <!-- Add correspondance tab -->
             <xpath expr="//page[1]" position="after">
-                <page string="Correspondence">
+                <page string="Correspondence" groups="child_compassion.group_sponsorship">
                     <button name="open_letters" type="object" string="Letters"/>
                     <group>
                         <group>
@@ -156,12 +156,25 @@
             <!-- Put lang fields at top -->
             <label for="street" position="before">
                 <field name="lang"/>
-                <field name="spoken_lang_ids" widget="many2many_tags" options="{'create':False}" attrs="{'required': [('is_company', '=', False), ('customer', '=', True)]}"/>
+                <field name="spoken_lang_ids" widget="many2many_tags" options="{'create':False}" attrs="{'required': [('is_company', '=', False), ('customer', '=', True)]}" groups="child_compassion.group_sponsorship"/>
             </label>
 
             <!-- Remove fax -->
             <field name="fax" position="replace"/>
 
+            <!-- Hide elements for non-users -->
+            <field name="message_follower_ids" position="attributes">
+                <attribute name="groups">base.group_user</attribute>
+            </field>
+            <field name="message_ids" position="attributes">
+                <attribute name="groups">base.group_user</attribute>
+            </field>
+            <field name="category_id" position="attributes">
+                <attribute name="groups">base.group_user</attribute>
+            </field>
+            <button name="toggle_active" position="attributes">
+                <attribute name="groups">base.group_user</attribute>
+            </button>
         </field>
     </record>
 
@@ -283,6 +296,38 @@
         <field name="search_view_id" ref="account.view_account_invoice_filter"/>
     </record>
 
+    <!-- Add security on tracking e-mail fields -->
+    <record model="ir.ui.view" id="tracking_email_security">
+        <field name="name">res.partner.tracking.email.security</field>
+        <field name="model">res.partner</field>
+        <field name="inherit_id" ref="mail_tracking.view_partner_form"/>
+        <field name="arch" type="xml">
+            <button name="%(mail_tracking.action_view_mail_tracking_email)d" position="attributes">
+                <attribute name="groups">child_compassion.group_sponsorship</attribute>
+            </button>
+            <field name="email_score" position="attributes">
+                <attribute name="groups">child_compassion.group_sponsorship</attribute>
+            </field>
+            <field name="email_bounced" position="attributes">
+                <attribute name="groups">child_compassion.group_sponsorship</attribute>
+            </field>
+        </field>
+    </record>
+    <!-- Add security on website button -->
+    <record model="ir.ui.view" id="partner_website_security">
+        <field name="name">res.partner.website.security</field>
+        <field name="model">res.partner</field>
+        <field name="inherit_id" ref="website_partner.view_partners_form_website"/>
+        <field name="arch" type="xml">
+            <button name="website_publish_button" position="attributes">
+                <attribute name="groups">base.group_user</attribute>
+            </button>
+            <field name="website_published" position="attributes">
+                <attribute name="groups">base.group_user</attribute>
+            </field>
+        </field>
+    </record>
+
     <record id="view_partner_form_invoice_button_ch" model="ir.ui.view">
         <field name="name">res.partner.form.invoice.switzerland</field>
         <field name="model">res.partner</field>