[14.0] base_user_role: prevent adding admin to empty role

When creating a new user role, it is possible to add a user to that role without having added any groups. If this is saved, all that user’s access rights will be wiped and he will not able to login anymore (Internal Server Error).
OCA · Sep 5, 2024 · 65bc33d · 65bc33d
1 parent 41b41f5
commit 65bc33d
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/base_user_role/models/user.py b/base_user_role/models/user.py
@@ -1,7 +1,7 @@
 # Copyright 2014 ABF OSIELL <http://osiell.com>
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
 from odoo import api, fields, models
-
+from odoo.exceptions import UserError
 
 class ResUsers(models.Model):
     _inherit = "res.users"
@@ -73,6 +73,8 @@ def set_groups_from_roles(self, force=False):
         for user in self:
             if not user.role_line_ids and not force:
                 continue
+            if user._is_admin() and self.env.ref('base.group_user').id not in role_groups[role]:
+                raise UserError("The admin user cannot have roles without at least `User types / Internal User` group.")
             group_ids = []
             for role_line in user._get_enabled_roles():
                 role = role_line.role_id