[IMP] estate: updated security constraints by company and group

djip-odoo · djip-odoo · commit 51f40b8f300f · 2024-11-28T10:38:12.000+05:30
security is a very challenging assignment.
last time security was not completed. faced many errros that time.
Completed this topic by creating compannies. groups and category was
already created last time.
Learned how to add security constraints by groups and company. also by user.
Tested by creating 2  managers and 2 agents. 1 manager have 2 company allowed.
both agent have diffrent company.
Updated property model to show users by company.
Agents can only access their properties and can sold it.
Manager can have all access to property except unlink it.
Learned about visbility and hide the setting menu for agents which is
can only be modified by the manages.
diff --git a/estate/__manifest__.py b/estate/__manifest__.py
@@ -8,6 +8,9 @@
         part of technical training
     """,
     "data": [
+        # security
+        "security/security.xml",
+        "security/ir.model.access.csv",
         # reports
         "report/paperformat.xml",
         "report/company_details_templates.xml",
@@ -24,11 +27,10 @@
         "views/estate_property_tag_views.xml",
         "views/estate_property_offer_views.xml",
         "views/res_users_views.xml",
-        # security
-        "security/security.xml",
-        "security/ir.model.access.csv",
     ],
     "demo": [
+        "demo/demo_res_company.xml",
+        "demo/demo_res_users.xml",
         "demo/estate.property.types.csv",
         "demo/estate.property.tags.csv",
         "demo/estate_property_demo.xml",
diff --git a/estate/demo/demo_res_company.xml b/estate/demo/demo_res_company.xml
@@ -0,0 +1,12 @@
+<odoo>
+    <record id="estate_company_2" model="res.company">
+        <field name="name">Estate Company</field>
+        <field name="street">123 Estate Lane</field>
+        <field name="city">Estate City</field>
+        <field name="state_id" ref="base.state_us_12"/> <!-- Example state (California, adjust as needed) -->
+        <field name="country_id" ref="base.us"/> <!-- Example country (USA, adjust as needed) -->
+        <field name="zip">90210</field>
+        <field name="phone">+1 234 567 8900</field>
+        <field name="email">info@estatecompany2.com</field>
+    </record>
+</odoo>
diff --git a/estate/demo/demo_res_users.xml b/estate/demo/demo_res_users.xml
@@ -0,0 +1,39 @@
+<odoo>
+    <!-- Manager Users -->
+    <record id="estate_manager_user_1" model="res.users">
+        <field name="name">Manager 1 Estate</field>
+        <field name="login">m1</field>
+        <field name="password">p</field>
+        <field name="groups_id" eval="[ref('base.group_user'), ref('estate.group_estate_user_manager')]"/>
+        <field name="company_id" ref="base.main_company"/> 
+        <field name="company_ids" eval="[ref('base.main_company'), ref('estate_company_2')]"/> 
+    </record>
+
+    <record id="estate_manager_user_2" model="res.users">
+        <field name="name">Manager 2 Estate</field>
+        <field name="login">m2</field>
+        <field name="password">p</field>
+        <field name="groups_id" eval="[ref('base.group_user'), ref('estate.group_estate_user_manager')]"/>
+        <field name="company_id" ref="estate_company_2"/> 
+        <field name="company_ids" eval="[ref('estate_company_2')]"/> 
+    </record>
+
+    <!-- Agent Users -->
+    <record id="estate_agent_user_1" model="res.users">
+        <field name="name">Agent 1 Estate</field>
+        <field name="login">a1</field>
+        <field name="password">p</field>
+        <field name="groups_id" eval="[ref('base.group_user'), ref('estate.group_estate_user_agent')]"/>
+        <field name="company_id" ref="base.main_company"/> 
+        <field name="company_ids" eval="[ref('base.main_company')]"/> 
+    </record>
+    
+    <record id="estate_agent_user_2" model="res.users">
+        <field name="name">Agent 2 Estate</field>
+        <field name="login">a2</field>
+        <field name="password">p</field>
+        <field name="groups_id" eval="[ref('base.group_user'), ref('estate.group_estate_user_agent')]"/>
+        <field name="company_id" ref="estate_company_2"/> 
+        <field name="company_ids" eval="[ref('estate_company_2')]"/> 
+    </record>
+</odoo>
diff --git a/estate/demo/estate_property_demo.xml b/estate/demo/estate_property_demo.xml
@@ -14,7 +14,8 @@
             <field name="garage">True</field>
             <field name="garden">True</field>
             <field name="garden_area">100000</field>
-            <field name="user_id" ref="base.user_admin" />
+            <field name="user_id" ref="estate.estate_agent_user_1" />
+            <field name="company_id" ref="base.main_company" />
             <field name="garden_orientation">south</field>
             <field name="property_type_id" ref="estate_property_type_villa" />
         </record>
@@ -33,7 +34,8 @@
             <field name="garage">False</field>
             <field name="garden">False</field>
             <field name="garden_area">0</field>
-            <field name="user_id" ref="base.user_admin" />
+            <field name="user_id" ref="estate.estate_agent_user_1" />
+            <field name="company_id" ref="base.main_company" />
             <field name="garden_orientation" />
             <field name="property_type_id" ref="estate_property_type_apartment" />
         </record>
@@ -49,7 +51,8 @@
             <field name="bedrooms">15</field>
             <field name="living_area">10000</field>
             <field name="facades">4</field>
-            <field name="user_id" ref="base.user_admin" />
+            <field name="user_id" ref="estate.estate_agent_user_1" />
+            <field name="company_id" ref="base.main_company" />
             <field name="garage">False</field>
             <field name="garden">False</field>
             <field name="garden_area">0</field>
@@ -89,7 +92,8 @@
             <field name="bedrooms">5</field>
             <field name="living_area">350</field>
             <field name="facades">3</field>
-            <field name="user_id" ref="base.user_admin" />
+            <field name="user_id" ref="estate.estate_agent_user_1" />
+            <field name="company_id" ref="base.main_company" />
             <field name="garage">True</field>
             <field name="garden">True</field>
             <field name="garden_area">500</field>
@@ -109,7 +113,8 @@
             <field name="selling_price">0.00</field>
             <field name="bedrooms">0</field>
             <field name="living_area">1000</field>
-            <field name="user_id" ref="base.user_admin" />
+            <field name="user_id" ref="estate.estate_agent_user_1" />
+            <field name="company_id" ref="base.main_company" />
             <field name="facades">2</field>
             <field name="garage">False</field>
             <field name="garden">False</field>
@@ -131,7 +136,9 @@
             <field name="living_area">80</field>
             <field name="facades">1</field>
             <field name="garage">True</field>
-            <field name="user_id" ref="base.user_admin" />
+            <field name="user_id" ref="estate.estate_agent_user_2" />
+            <field name="company_id" ref="estate_company_2" />
+            <field name="partner_id" ref="base.res_partner_5" />
             <field name="garden">False</field>
             <field name="garden_area">0</field>
             <field name="garden_orientation" />
@@ -166,7 +173,9 @@
             <field name="bedrooms">0</field>
             <field name="living_area">0</field>
             <field name="facades">4</field>
-            <field name="user_id" ref="base.user_admin" />
+            <field name="user_id" ref="estate.estate_agent_user_2" />
+            <field name="company_id" ref="estate_company_2" />
+            <field name="partner_id" ref="base.res_partner_18" />
             <field name="garage">False</field>
             <field name="garden">False</field>
             <field name="garden_area">0</field>
@@ -186,7 +195,9 @@
             <field name="bedrooms">0</field>
             <field name="living_area">2000</field>
             <field name="facades">2</field>
-            <field name="user_id" ref="base.user_admin" />
+            <field name="user_id" ref="estate.estate_agent_user_2" />
+            <field name="company_id" ref="estate_company_2" />
+            <field name="partner_id" ref="base.res_partner_12" />
             <field name="garage">False</field>
             <field name="garden">False</field>
             <field name="garden_area">0</field>
@@ -208,7 +219,9 @@
             <field name="facades">5</field>
             <field name="garage">True</field>
             <field name="active">false</field>
-            <field name="user_id" ref="base.user_admin" />
+            <field name="user_id" ref="estate.estate_agent_user_2" />
+            <field name="company_id" ref="estate_company_2" />
+            <field name="partner_id" ref="base.res_partner_4" />
             <field name="garden_area">2000</field>
             <field name="garden_orientation">west</field>
             <field name="property_type_id" ref="estate_property_type_villa" />
diff --git a/estate/models/estate_property.py b/estate/models/estate_property.py
@@ -8,6 +8,7 @@
 class EstateProperty(models.Model):
     _name = "estate.property"
     _description = "Real Estate Property"
+    _check_company_auto = True
 
     name = fields.Char(required=True, string="Name")
     postcode = fields.Char(string="Pincode")
@@ -53,6 +54,7 @@ class EstateProperty(models.Model):
         string="Salesperson",
         index=True,
         default=lambda self: self.env.user,
+        check_company=True
     )
     partner_id = fields.Many2one("res.partner", string="Buyer", copy=False)
     tag_ids = fields.Many2many("estate.property.tags", string="Tags")
@@ -62,6 +64,13 @@ class EstateProperty(models.Model):
         string="Offers",
     )
     best_price = fields.Float(compute="_compute_best_price")
+    
+    company_id = fields.Many2one(
+        'res.company',
+        string="Company",
+        required=True,
+        default=lambda self: self.env.company,
+    )
 
     @api.depends("living_area", "garden_area")
     def _compute_total_area(self):
diff --git a/estate/security/ir.model.access.csv b/estate/security/ir.model.access.csv
@@ -1,10 +1,10 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
-estate.manager_access_estate_property,access_estate_property,estate.model_estate_property,estate.estate_group_manager,1,1,1,0
-estate.manager_access_estate_property_types,access_estate_property_types,estate.model_estate_property_types,estate.estate_group_manager,1,1,1,1
-estate.manager_access_estate_property_tags,access_estate_property_tags,estate.model_estate_property_tags,estate.estate_group_manager,1,1,1,1
-estate.manager_access_estate_property_offers,access_estate_property_offers,estate.model_estate_property_offers,estate.estate_group_manager,1,1,1,1
+estate.manager_access_estate_property,manager_access_estate_property_name,estate.model_estate_property,estate.group_estate_user_manager,1,1,1,0
+estate.manager_access_estate_property_types,manager_access_estate_property_types_name,estate.model_estate_property_types,estate.group_estate_user_manager,1,1,1,1
+estate.manager_access_estate_property_tags,manager_access_estate_property_tags_name,estate.model_estate_property_tags,estate.group_estate_user_manager,1,1,1,1
+estate.manager_access_estate_property_offers,manager_access_estate_property_offers_name,estate.model_estate_property_offers,estate.group_estate_user_manager,1,1,1,1
 
-estate.agent_access_estate_property,access_estate_property,estate.model_estate_property,estate.estate_group_user,1,1,1,0
-estate.agent_access_estate_property_types,access_estate_property_types,estate.model_estate_property_types,estate.estate_group_user,1,0,0,0
-estate.agent_access_estate_property_tags,access_estate_property_tags,estate.model_estate_property_tags,estate.estate_group_user,1,0,0,0
-estate.agent_access_estate_property_offers,access_estate_property_offers,estate.model_estate_property_offers,estate.estate_group_user,1,1,1,0
+estate.agent_access_estate_property,agent_access_estate_property_name,estate.model_estate_property,estate.group_estate_user_agent,1,1,1,0
+estate.agent_access_estate_property_types,agent_access_estate_property_types_name,estate.model_estate_property_types,estate.group_estate_user_agent,1,0,0,0
+estate.agent_access_estate_property_tags,agent_access_estate_property_tags_name,estate.model_estate_property_tags,estate.group_estate_user_agent,1,0,0,0
+estate.agent_access_estate_property_offers,agent_access_estate_property_offers_name,estate.model_estate_property_offers,estate.group_estate_user_agent,1,1,1,0
diff --git a/estate/security/security.xml b/estate/security/security.xml
@@ -1,29 +1,44 @@
 <odoo>
-    <record id="base.module_category_real_estate_brokerage" model="ir.module.category">
-        <field name="name">Real Estate Brokerage</field>
-    </record>
+    <data noupdate="False">
+        <record id="base.module_category_real_estate_brokerage" model="ir.module.category">
+            <field name="name">Real Estate Brokerage</field>
+        </record>
 
-    <!-- Create the Agent Group and Assign it to the Real Estate Brokerage Category -->
-    <record id="estate_group_user" model="res.groups">
-        <field name="name">Agent</field>
-        <field name="category_id" ref="base.module_category_real_estate_brokerage" />
-    </record>
+        <!-- Create the Agent Group and Assign it to the Real Estate Brokerage Category -->
+        <record id="group_estate_user_agent" model="res.groups">
+            <field name="name">Agent</field>
+            <field name="category_id" ref="base.module_category_real_estate_brokerage" />
+        </record>
 
-    <!-- Define Manager Group -->
-    <record id="estate_group_manager" model="res.groups">
-        <field name="name">Manager</field>
-        <field name="category_id" ref="base.module_category_real_estate_brokerage" />
-        <field name="implied_ids" eval="[(4, ref('estate_group_user'))]" />
-    </record>
+        <!-- Define Manager Group -->
+        <record id="group_estate_user_manager" model="res.groups">
+            <field name="name">Manager</field>
+            <field name="category_id" ref="base.module_category_real_estate_brokerage" />
+            <field name="implied_ids" eval="[(ref('group_estate_user_agent'))]" />
+            <field name="users" eval="[(4, ref('base.user_admin'))]" />
+        </record>
 
-    <record id="estate_property_agent_rule" model="ir.rule">
-        <field name="name">Agent Access on Properties</field>
-        <field name="model_id" ref="estate.model_estate_property" />
-        <field name="groups" eval="[(4, ref('estate.estate_group_user'))]" />
-        <field name="domain_force">["|",('user_id', '=', user.id),('user_id', '=', False)]</field>
-        <field name="perm_read" eval="1" />
-        <field name="perm_write" eval="1" />
-        <field name="perm_create" eval="1" />
-        <field name="perm_unlink" eval="0" />
-    </record>
+        <record id="estate_property_agent_rule" model="ir.rule">
+            <field name="name"> limits agents to only being able to see or modify properties which
+                have no salesperson, or for which they are the salesperson.</field>
+            <field name="model_id" ref="estate.model_estate_property" />
+            <field name="groups" eval="[Command.link(ref('estate.group_estate_user_agent'))]" />
+            <field name="domain_force">["|",
+                ('user_id', '=', user.id),
+                ('user_id', '=', False),
+                ('company_id', 'in', company_ids)
+                ]
+            </field>
+            <field name="perm_create" eval="0" />
+            <field name="perm_unlink" eval="0" />
+        </record>
+
+        <record id="estate_property_manager_rule" model="ir.rule">
+            <field name="name">Managers can see everything</field>
+            <field name="model_id" ref="estate.model_estate_property" />
+            <field name="groups" eval="[Command.link(ref('estate.group_estate_user_manager'))]" />
+            <field name="domain_force">[(1,"=",1)]</field>
+            <field name="perm_unlink" eval="0" />
+        </record>
+    </data>
 </odoo>
diff --git a/estate/views/estate_property_views.xml b/estate/views/estate_property_views.xml
@@ -22,6 +22,7 @@
                 <field name="garden_orientation" optional="hidden" />
                 <field name="garden" optional="hidden" />
                 <field name="state" optional="hidden" />
+                <field name="company_id" optional="hidden" />
             </list>
         </field>
     </record>
@@ -72,6 +73,11 @@
                             <field name="selling_price" />
                         </group>
                     </group>
+                    <group>
+                        <group>
+                            <field name="company_id" />
+                        </group>
+                    </group>
                     <notebook>
                         <page string="Description">
                             <group>
diff --git a/estate/views/menu_views.xml b/estate/views/menu_views.xml
@@ -23,6 +23,7 @@
         id="real_estate_menu_setting"
         parent="real_estate_menu_app"
         name="Settings"
+        groups="estate.group_estate_user_manager"
     />
     <menuitem
         id="real_estate_menu_setting_property_type"
diff --git a/estate_account/__manifest__.py b/estate_account/__manifest__.py
@@ -8,10 +8,14 @@
     """,
     "data": [
         "report/estate_estate_property_templates.xml",
-        "views/actions_smart_button.xml",
-        "views/estate_property_views.xml",
+        "security/ir.model.access.csv",
+        # "views/actions_smart_button.xml",
+        # "views/estate_property_views.xml",
+    ],
+    "demo": [
+        "demo/demo_journal_for_company.xml",
+        "demo/demo_invoice_data_property.xml",
     ],
-    "demo": ["demo/demo_invoice_data_property.xml"],
     "installable": True,
     "auto_install": True,
     "license": "LGPL-3",
diff --git a/estate_account/demo/demo_invoice_data_property.xml b/estate_account/demo/demo_invoice_data_property.xml
@@ -6,21 +6,19 @@
             <field name="property_id" ref="estate.estate_property_luxury_mountain_view_villa" />
             <field name="invoice_line_ids"
                 eval="[
-                 Command.create({'name': 'Property selling price', 'quantity': 1, 'price_unit': 48050000}),
                  Command.create({'name': '6% of the selling price', 'quantity': 1, 'price_unit': 48050000 * 0.06}),
                  Command.create({'name': 'Administrative price', 'quantity': 1, 'price_unit': 100}),
                 ]"
             />
-        </record>
+        </record> 
 
         <record id="account_move_200" model="account.move">
             <field name="move_type">out_invoice</field>
             <field name="partner_id" ref="base.res_partner_18" />
             <field name="property_id" ref="estate.estate_property_land_for_sale" />
             <field name="invoice_line_ids"
                 eval="[
-                 Command.create({'name': 'Property purchase price', 'quantity': 1, 'price_unit': 2655000}),
-                 Command.create({'name': '6% of the purchase price', 'quantity': 1, 'price_unit': 2655000 * 0.06}),
+                 Command.create({'name': '6% of the selling price', 'quantity': 1, 'price_unit': 2655000 * 0.06}),
                  Command.create({'name': 'Administrative cost', 'quantity': 1, 'price_unit': 100}),
                 ]"
             />
@@ -32,8 +30,7 @@
             <field name="property_id" ref="estate.estate_property_industrial_warehouse" />
             <field name="invoice_line_ids"
                 eval="[
-                 Command.create({'name': 'Property purchase price', 'quantity': 1, 'price_unit': 10550000}),
-                 Command.create({'name': '6% of the purchase price', 'quantity': 1, 'price_unit': 10550000 * 0.06}),
+                 Command.create({'name': '6% of the selling price', 'quantity': 1, 'price_unit': 10550000 * 0.06}),
                  Command.create({'name': 'Administrative cost', 'quantity': 1, 'price_unit': 100}),
                 ]"
             />
diff --git a/estate_account/demo/demo_journal_for_company.xml b/estate_account/demo/demo_journal_for_company.xml
@@ -0,0 +1,16 @@
+<odoo>
+    <record id="account_sale_journal_1" model="account.journal">
+        <field name="name">Sale Journal</field>
+        <field name="code">CI1</field>
+        <field name="type">sale</field>
+        <field name="company_id" ref="base.main_company" />
+    </record>
+
+
+    <record id="customer_invoice_journal_2" model="account.journal">
+        <field name="name">Customer Invoice 2</field>
+        <field name="code">CI2</field>
+        <field name="type">sale</field>
+        <field name="company_id" ref="estate.estate_company_2" />
+    </record>
+</odoo>
diff --git a/estate_account/models/estate_property.py b/estate_account/models/estate_property.py
diff --git a/estate_account/security/ir.model.access.csv b/estate_account/security/ir.model.access.csv
