[ADD]16.0-bank_and_contract_portal:add rules for internal user using portal

2024-09-26 14:33:55 +02:00
parent 37142bfa98
commit 8b2c182103
11 changed files with 90 additions and 185 deletions
--- a/partner_bank_account_portal/security/members_security.xml
+++ b/partner_bank_account_portal/security/members_security.xml
@@ -1,34 +1,70 @@
 <?xml version="1.0" encoding="utf-8"?>
 <odoo>
-    <record model="ir.rule" id="res_partner_portal_members_bank_accounts_read_rule">
-        <field name="name">res_partner: portal: read access on my bank accounts</field>
-        <field name="model_id" ref="base.model_res_partner_bank" />
-        <field name="domain_force">[('partner_id', '=', user.partner_id.id)]</field>
-        <field name="groups" eval="[(4, ref('base.group_portal'))]" />
-        <field name="perm_read" eval="True" />
-        <field name="perm_write" eval="False" />
-        <field name="perm_create" eval="False" />
-        <field name="perm_unlink" eval="False" />
-    </record>

-    <record model="ir.rule" id="res_partner_portal_bank_read_rule">
-        <field name="name">res_partner: portal: read access on my banks</field>
-        <field name="model_id" ref="base.model_res_bank" />
-        <field name="groups" eval="[(4, ref('base.group_portal'))]" />
-        <field name="perm_read" eval="True" />
-        <field name="perm_write" eval="False" />
-        <field name="perm_create" eval="False" />
-        <field name="perm_unlink" eval="False" />
-    </record>
+    <data noupdate="0">
+        <!-- ###################### -->
+        <!-- RULES FOR PORTAL USERS -->
+        <!-- ###################### -->
+        <record model="ir.rule" id="res_partner_portal_members_bank_accounts_read_rule">
+            <field name="name">res_partner: portal: read and write access on my bank accounts</field>
+            <field name="model_id" ref="base.model_res_partner_bank" />
+            <field name="domain_force">[('partner_id', '=', user.partner_id.id)]</field>
+            <field name="groups" eval="[(4, ref('base.group_portal')),(4, ref('base.group_user'))]" />
+            <field name="perm_read" eval="True" />
+            <field name="perm_write" eval="True" />
+            <field name="perm_create" eval="False" />
+            <field name="perm_unlink" eval="False" />
+        </record>

-    <record model="ir.rule" id="res_partner_portal_mandate_read_rule">
-        <field name="name">res_partner: portal: read access on my mandates</field>
-        <field name="model_id" ref="account_banking_mandate.model_account_banking_mandate" />
-        <field name="domain_force">[('partner_id', '=', user.partner_id.id)]</field>
-        <field name="groups" eval="[(4, ref('base.group_portal'))]" />
-        <field name="perm_read" eval="True" />
-        <field name="perm_write" eval="False" />
-        <field name="perm_create" eval="False" />
-        <field name="perm_unlink" eval="False" />
-    </record>
-</odoo>
+        <record model="ir.rule" id="res_partner_portal_bank_read_rule">
+            <field name="name">res_partner: portal: read access on my banks</field>
+            <field name="model_id" ref="base.model_res_bank" />
+            <field name="groups" eval="[(4, ref('base.group_portal'))]" />
+            <field name="perm_read" eval="True" />
+            <field name="perm_write" eval="False" />
+            <field name="perm_create" eval="False" />
+            <field name="perm_unlink" eval="False" />
+        </record>
+
+        <record model="ir.rule" id="res_partner_portal_mandate_read_rule">
+            <field name="name">res_partner: portal: read access on my mandates</field>
+            <field name="model_id" ref="account_banking_mandate.model_account_banking_mandate" />
+            <field name="domain_force">[('partner_id', '=', user.partner_id.id)]</field>
+            <field name="groups" eval="[(4, ref('base.group_portal'))]" />
+            <field name="perm_read" eval="True" />
+            <field name="perm_write" eval="False" />
+            <field name="perm_create" eval="False" />
+            <field name="perm_unlink" eval="False" />
+        </record>
+
+
+        <!-- ######################## -->
+        <!-- RULES FOR INTERNAL USERS -->
+        <!-- ######################## -->
+
+        <!-- restricts access to res.partner.bank as internal user if this internal user do not be part of account manager group or account user group -->
+        <record model="ir.rule" id="portal_internal_user_partner_bank_rules">
+            <field name="name">res_partner: internal users: full access on my bank accounts</field>
+            <field name="model_id" ref="base.model_res_partner_bank" />
+            <field name="domain_force">[('partner_id', '=', user.partner_id.id)]</field>
+            <field name="groups" eval="[(4, ref('base.group_user'))]" />
+            <field name="perm_read" eval="True" />
+            <field name="perm_write" eval="True" />
+            <field name="perm_create" eval="True" />
+            <field name="perm_unlink" eval="True" />
+        </record>
+
+        <record model="ir.rule" id="portal_account_manager_partner_bank_rules">
+            <field name="name">res_partner: account users and managers: full access on all bank accounts</field>
+            <field name="model_id" ref="base.model_res_partner_bank" />
+            <field name="domain_force">['|', ('company_id', 'in', company_ids), ('company_id', '=',
+                False)]</field>
+            <field name="groups"
+                eval="[(4, ref('account.group_account_manager')),(4, ref('account.group_account_invoice')),(4, ref('account.group_account_user'))]" />
+            <field name="perm_read" eval="True" />
+            <field name="perm_write" eval="True" />
+            <field name="perm_create" eval="True" />
+            <field name="perm_unlink" eval="True" />
+        </record>
+    </data>
+</odoo>