[FIX] purchase_order_move_menu: users with Purchase limited permissio…

…ns restrictions
solvosci · Sep 6, 2023 · b003bd3 · b003bd3
1 parent 8c43d99
commit b003bd3
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 5 deletions.
diff --git a/purchase_order_move_menu/__manifest__.py b/purchase_order_move_menu/__manifest__.py
@@ -7,7 +7,7 @@
     """,
     "author": "Solvos",
     "license": "LGPL-3",
-    "version": "13.0.2.0.0",
+    "version": "13.0.2.0.1",
     "category": "Operations/Purchase",
     "website": "https://github.com/solvosci/slv-purchase",
     "depends": ["purchase_stock"],

diff --git a/purchase_order_move_menu/models/stock_move.py b/purchase_order_move_menu/models/stock_move.py
@@ -1,7 +1,7 @@
 # ?? 2022 Solvos Consultor??a Inform??tica (<http://www.solvos.es>)
 # License LGPL-3.0 (https://www.gnu.org/licenses/lgpl-3.0.html)
 
-from odoo import fields, models
+from odoo import api, fields, models
 
 
 class StockMove(models.Model):
@@ -20,3 +20,31 @@ class StockMove(models.Model):
     purchase_user_id = fields.Many2one(
         related="purchase_line_id.order_id.user_id",
     )
+
+    @api.model
+    def action_purchase_moves(self):
+        """
+        Modifies original purchase stock move action depending on Purchase
+        role of the logged user
+        """
+        # Alternative development: making our own action from scatch, like
+        #  https://github.com/odoo/odoo/blob/13.0/addons/stock/models/stock_quant.py#L622
+        # The selected strategy allow us to define action in XML file,
+        #  but has the problem of the needed "fake zero results domain" in
+        #  order to prevent "F5" pages reload, that should only use the
+        #  original action definition
+        action = self.env.ref(
+            "purchase_order_move_menu.action_stock_move_po_move_menu"
+        )
+        result = action.read()[0]
+        # Default (fake) domain is replaced with the right one
+        domain_str = "('purchase_line_id','!=', False), ('state','=', 'done')"
+        if not self._check_purchase_all_permissions(self.env.user):
+            domain_str += ", ('purchase_user_id','=',%d)" % self.env.user.id
+        result["domain"] = "[%s]" % domain_str
+
+        return result
+
+    @api.model
+    def _check_purchase_all_permissions(self, user):
+        return user.has_group("purchase.group_purchase_manager")
diff --git a/purchase_order_move_menu/views/purchase_order_views.xml b/purchase_order_move_menu/views/purchase_order_views.xml
@@ -10,17 +10,26 @@
         <field name="view_ids" eval="[(5, 0, 0),
             (0, 0, {'view_mode': 'tree', 'view_id': ref('stock_move_po_move_menu_tree')}),
             (0, 0, {'view_mode': 'form', 'view_id': ref('stock.view_move_form')})]"/>
-        <field name="domain">[('purchase_line_id','!=', False), ('state','=', 'done')]</field>
-        <!-- <field name="domain">['|', ('location_id.usage','=', 'customer'), ('location_dest_id.usage','=', 'customer'), ('state','=', 'done')]</field> -->
+        <!-- Default access is forbidden, this action shouldn't be directly accessed -->
+        <field name="domain">[('state','=','fake')]</field>
         <field name="context">{
             "search_default_filter_date": 1,
         }</field>
     </record>
 
+    <record model="ir.actions.server" id="action_stock_move_po_move_menu_srv">
+        <field name="name">Purchase Moves</field>
+        <field name="model_id" ref="model_stock_move"/>
+        <field name="state">code</field>
+        <field name="code">
+            action = model.action_purchase_moves()
+        </field>
+    </record>
+
     <menuitem 
         id="menu_purchase_order_sale_moves"
         name="Purchase Moves" 
-        action="action_stock_move_po_move_menu"
+        action="action_stock_move_po_move_menu_srv"
         parent="purchase.menu_purchase_products"
         sequence="100"
         groups="stock.group_stock_user"