[14.0] [IMP] cetmix_tower_server: managers can remove flightplan lines

cetmix_tower_server/security/cx_tower_plan_line_action_security.xml

@@ -12,12 +12,25 @@
  </record>
 
  <record id="cx_tower_plan_line_action_rule_group_manager_access" model="ir.rule">
- <field name="name">Tower plan line action: manager access rule</field>
+ <field
+ name="name"
+ >Tower plan line action: manager Read/Write access rule</field>
  <field name="model_id" ref="model_cx_tower_plan_line_action" />
  <field name="domain_force">[('access_level', '&lt;=', '2')]</field>
  <field name="groups" eval="[(4, ref('cetmix_tower_server.group_manager'))]" />
+ <field name="perm_read" eval="1" />
+ <field name="perm_create" eval="1" />
+ <field name="perm_write" eval="1" />
+ <field name="perm_unlink" eval="0" />
 
+ </record>
 
+ <record id="cx_tower_plan_line_action_rule_manager_unlink" model="ir.rule">
+ <field name="name">Tower plan line action: manager delete own records</field>
+ <field name="model_id" ref="model_cx_tower_plan_line_action" />
+ <field name="domain_force">[('create_uid', '=', user.id)]</field>
+ <field name="groups" eval="[(4, ref('cetmix_tower_server.group_manager'))]" />
+ <field name="perm_unlink" eval="1" />
  </record>
 
 

cetmix_tower_server/security/cx_tower_plan_line_security.xml

@@ -12,12 +12,23 @@
  </record>
 
  <record id="cx_tower_plan_line_rule_group_manager_access" model="ir.rule">
- <field name="name">Tower plan line: manager access rule</field>
+ <field name="name">Tower plan line: manager Read/Write access rule</field>
  <field name="model_id" ref="model_cx_tower_plan_line" />
  <field name="domain_force">[('access_level', '&lt;=', '2')]</field>
  <field name="groups" eval="[(4, ref('cetmix_tower_server.group_manager'))]" />
+ <field name="perm_read" eval="1" />
+ <field name="perm_create" eval="1" />
+ <field name="perm_write" eval="1" />
+ <field name="perm_unlink" eval="0" />
 
+ </record>
 
+ <record id="cx_tower_plan_line_rule_group_manager_unlink" model="ir.rule">
+ <field name="name">Tower plan line: manager delete own records</field>
+ <field name="model_id" ref="model_cx_tower_plan_line" />
+ <field name="domain_force">[('create_uid', '=', user.id)]</field>
+ <field name="groups" eval="[(4, ref('cetmix_tower_server.group_manager'))]" />
+ <field name="perm_unlink" eval="1" />
  </record>
 
 

cetmix_tower_server/security/ir.model.access.csv

@@ -14,7 +14,7 @@ access_server_user,Server->User,model_cx_tower_server,group_user,1,0,0,0
 access_server_manager,Server->Manager,model_cx_tower_server,group_manager,1,1,1,0
 access_server_root,Server->Root,model_cx_tower_server,group_root,1,1,1,1
 access_interpreter_user,Interpreter->User,model_cx_tower_interpreter,group_user,1,0,0,0
-access_interpreter_manager,Interpreter->Manager,model_cx_tower_interpreter,group_manager,1,1,1,0
+access_interpreter_manager,Interpreter->Manager,model_cx_tower_interpreter,group_manager,1,1, 1,0
 access_interpreter_root,Interpreter->Root,model_cx_tower_interpreter,group_root,1,1,1,1
 access_command_user,Command->User,model_cx_tower_command,group_user,1,0,0,0
 access_command_manager,Command->Manager,model_cx_tower_command,group_manager,1,1,1,0
@@ -30,10 +30,10 @@ access_plan_user,Plan->User,model_cx_tower_plan,group_user,1,0,0,0
 access_plan_manager,Plan->Manager,model_cx_tower_plan,group_manager,1,1,1,0
 access_plan_root,Plan->Root,model_cx_tower_plan,group_root,1,1,1,1
 access_plan_line_user,Plan Line->User,model_cx_tower_plan_line,group_user,1,0,0,0
-access_plan_line_manager,Plan Line->Manager,model_cx_tower_plan_line,group_manager,1,1,1,0
+access_plan_line_manager,Plan Line->Manager,model_cx_tower_plan_line,group_manager,1,1,1,1
 access_plan_line_root,Plan Line->Root,model_cx_tower_plan_line,group_root,1,1,1,1
 access_plan_line_action_user,Plan Line Action->User,model_cx_tower_plan_line_action,group_user,1,0,0,0
-access_plan_line_action_manager,Plan Line Action->Manager,model_cx_tower_plan_line_action,group_manager,1,1,1,0
+access_plan_line_action_manager,Plan Line Action->Manager,model_cx_tower_plan_line_action,group_manager,1,1,1,1
 access_plan_line_action_root,Plan Line Action->Root,model_cx_tower_plan_line_action,group_root,1,1,1,1
 access_plan_log_user,Plan Log->User,model_cx_tower_plan_log,group_user,1,0,0,0
 access_plan_log_root,Plan Log->User,model_cx_tower_plan_log,group_root,1,1,1,1

cetmix_tower_server/tests/test_plan.py

@@ -601,3 +601,180 @@ def test_plan_with_action_variables_for_condition(self):
  new_plan_log_records.command_log_ids[1].is_skipped,
  msg="The second plan line should not be skipped",
  )
+
+ def test_plan_lines_access_rights(self):
+ # Create a test plan with plan lines
+ self.plan_2 = self.Plan.create(
+ {
+ "name": "Test plan 2",
+ "note": "Test note",
+ "tag_ids": [
+ (6, 0, [self.env.ref("cetmix_tower_server.tag_staging").id])
+ ],
+ "line_ids": [
+ (0, 0, {"command_id": self.command_create_dir.id, "sequence": 1}),
+ (0, 0, {"command_id": self.command_list_dir.id, "sequence": 2}),
+ ],
+ }
+ )
+ # Ensure default access level is correct
+ self.assertEqual(self.plan_2.access_level, "2")
+
+ # Remove user_bob from all cxtower_server groups
+ self.remove_from_group(
+ self.user_bob,
+ [
+ "cetmix_tower_server.group_user",
+ "cetmix_tower_server.group_manager",
+ "cetmix_tower_server.group_root",
+ ],
+ )
+
+ # Ensure that user without any group cannot access plan lines
+ test_plan_2_as_bob = self.plan_2.with_user(self.user_bob)
+ with self.assertRaises(AccessError):
+ plan_line_name = test_plan_2_as_bob.line_ids[0].command_id.name
+
+ # Add user_bob to `group_user` and test plan.line access
+ self.add_to_group(self.user_bob, "cetmix_tower_server.group_user")
+ # Set access level to 1, so group_user can access the plan lines
+ self.plan_2.write({"access_level": "1"})
+ plan_line_name = test_plan_2_as_bob.line_ids[0].name
+ self.assertEqual(
+ plan_line_name,
+ "Test create directory",
+ msg="User should access plan lines with access_level 1",
+ )
+
+ # Add user_bob to `group_manager` and test edit rights for plan.line
+ self.add_to_group(self.user_bob, "cetmix_tower_server.group_manager")
+ test_plan_2_as_bob.write({"access_level": "2"})
+ self.assertEqual(test_plan_2_as_bob.access_level, "2")
+ test_plan_2_as_bob.line_ids.write({"sequence": 3})
+ self.assertEqual(
+ test_plan_2_as_bob.line_ids[0].sequence,
+ 3,
+ msg="Manager should be able to update sequence",
+ )
+
+ # Ensure that manager cannot delete plan lines they did not create
+ with self.assertRaises(AccessError):
+ test_plan_2_as_bob.line_ids[0].unlink()
+
+ # Create a new plan line as user_bob (manager)
+ plan_line_as_bob = self.plan_line.with_user(self.user_bob).create(
+ {
+ "plan_id": test_plan_2_as_bob.id,
+ "command_id": self.command_create_dir.id,
+ "sequence": 10,
+ }
+ )
+
+ # Ensure the plan line was created and check that create_uid is user_bob
+ self.assertEqual(
+ plan_line_as_bob.create_uid.id,
+ self.user_bob.id,
+ msg="Create_uid should be user_bob",
+ )
+
+ # Check that user_bob can delete the plan line he has just created
+ plan_line_as_bob.unlink()
+
+ # Ensure the plan line has been deleted
+ self.assertFalse(
+ plan_line_as_bob.exists(),
+ msg="Manager should be able to delete own plan line",
+ )
+
+ # def test_plan_line_action_access_rights(self):
+ # # Create a test plan with plan lines
+ # self.plan_2 = self.Plan.create(
+ # {
+ # "name": "Test plan 2",
+ # "note": "Test note",
+ # "tag_ids": [
+ # (6, 0, [self.env.ref("cetmix_tower_server.tag_staging").id])
+ # ],
+ # "line_ids": [
+ # (0, 0, {"command_id": self.command_create_dir.id, "sequence": 1}),
+ # ],
+ # }
+ # )
+
+ # # Create a plan line action for the first line
+ # self.plan_line_action = self.env['cx.tower.plan.line.action'].create({
+ # "line_id": self.plan_2.line_ids[0].id,
+ # "condition": "==",
+ # "value_char": "0",
+ # "action": "n",
+ # })
+
+ # # Ensure default access level is correct
+ # self.assertEqual(self.plan_2.access_level, "2")
+
+ # # Remove user_bob from all cxtower_server groups
+ # self.remove_from_group(
+ # self.user_bob,
+ # [
+ # "cetmix_tower_server.group_user",
+ # "cetmix_tower_server.group_manager",
+ # "cetmix_tower_server.group_root",
+ # ],
+ # )
+
+ # # Ensure that user_bob without any group cannot access plan line actions
+ # test_plan_line_action_as_bob = self.plan_line_action.with_user(self.user_bob)
+ # with self.assertRaises(AccessError):
+ # action_name = test_plan_line_action_as_bob.name
+
+ # # Add user_bob to `group_user` and test plan.line.action access
+ # self.add_to_group(self.user_bob, "cetmix_tower_server.group_user")
+ # # Set access level to 1, so group_user can access the plan line actions
+ # self.plan_2.write({"access_level": "1"})
+ # self.assertEqual(test_plan_line_action_as_bob.access_level, "1")
+
+ # # action_condition_read = test_plan_line_action_as_bob.read([])
+ # # self.assertEqual(
+ # # action_condition_read[0].name,
+ # # test_plan_line_action_as_bob[0].name,
+ # # msg="User should access plan line actions with access_level 1",
+ # # )
+
+ # # Add user_bob to `group_manager` and test edit rights for plan.line.action
+ # self.add_to_group(self.user_bob, "cetmix_tower_server.group_manager")
+ # test_plan_line_action_as_bob.write({"value_char": "1"})
+ # self.assertEqual(
+ # test_plan_line_action_as_bob.value_char,
+ # "1",
+ # msg="Manager should be able to update plan line action",
+ # )
+
+ # # Ensure that manager cannot delete plan line actions they did not create
+ # with self.assertRaises(AccessError):
+ # test_plan_line_action_as_bob.unlink()
+
+ # # Create a new plan line action as user_bob (manager)
+ # plan_line_action_as_bob = self.env['cx.tower.plan.line.action'].
+ # with_user(self.user_bob).create({
+ # "line_id": test_plan_2_as_bob.line_ids[0].id,
+ # "condition": ">",
+ # "value_char": "100",
+ # "action": "e",
+ # })
+
+ # # Ensure the plan line action was created
+ # and check that create_uid is user_bob
+ # self.assertEqual(
+ # plan_line_action_as_bob.create_uid.id,
+ # self.user_bob.id,
+ # msg="Create_uid should be user_bob",
+ # )
+
+ # # Check that user_bob can delete the plan line action he has just created
+ # plan_line_action_as_bob.unlink()
+
+ # # Ensure the plan line action has been deleted
+ # self.assertFalse(
+ # plan_line_action_as_bob.exists(),
+ # msg="Manager should be able to delete own plan line action",
+ # )