diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c1354aa96..ac650dc44 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -36,17 +36,17 @@ jobs: matrix: include: - container: ghcr.io/oca/oca-ci/py3.10-odoo18.0:latest - include: "mail_post_defer" + include: "mail_post_defer,mail_activity_done" name: test with Odoo - container: ghcr.io/oca/oca-ci/py3.10-ocb18.0:latest - include: "mail_post_defer" + include: "mail_post_defer,mail_activity_done" name: test with OCB makepot: "true" - container: ghcr.io/oca/oca-ci/py3.10-odoo18.0:latest - exclude: "mail_post_defer" + exclude: "mail_post_defer,mail_activity_done" name: test with Odoo - container: ghcr.io/oca/oca-ci/py3.10-ocb18.0:latest - exclude: "mail_post_defer" + exclude: "mail_post_defer,mail_activity_done" name: test with OCB makepot: "true" services: diff --git a/mail_activity_restrict/README.rst b/mail_activity_restrict/README.rst new file mode 100644 index 000000000..9e9ca36e0 --- /dev/null +++ b/mail_activity_restrict/README.rst @@ -0,0 +1,84 @@ +=============================== +Mail Activity Write Restriction +=============================== + +.. + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! This file is generated by oca-gen-addon-readme !! + !! changes will be overwritten. !! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! source digest: sha256:fca1d7f4b556efb27cc73e10028731aabfc09055e8de4512727b28352a6361e3 + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png + :target: https://odoo-community.org/page/development-status + :alt: Beta +.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 +.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fmail-lightgray.png?logo=github + :target: https://github.com/OCA/mail/tree/18.0/mail_activity_restrict + :alt: OCA/mail +.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png + :target: https://translation.odoo-community.org/projects/mail-18-0/mail-18-0-mail_activity_restrict + :alt: Translate me on Weblate +.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png + :target: https://runboat.odoo-community.org/builds?repo=OCA/mail&target_branch=18.0 + :alt: Try me on Runboat + +|badge1| |badge2| |badge3| |badge4| |badge5| + +When the activity type option "Restrict Write to Assigned User" on an +activity type is enabled, only the assigned user can edit or mark the +activity as done. + +The restriction is enforced through the activity access check, so it +applies consistently to write and done flows. + +**Table of contents** + +.. contents:: + :local: + +Usage +===== + +To use this module: + +1. Go to Activity Types. +2. Open the activity type you want to protect. +3. Enable "Restrict Write to Assigned User". +4. Save. + +From now on, only the assigned user can modify or complete activities of +this type. + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +`feedback `_. + +Do not contact contributors directly about support or help with technical issues. + +Credits +======= + +Maintainers +----------- + +This module is maintained by the OCA. + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +This module is part of the `OCA/mail `_ project on GitHub. + +You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/mail_activity_restrict/__init__.py b/mail_activity_restrict/__init__.py new file mode 100644 index 000000000..0650744f6 --- /dev/null +++ b/mail_activity_restrict/__init__.py @@ -0,0 +1 @@ +from . import models diff --git a/mail_activity_restrict/__manifest__.py b/mail_activity_restrict/__manifest__.py new file mode 100644 index 000000000..91aa97202 --- /dev/null +++ b/mail_activity_restrict/__manifest__.py @@ -0,0 +1,16 @@ +{ + "name": "Mail Activity Write Restriction", + "version": "18.0.1.0.0", + "category": "Productivity/Mail", + "license": "AGPL-3", + "author": "Odoo Community Association (OCA)", + "website": "https://github.com/OCA/mail", + "depends": [ + "mail", + ], + "data": [ + "views/mail_activity_type_views.xml", + ], + "installable": True, + "application": False, +} diff --git a/mail_activity_restrict/models/__init__.py b/mail_activity_restrict/models/__init__.py new file mode 100644 index 000000000..1beace17c --- /dev/null +++ b/mail_activity_restrict/models/__init__.py @@ -0,0 +1,2 @@ +from . import mail_activity_type +from . import mail_activity diff --git a/mail_activity_restrict/models/mail_activity.py b/mail_activity_restrict/models/mail_activity.py new file mode 100644 index 000000000..87a8fcbdd --- /dev/null +++ b/mail_activity_restrict/models/mail_activity.py @@ -0,0 +1,49 @@ +"""Restrict mail.activity modifications to the assigned user.""" + +from odoo import models +from odoo.exceptions import AccessError + + +class MailActivity(models.Model): + """Extend mail.activity access checks for restricted activity types.""" + + _inherit = "mail.activity" + + def _get_can_write_restrict_allowed_activities(self): + """Return restricted activities the current user may modify.""" + return self.sudo().filtered_domain([("user_id", "=", self.env.uid)]) + + def _make_can_write_restrict_error(self, operation: str) -> AccessError: + """Build the access error raised for restricted activity types.""" + if len(self) == 1: + return AccessError( + self.env._( + "You cannot %(operation)s this activity because only " + "the assigned user can modify activities of this type.", + operation=operation, + ) + ) + return AccessError( + self.env._( + "You cannot %(operation)s some activities because only their " + "assigned user can modify activities of this type.", + operation=operation, + ) + ) + + def _check_access(self, operation: str) -> tuple | None: + """Restrict write-like operations when the activity type requires it.""" + result = super()._check_access(operation) + if operation not in ("write", "unlink") or not self or self.env.su: + return result + + restricted = self.filtered("activity_type_id.can_write_restrict") + forbidden = restricted - restricted._get_can_write_restrict_allowed_activities() + if not forbidden: + return result + + if result and not (forbidden - result[0]): + return result + + forbidden = result[0] | forbidden if result else forbidden + return forbidden, lambda: forbidden._make_can_write_restrict_error(operation) diff --git a/mail_activity_restrict/models/mail_activity_type.py b/mail_activity_restrict/models/mail_activity_type.py new file mode 100644 index 000000000..72c2341b4 --- /dev/null +++ b/mail_activity_restrict/models/mail_activity_type.py @@ -0,0 +1,18 @@ +"""Extension to mail.activity.type model for write restriction.""" + +from odoo import fields, models + + +class MailActivityType(models.Model): + """Extend mail.activity.type with write restriction control.""" + + _inherit = "mail.activity.type" + + can_write_restrict = fields.Boolean( + string="Restrict Write to Assigned User", + default=False, + help=( + "If checked, only the assigned user (user_id field) can write/edit " + "activities of this type. Other users cannot modify restricted activities." + ), + ) diff --git a/mail_activity_restrict/pyproject.toml b/mail_activity_restrict/pyproject.toml new file mode 100644 index 000000000..4231d0ccc --- /dev/null +++ b/mail_activity_restrict/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["whool"] +build-backend = "whool.buildapi" diff --git a/mail_activity_restrict/readme/DESCRIPTION.md b/mail_activity_restrict/readme/DESCRIPTION.md new file mode 100644 index 000000000..10ab780e3 --- /dev/null +++ b/mail_activity_restrict/readme/DESCRIPTION.md @@ -0,0 +1,5 @@ +When the activity type option "Restrict Write to Assigned User" on an activity type is enabled, +only the assigned user can edit or mark the activity as done. + +The restriction is enforced through the activity access check, so it applies +consistently to write and done flows. \ No newline at end of file diff --git a/mail_activity_restrict/readme/USAGE.md b/mail_activity_restrict/readme/USAGE.md new file mode 100644 index 000000000..cc78c90ce --- /dev/null +++ b/mail_activity_restrict/readme/USAGE.md @@ -0,0 +1,8 @@ +To use this module: + +1. Go to Activity Types. +2. Open the activity type you want to protect. +3. Enable "Restrict Write to Assigned User". +4. Save. + +From now on, only the assigned user can modify or complete activities of this type. \ No newline at end of file diff --git a/mail_activity_restrict/static/description/index.html b/mail_activity_restrict/static/description/index.html new file mode 100644 index 000000000..9cfe936cf --- /dev/null +++ b/mail_activity_restrict/static/description/index.html @@ -0,0 +1,426 @@ + + + + + +Mail Activity Write Restriction + + + +
+

Mail Activity Write Restriction

+ + +

Beta License: AGPL-3 OCA/mail Translate me on Weblate Try me on Runboat

+

When the activity type option “Restrict Write to Assigned User” on an +activity type is enabled, only the assigned user can edit or mark the +activity as done.

+

The restriction is enforced through the activity access check, so it +applies consistently to write and done flows.

+

Table of contents

+ +
+

Usage

+

To use this module:

+
    +
  1. Go to Activity Types.
    2. +
  2. Open the activity type you want to protect.
    3. +
  3. Enable “Restrict Write to Assigned User”.
    4. +
  4. Save.
    5. +
+

From now on, only the assigned user can modify or complete activities of +this type.

+
+
+

Bug Tracker

+

Bugs are tracked on GitHub Issues. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +feedback.

+

Do not contact contributors directly about support or help with technical issues.

+
+
+

Credits

+
+

Maintainers

+

This module is maintained by the OCA.

+ +Odoo Community Association + +

OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use.

+

This module is part of the OCA/mail project on GitHub.

+

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

+
+
+
+ + diff --git a/mail_activity_restrict/tests/__init__.py b/mail_activity_restrict/tests/__init__.py new file mode 100644 index 000000000..c1e523861 --- /dev/null +++ b/mail_activity_restrict/tests/__init__.py @@ -0,0 +1 @@ +from . import test_mail_activity_restrict diff --git a/mail_activity_restrict/tests/test_mail_activity_restrict.py b/mail_activity_restrict/tests/test_mail_activity_restrict.py new file mode 100644 index 000000000..1cfc35125 --- /dev/null +++ b/mail_activity_restrict/tests/test_mail_activity_restrict.py @@ -0,0 +1,134 @@ +"""Tests for mail_activity_restrict.""" + +from odoo.exceptions import AccessError +from odoo.tests import TransactionCase, new_test_user + + +class TestMailActivityRestrict(TransactionCase): + """Test access restrictions on mail.activity.""" + + @classmethod + def setUpClass(cls): + super().setUpClass() + cls.partner = cls.env["res.partner"].create({"name": "Test Partner"}) + cls.partner_model = cls.env["ir.model"]._get("res.partner") + + cls.activity_type_unrestricted = cls.env["mail.activity.type"].create( + { + "name": "Unrestricted Activity", + "can_write_restrict": False, + } + ) + cls.activity_type_restricted = cls.env["mail.activity.type"].create( + { + "name": "Restricted Activity", + "can_write_restrict": True, + } + ) + cls.user_assigned = new_test_user( + cls.env, + login="user_assigned@example.com", + name="Assigned User", + groups="base.group_user", + ) + cls.user_other = new_test_user( + cls.env, + login="user_other@example.com", + name="Other User", + groups="base.group_user", + ) + + @classmethod + def _create_activity(cls, activity_type, user): + return cls.env["mail.activity"].create( + { + "activity_type_id": activity_type.id, + "res_model_id": cls.partner_model.id, + "res_id": cls.partner.id, + "user_id": user.id, + "summary": activity_type.name, + "date_deadline": "2026-12-31", + } + ) + + def test_unrestricted_activity_assigned_user_can_write(self): + """Unrestricted activities keep the assignee's default write behavior.""" + activity = self._create_activity( + self.activity_type_unrestricted, self.user_assigned + ) + + activity.with_user(self.user_assigned).write( + {"summary": "Updated by Assigned User"} + ) + + self.assertEqual(activity.summary, "Updated by Assigned User") + + def test_restricted_activity_assigned_user_can_write(self): + """Assigned users may still edit restricted activities.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned + ) + + activity.with_user(self.user_assigned).write( + {"summary": "Updated by Assigned User"} + ) + + self.assertEqual(activity.summary, "Updated by Assigned User") + + def test_restricted_activity_other_user_cannot_write(self): + """Non-assigned users cannot edit restricted activities.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned + ) + + with self.assertRaises(AccessError): + activity.with_user(self.user_other).write( + {"summary": "Updated by Other User"} + ) + + def test_restricted_activity_other_user_cannot_mark_done(self): + """Restricted activities also block mark done for other users.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned + ) + + with self.assertRaises(AccessError): + activity.with_user(self.user_other).action_done() + + def test_restricted_activity_assigned_user_can_mark_done(self): + """Assigned users may mark restricted activities as done.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned + ) + activity_id = activity.id + + activity.with_user(self.user_assigned).action_done() + + self.assertFalse(self.env["mail.activity"].browse(activity_id).exists()) + + def test_restrict_field_default_value(self): + """The restriction flag defaults to False.""" + activity_type = self.env["mail.activity.type"].create( + { + "name": "Default Activity Type", + } + ) + self.assertFalse(activity_type.can_write_restrict) + + def test_restrict_field_can_be_toggled(self): + """The restriction flag can be toggled.""" + activity_type = self.env["mail.activity.type"].create( + { + "name": "Toggleable Activity Type", + "can_write_restrict": False, + } + ) + self.assertFalse(activity_type.can_write_restrict) + + # Toggle on + activity_type.write({"can_write_restrict": True}) + self.assertTrue(activity_type.can_write_restrict) + + # Toggle off + activity_type.write({"can_write_restrict": False}) + self.assertFalse(activity_type.can_write_restrict) diff --git a/mail_activity_restrict/views/mail_activity_type_views.xml b/mail_activity_restrict/views/mail_activity_type_views.xml new file mode 100644 index 000000000..d3ab5e335 --- /dev/null +++ b/mail_activity_restrict/views/mail_activity_type_views.xml @@ -0,0 +1,13 @@ + + + + mail.activity.type.view.form.restrict + mail.activity.type + + + + + + + + diff --git a/mail_activity_team_restrict/README.md b/mail_activity_team_restrict/README.md new file mode 100644 index 000000000..1fd7e5842 --- /dev/null +++ b/mail_activity_team_restrict/README.md @@ -0,0 +1,12 @@ +# Mail Activity Team Restrict + +This module extends `mail_activity_restrict` together with `mail_activity_team`. + +When `can_write_restrict` is enabled on an activity type, the base module limits edits +to the assigned user. This addon extends that rule so members of the activity `team_id` +may also edit the activity and mark it as done. + +No additional configuration is introduced. The module reuses: + +- `mail.activity.type.can_write_restrict` from `mail_activity_restrict` +- `mail.activity.team_id` and `mail.activity.team.member_ids` from `mail_activity_team` diff --git a/mail_activity_team_restrict/README.rst b/mail_activity_team_restrict/README.rst new file mode 100644 index 000000000..47f5ba1dc --- /dev/null +++ b/mail_activity_team_restrict/README.rst @@ -0,0 +1,90 @@ +=========================== +Mail Activity Team Restrict +=========================== + +.. + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! This file is generated by oca-gen-addon-readme !! + !! changes will be overwritten. !! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! source digest: sha256:27bbf7124e8cdebe4a13cf7235c541c23fb2d244c3f4b192e3c849cf15b871f8 + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png + :target: https://odoo-community.org/page/development-status + :alt: Beta +.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 +.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fmail-lightgray.png?logo=github + :target: https://github.com/OCA/mail/tree/18.0/mail_activity_team_restrict + :alt: OCA/mail +.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png + :target: https://translation.odoo-community.org/projects/mail-18-0/mail-18-0-mail_activity_team_restrict + :alt: Translate me on Weblate +.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png + :target: https://runboat.odoo-community.org/builds?repo=OCA/mail&target_branch=18.0 + :alt: Try me on Runboat + +|badge1| |badge2| |badge3| |badge4| |badge5| + +This module extends mail_activity_restrict with team support. + +For activity types with "Restrict Write to Assigned User" enabled, +activity team members are also allowed to edit and complete the +activity. + +No extra configuration field is added on the activity type. It reuses +the same restriction option from mail_activity_restrict and the team +membership from mail_activity_team. + +**Table of contents** + +.. contents:: + :local: + +Usage +===== + +To use this module: + +1. Enable "Restrict Write to Assigned User" on the activity type. +2. Assign a team on the activity. +3. Make sure users are members of that team. + +Allowed users for restricted activities are: + +- The assigned user. +- Members of the assigned team. + +Users outside that scope cannot edit or complete the activity. + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +`feedback `_. + +Do not contact contributors directly about support or help with technical issues. + +Credits +======= + +Maintainers +----------- + +This module is maintained by the OCA. + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +This module is part of the `OCA/mail `_ project on GitHub. + +You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/mail_activity_team_restrict/__init__.py b/mail_activity_team_restrict/__init__.py new file mode 100644 index 000000000..0650744f6 --- /dev/null +++ b/mail_activity_team_restrict/__init__.py @@ -0,0 +1 @@ +from . import models diff --git a/mail_activity_team_restrict/__manifest__.py b/mail_activity_team_restrict/__manifest__.py new file mode 100644 index 000000000..850e6e95b --- /dev/null +++ b/mail_activity_team_restrict/__manifest__.py @@ -0,0 +1,15 @@ +{ + "name": "Mail Activity Team Restrict", + "version": "18.0.1.0.0", + "category": "Productivity/Mail", + "license": "AGPL-3", + "author": "Odoo Community Association (OCA)", + "website": "https://github.com/OCA/mail", + "depends": [ + "mail_activity_restrict", + "mail_activity_team", + ], + "installable": True, + "application": False, + "auto_install": True, +} diff --git a/mail_activity_team_restrict/models/__init__.py b/mail_activity_team_restrict/models/__init__.py new file mode 100644 index 000000000..1ff388029 --- /dev/null +++ b/mail_activity_team_restrict/models/__init__.py @@ -0,0 +1 @@ +from . import mail_activity diff --git a/mail_activity_team_restrict/models/mail_activity.py b/mail_activity_team_restrict/models/mail_activity.py new file mode 100644 index 000000000..b6a2133d0 --- /dev/null +++ b/mail_activity_team_restrict/models/mail_activity.py @@ -0,0 +1,37 @@ +"""Extend restricted activities to members of the assigned team.""" + +from odoo import models +from odoo.exceptions import AccessError + + +class MailActivity(models.Model): + """Allow team members to modify restricted activities.""" + + _inherit = "mail.activity" + + def _get_can_write_restrict_allowed_activities(self): + """Allow the assignee and members of the assigned team.""" + return ( + super()._get_can_write_restrict_allowed_activities() + | self.sudo().filtered_domain([("team_id.member_ids", "in", self.env.uid)]) + ) + + def _make_can_write_restrict_error(self, operation: str) -> AccessError: + """Build the access error raised for restricted team activities.""" + if len(self) == 1: + return AccessError( + self.env._( + "You cannot %(operation)s this activity because only the assigned " + "user or members of the assigned team can modify activities of this" + " type.", + operation=operation, + ) + ) + return AccessError( + self.env._( + "You cannot %(operation)s some activities because only their assigned " + "user or members of the assigned team can modify activities of this " + "type.", + operation=operation, + ) + ) diff --git a/mail_activity_team_restrict/pyproject.toml b/mail_activity_team_restrict/pyproject.toml new file mode 100644 index 000000000..4231d0ccc --- /dev/null +++ b/mail_activity_team_restrict/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["whool"] +build-backend = "whool.buildapi" diff --git a/mail_activity_team_restrict/readme/DESCRIPTION.md b/mail_activity_team_restrict/readme/DESCRIPTION.md new file mode 100644 index 000000000..ba501a1d1 --- /dev/null +++ b/mail_activity_team_restrict/readme/DESCRIPTION.md @@ -0,0 +1,8 @@ +This module extends mail_activity_restrict with team support. + +For activity types with "Restrict Write to Assigned User" enabled, activity +team members are also allowed to edit and complete the activity. + +No extra configuration field is added on the activity type. It reuses the +same restriction option from mail_activity_restrict and the team membership +from mail_activity_team. \ No newline at end of file diff --git a/mail_activity_team_restrict/readme/USAGE.md b/mail_activity_team_restrict/readme/USAGE.md new file mode 100644 index 000000000..badeec52b --- /dev/null +++ b/mail_activity_team_restrict/readme/USAGE.md @@ -0,0 +1,11 @@ +To use this module: + +1. Enable "Restrict Write to Assigned User" on the activity type. +2. Assign a team on the activity. +3. Make sure users are members of that team. + +Allowed users for restricted activities are: +- The assigned user. +- Members of the assigned team. + +Users outside that scope cannot edit or complete the activity. \ No newline at end of file diff --git a/mail_activity_team_restrict/static/description/index.html b/mail_activity_team_restrict/static/description/index.html new file mode 100644 index 000000000..4a8dfca60 --- /dev/null +++ b/mail_activity_team_restrict/static/description/index.html @@ -0,0 +1,431 @@ + + + + + +Mail Activity Team Restrict + + + +
+

Mail Activity Team Restrict

+ + +

Beta License: AGPL-3 OCA/mail Translate me on Weblate Try me on Runboat

+

This module extends mail_activity_restrict with team support.

+

For activity types with “Restrict Write to Assigned User” enabled, +activity team members are also allowed to edit and complete the +activity.

+

No extra configuration field is added on the activity type. It reuses +the same restriction option from mail_activity_restrict and the team +membership from mail_activity_team.

+

Table of contents

+ +
+

Usage

+

To use this module:

+
    +
  1. Enable “Restrict Write to Assigned User” on the activity type.
    2. +
  2. Assign a team on the activity.
    3. +
  3. Make sure users are members of that team.
    4. +
+

Allowed users for restricted activities are:

+
    +
  • The assigned user.
    • +
  • Members of the assigned team.
    • +
+

Users outside that scope cannot edit or complete the activity.

+
+
+

Bug Tracker

+

Bugs are tracked on GitHub Issues. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +feedback.

+

Do not contact contributors directly about support or help with technical issues.

+
+
+

Credits

+
+

Maintainers

+

This module is maintained by the OCA.

+ +Odoo Community Association + +

OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use.

+

This module is part of the OCA/mail project on GitHub.

+

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

+
+
+
+ + diff --git a/mail_activity_team_restrict/tests/__init__.py b/mail_activity_team_restrict/tests/__init__.py new file mode 100644 index 000000000..c55775be3 --- /dev/null +++ b/mail_activity_team_restrict/tests/__init__.py @@ -0,0 +1 @@ +from . import test_mail_activity_team_restrict diff --git a/mail_activity_team_restrict/tests/test_mail_activity_team_restrict.py b/mail_activity_team_restrict/tests/test_mail_activity_team_restrict.py new file mode 100644 index 000000000..ec13ae68f --- /dev/null +++ b/mail_activity_team_restrict/tests/test_mail_activity_team_restrict.py @@ -0,0 +1,186 @@ +"""Tests for mail_activity_team_restrict.""" + +from odoo import Command +from odoo.exceptions import AccessError +from odoo.tests import TransactionCase, new_test_user + + +class MailActivityTeamRestrictTest(TransactionCase): + """Test cases for team-based access on restricted activities.""" + + @classmethod + def setUpClass(cls): + super().setUpClass() + cls.partner = cls.env["res.partner"].create({"name": "Test Partner"}) + cls.partner_model = cls.env["ir.model"]._get("res.partner") + + cls.user_assigned = new_test_user( + cls.env, + login="assigned@example.com", + name="Assigned User", + groups="base.group_user", + ) + cls.user_team_member_1 = new_test_user( + cls.env, + login="member1@example.com", + name="Team Member 1", + groups="base.group_user", + ) + cls.user_team_member_2 = new_test_user( + cls.env, + login="member2@example.com", + name="Team Member 2", + groups="base.group_user", + ) + cls.user_outsider = new_test_user( + cls.env, + login="outsider@example.com", + name="Outsider User", + groups="base.group_user", + ) + + cls.activity_type_unrestricted = cls.env["mail.activity.type"].create( + { + "name": "Follow Up (No Team)", + "can_write_restrict": False, + } + ) + + cls.activity_type_restricted = cls.env["mail.activity.type"].create( + { + "name": "Follow Up (Restrict Team)", + "can_write_restrict": True, + } + ) + + cls.team = cls.env["mail.activity.team"].create( + { + "name": "Restricted Team", + "member_ids": [ + Command.set( + [ + cls.user_assigned.id, + cls.user_team_member_1.id, + cls.user_team_member_2.id, + ] + ) + ], + "user_id": cls.user_assigned.id, + } + ) + + @classmethod + def _create_activity(cls, activity_type, user, team=None): + values = { + "activity_type_id": activity_type.id, + "res_model_id": cls.partner_model.id, + "res_id": cls.partner.id, + "user_id": user.id, + "date_deadline": "2026-12-31", + } + if team: + values["team_id"] = team.id + return cls.env["mail.activity"].create(values) + + def test_activity_write_no_restriction(self): + # Activities without restriction keep the assignee's default access behavior. + activity = self._create_activity( + self.activity_type_unrestricted, self.user_assigned, self.team + ) + + activity.with_user(self.user_assigned).write( + {"summary": "Updated by assigned user"} + ) + self.assertEqual(activity.summary, "Updated by assigned user") + + def test_activity_write_restrict_only_assigned_user(self): + """Assigned users may edit restricted activities.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + + activity.with_user(self.user_assigned).write( + {"summary": "Updated by assigned user"} + ) + self.assertEqual(activity.summary, "Updated by assigned user") + + def test_activity_write_restrict_allows_team_member(self): + """Team members may edit restricted activities when a team is assigned.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + + activity.with_user(self.user_team_member_1).write( + {"summary": "Updated by team member"} + ) + self.assertEqual(activity.summary, "Updated by team member") + + def test_activity_write_restrict_denies_outsider(self): + """Users outside the assigned team remain blocked.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + + with self.assertRaises(AccessError): + activity.with_user(self.user_outsider).write( + {"summary": "Updated by outsider"} + ) + + def test_activity_write_restrict_without_team_still_denies_outsider(self): + """Restricted activities without a team still require the assignee.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned + ) + + with self.assertRaises(AccessError): + activity.with_user(self.user_outsider).write( + {"summary": "Updated by outsider"} + ) + + def test_activity_action_done_respects_team_restriction(self): + """Team members may mark restricted activities as done.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + activity_id = activity.id + activity.with_user(self.user_team_member_1).action_done() + self.assertFalse(self.env["mail.activity"].browse(activity_id).exists()) + + def test_activity_action_done_denies_outsider(self): + """Users outside the team cannot mark restricted activities as done.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + + with self.assertRaises(AccessError): + activity.with_user(self.user_outsider).action_done() + + def test_activity_team_change_updates_allowed_members(self): + """Changing the activity team updates who may edit restricted activities.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + other_team = self.env["mail.activity.team"].create( + { + "name": "Other Team", + "member_ids": [ + Command.set([self.user_assigned.id, self.user_team_member_2.id]) + ], + "user_id": self.user_assigned.id, + } + ) + + activity.with_user(self.user_team_member_1).write( + {"summary": "Updated by member 1"} + ) + activity.with_user(self.user_assigned).write({"team_id": other_team.id}) + + with self.assertRaises(AccessError): + activity.with_user(self.user_team_member_1).write( + {"summary": "Should fail"} + ) + + activity.with_user(self.user_team_member_2).write( + {"summary": "Updated by member 2"} + ) + self.assertEqual(activity.summary, "Updated by member 2")