diff --git a/mail_activity_team_restrict/README.md b/mail_activity_team_restrict/README.md new file mode 100644 index 000000000..1fd7e5842 --- /dev/null +++ b/mail_activity_team_restrict/README.md @@ -0,0 +1,12 @@ +# Mail Activity Team Restrict + +This module extends `mail_activity_restrict` together with `mail_activity_team`. + +When `can_write_restrict` is enabled on an activity type, the base module limits edits +to the assigned user. This addon extends that rule so members of the activity `team_id` +may also edit the activity and mark it as done. + +No additional configuration is introduced. The module reuses: + +- `mail.activity.type.can_write_restrict` from `mail_activity_restrict` +- `mail.activity.team_id` and `mail.activity.team.member_ids` from `mail_activity_team` diff --git a/mail_activity_team_restrict/README.rst b/mail_activity_team_restrict/README.rst new file mode 100644 index 000000000..744e3d27e --- /dev/null +++ b/mail_activity_team_restrict/README.rst @@ -0,0 +1,94 @@ +.. image:: https://odoo-community.org/readme-banner-image + :target: https://odoo-community.org/get-involved?utm_source=readme + :alt: Odoo Community Association + +=========================== +Mail Activity Team Restrict +=========================== + +.. + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! This file is generated by oca-gen-addon-readme !! + !! changes will be overwritten. !! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! source digest: sha256:27bbf7124e8cdebe4a13cf7235c541c23fb2d244c3f4b192e3c849cf15b871f8 + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png + :target: https://odoo-community.org/page/development-status + :alt: Beta +.. |badge2| image:: https://img.shields.io/badge/license-AGPL--3-blue.png + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 +.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fmail-lightgray.png?logo=github + :target: https://github.com/OCA/mail/tree/19.0/mail_activity_team_restrict + :alt: OCA/mail +.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png + :target: https://translation.odoo-community.org/projects/mail-19-0/mail-19-0-mail_activity_team_restrict + :alt: Translate me on Weblate +.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png + :target: https://runboat.odoo-community.org/builds?repo=OCA/mail&target_branch=19.0 + :alt: Try me on Runboat + +|badge1| |badge2| |badge3| |badge4| |badge5| + +This module extends mail_activity_restrict with team support. + +For activity types with "Restrict Write to Assigned User" enabled, +activity team members are also allowed to edit and complete the +activity. + +No extra configuration field is added on the activity type. It reuses +the same restriction option from mail_activity_restrict and the team +membership from mail_activity_team. + +**Table of contents** + +.. contents:: + :local: + +Usage +===== + +To use this module: + +1. Enable "Restrict Write to Assigned User" on the activity type. +2. Assign a team on the activity. +3. Make sure users are members of that team. + +Allowed users for restricted activities are: + +- The assigned user. +- Members of the assigned team. + +Users outside that scope cannot edit or complete the activity. + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +`feedback `_. + +Do not contact contributors directly about support or help with technical issues. + +Credits +======= + +Maintainers +----------- + +This module is maintained by the OCA. + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +This module is part of the `OCA/mail `_ project on GitHub. + +You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/mail_activity_team_restrict/__init__.py b/mail_activity_team_restrict/__init__.py new file mode 100644 index 000000000..0650744f6 --- /dev/null +++ b/mail_activity_team_restrict/__init__.py @@ -0,0 +1 @@ +from . import models diff --git a/mail_activity_team_restrict/__manifest__.py b/mail_activity_team_restrict/__manifest__.py new file mode 100644 index 000000000..c75e5383c --- /dev/null +++ b/mail_activity_team_restrict/__manifest__.py @@ -0,0 +1,15 @@ +{ + "name": "Mail Activity Team Restrict", + "version": "19.0.1.0.0", + "category": "Productivity/Mail", + "license": "AGPL-3", + "author": "Odoo Community Association (OCA)", + "website": "https://github.com/OCA/mail", + "depends": [ + "mail_activity_restrict", + "mail_activity_team", + ], + "installable": True, + "application": False, + "auto_install": True, +} diff --git a/mail_activity_team_restrict/models/__init__.py b/mail_activity_team_restrict/models/__init__.py new file mode 100644 index 000000000..1ff388029 --- /dev/null +++ b/mail_activity_team_restrict/models/__init__.py @@ -0,0 +1 @@ +from . import mail_activity diff --git a/mail_activity_team_restrict/models/mail_activity.py b/mail_activity_team_restrict/models/mail_activity.py new file mode 100644 index 000000000..b6a2133d0 --- /dev/null +++ b/mail_activity_team_restrict/models/mail_activity.py @@ -0,0 +1,37 @@ +"""Extend restricted activities to members of the assigned team.""" + +from odoo import models +from odoo.exceptions import AccessError + + +class MailActivity(models.Model): + """Allow team members to modify restricted activities.""" + + _inherit = "mail.activity" + + def _get_can_write_restrict_allowed_activities(self): + """Allow the assignee and members of the assigned team.""" + return ( + super()._get_can_write_restrict_allowed_activities() + | self.sudo().filtered_domain([("team_id.member_ids", "in", self.env.uid)]) + ) + + def _make_can_write_restrict_error(self, operation: str) -> AccessError: + """Build the access error raised for restricted team activities.""" + if len(self) == 1: + return AccessError( + self.env._( + "You cannot %(operation)s this activity because only the assigned " + "user or members of the assigned team can modify activities of this" + " type.", + operation=operation, + ) + ) + return AccessError( + self.env._( + "You cannot %(operation)s some activities because only their assigned " + "user or members of the assigned team can modify activities of this " + "type.", + operation=operation, + ) + ) diff --git a/mail_activity_team_restrict/pyproject.toml b/mail_activity_team_restrict/pyproject.toml new file mode 100644 index 000000000..4231d0ccc --- /dev/null +++ b/mail_activity_team_restrict/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["whool"] +build-backend = "whool.buildapi" diff --git a/mail_activity_team_restrict/readme/DESCRIPTION.md b/mail_activity_team_restrict/readme/DESCRIPTION.md new file mode 100644 index 000000000..ba501a1d1 --- /dev/null +++ b/mail_activity_team_restrict/readme/DESCRIPTION.md @@ -0,0 +1,8 @@ +This module extends mail_activity_restrict with team support. + +For activity types with "Restrict Write to Assigned User" enabled, activity +team members are also allowed to edit and complete the activity. + +No extra configuration field is added on the activity type. It reuses the +same restriction option from mail_activity_restrict and the team membership +from mail_activity_team. \ No newline at end of file diff --git a/mail_activity_team_restrict/readme/USAGE.md b/mail_activity_team_restrict/readme/USAGE.md new file mode 100644 index 000000000..badeec52b --- /dev/null +++ b/mail_activity_team_restrict/readme/USAGE.md @@ -0,0 +1,11 @@ +To use this module: + +1. Enable "Restrict Write to Assigned User" on the activity type. +2. Assign a team on the activity. +3. Make sure users are members of that team. + +Allowed users for restricted activities are: +- The assigned user. +- Members of the assigned team. + +Users outside that scope cannot edit or complete the activity. \ No newline at end of file diff --git a/mail_activity_team_restrict/static/description/index.html b/mail_activity_team_restrict/static/description/index.html new file mode 100644 index 000000000..96b6c0b42 --- /dev/null +++ b/mail_activity_team_restrict/static/description/index.html @@ -0,0 +1,437 @@ + + + + + +README.rst + + + +
+ + + +Odoo Community Association + +
+

Mail Activity Team Restrict

+ +

Beta License: AGPL-3 OCA/mail Translate me on Weblate Try me on Runboat

+

This module extends mail_activity_restrict with team support.

+

For activity types with “Restrict Write to Assigned User” enabled, +activity team members are also allowed to edit and complete the +activity.

+

No extra configuration field is added on the activity type. It reuses +the same restriction option from mail_activity_restrict and the team +membership from mail_activity_team.

+

Table of contents

+ +
+

Usage

+

To use this module:

+
    +
  1. Enable “Restrict Write to Assigned User” on the activity type.
    2. +
  2. Assign a team on the activity.
    3. +
  3. Make sure users are members of that team.
    4. +
+

Allowed users for restricted activities are:

+
    +
  • The assigned user.
    • +
  • Members of the assigned team.
    • +
+

Users outside that scope cannot edit or complete the activity.

+
+
+

Bug Tracker

+

Bugs are tracked on GitHub Issues. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +feedback.

+

Do not contact contributors directly about support or help with technical issues.

+
+
+

Credits

+
+

Maintainers

+

This module is maintained by the OCA.

+ +Odoo Community Association + +

OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use.

+

This module is part of the OCA/mail project on GitHub.

+

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

+
+
+
+
+ + diff --git a/mail_activity_team_restrict/tests/__init__.py b/mail_activity_team_restrict/tests/__init__.py new file mode 100644 index 000000000..c55775be3 --- /dev/null +++ b/mail_activity_team_restrict/tests/__init__.py @@ -0,0 +1 @@ +from . import test_mail_activity_team_restrict diff --git a/mail_activity_team_restrict/tests/test_mail_activity_team_restrict.py b/mail_activity_team_restrict/tests/test_mail_activity_team_restrict.py new file mode 100644 index 000000000..089e2dd8d --- /dev/null +++ b/mail_activity_team_restrict/tests/test_mail_activity_team_restrict.py @@ -0,0 +1,186 @@ +"""Tests for mail_activity_team_restrict.""" + +from odoo import Command +from odoo.exceptions import AccessError +from odoo.tests import TransactionCase, new_test_user + + +class MailActivityTeamRestrictTest(TransactionCase): + """Test cases for team-based access on restricted activities.""" + + @classmethod + def setUpClass(cls): + super().setUpClass() + cls.partner = cls.env["res.partner"].create({"name": "Test Partner"}) + cls.partner_model = cls.env["ir.model"]._get("res.partner") + + cls.user_assigned = new_test_user( + cls.env, + login="assigned@example.com", + name="Assigned User", + groups="base.group_user", + ) + cls.user_team_member_1 = new_test_user( + cls.env, + login="member1@example.com", + name="Team Member 1", + groups="base.group_user", + ) + cls.user_team_member_2 = new_test_user( + cls.env, + login="member2@example.com", + name="Team Member 2", + groups="base.group_user", + ) + cls.user_outsider = new_test_user( + cls.env, + login="outsider@example.com", + name="Outsider User", + groups="base.group_user", + ) + + cls.activity_type_unrestricted = cls.env["mail.activity.type"].create( + { + "name": "Follow Up (No Team)", + "can_write_restrict": False, + } + ) + + cls.activity_type_restricted = cls.env["mail.activity.type"].create( + { + "name": "Follow Up (Restrict Team)", + "can_write_restrict": True, + } + ) + + cls.team = cls.env["mail.activity.team"].create( + { + "name": "Restricted Team", + "member_ids": [ + Command.set( + [ + cls.user_assigned.id, + cls.user_team_member_1.id, + cls.user_team_member_2.id, + ] + ) + ], + "user_id": cls.user_assigned.id, + } + ) + + @classmethod + def _create_activity(cls, activity_type, user, team=None): + values = { + "activity_type_id": activity_type.id, + "res_model_id": cls.partner_model.id, + "res_id": cls.partner.id, + "user_id": user.id, + "date_deadline": "2026-12-31", + } + if team: + values["team_id"] = team.id + return cls.env["mail.activity"].create(values) + + def test_activity_write_no_restriction(self): + # Activities without restriction keep the assignee's default access behavior. + activity = self._create_activity( + self.activity_type_unrestricted, self.user_assigned, self.team + ) + + activity.with_user(self.user_assigned).write( + {"summary": "Updated by assigned user"} + ) + self.assertEqual(activity.summary, "Updated by assigned user") + + def test_activity_write_restrict_only_assigned_user(self): + """Assigned users may edit restricted activities.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + + activity.with_user(self.user_assigned).write( + {"summary": "Updated by assigned user"} + ) + self.assertEqual(activity.summary, "Updated by assigned user") + + def test_activity_write_restrict_allows_team_member(self): + """Team members may edit restricted activities when a team is assigned.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + + activity.with_user(self.user_team_member_1).write( + {"summary": "Updated by team member"} + ) + self.assertEqual(activity.summary, "Updated by team member") + + def test_activity_write_restrict_denies_outsider(self): + """Users outside the assigned team remain blocked.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + + with self.assertRaises(AccessError): + activity.with_user(self.user_outsider).write( + {"summary": "Updated by outsider"} + ) + + def test_activity_write_restrict_without_team_still_denies_outsider(self): + """Restricted activities without a team still require the assignee.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned + ) + + with self.assertRaises(AccessError): + activity.with_user(self.user_outsider).write( + {"summary": "Updated by outsider"} + ) + + def test_activity_action_done_respects_team_restriction(self): + """Team members may mark restricted activities as done.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + activity.with_user(self.user_team_member_1).action_done() + self.assertEqual(activity.state, "done") + + def test_activity_action_done_denies_outsider(self): + """Users outside the team cannot mark restricted activities as done.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + + with self.assertRaises(AccessError): + activity.with_user(self.user_outsider).action_done() + self.assertNotEqual(activity.state, "done") + + def test_activity_team_change_updates_allowed_members(self): + """Changing the activity team updates who may edit restricted activities.""" + activity = self._create_activity( + self.activity_type_restricted, self.user_assigned, self.team + ) + other_team = self.env["mail.activity.team"].create( + { + "name": "Other Team", + "member_ids": [ + Command.set([self.user_assigned.id, self.user_team_member_2.id]) + ], + "user_id": self.user_assigned.id, + } + ) + + activity.with_user(self.user_team_member_1).write( + {"summary": "Updated by member 1"} + ) + activity.with_user(self.user_assigned).write({"team_id": other_team.id}) + + with self.assertRaises(AccessError): + activity.with_user(self.user_team_member_1).write( + {"summary": "Should fail"} + ) + + activity.with_user(self.user_team_member_2).write( + {"summary": "Updated by member 2"} + ) + self.assertEqual(activity.summary, "Updated by member 2") diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 000000000..299840603 --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,2 @@ +odoo-addon-mail_activity_restrict @ git+https://github.com/OCA/mail.git@refs/pull/169/head#subdirectory=mail_activity_restrict +odoo-addon-mail_activity_team @ git+https://github.com/OCA/mail.git@refs/pull/153/head#subdirectory=mail_activity_team