[ADD] group_user_management: Module creation

group_user_management/README.rst

@@ -0,0 +1,122 @@
+=====================
+User management Group
+=====================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:e31aad4f0cb22a489d70478ebdebae4e94acfb5af11813f659b869be1a32f7ab
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+    :alt: License: LGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--backend-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-backend/tree/16.0/group_user_management
+    :alt: OCA/server-backend
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-backend-16-0/server-backend-16-0-group_user_management
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-backend&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module adds a group (a res_groups for granting access rights) "User
+Management" which allows to read / create / update / delete users from
+your companies :
+
+-  including access rights management
+-  excluding Administration group access rights management
+
+The purpose of this new group is to grant user authorization to manage
+users but without allowing configuration of other stuff of the instance
+(as default Administration > Access Rights can do)
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Use Cases / Context
+===================
+
+[ This file is optional but strongly suggested to allow end-users to
+evaluate the module's usefulness in their context. ] The purpose of this
+module is to add a new group for user management to grant user
+authorization to manage users but without allowing configuration of
+other stuff of the instance (as default Administration > Access Rights
+can do)
+
+In other terms, if you want to get a user administrator on your instance
+that will :
+
+-  Create new users
+-  Update user rights
+-  Update passwords or generate renew password links
+-  Archive or remove users
+
+But is not authorized to :
+
+-  Grant himself (or anyone else) Administration / Access Rights or
+   Administration / Settings role
+-  Update advanced configuration of the instance
+-  Update access rights / ir rules
+-  Create or Update existing groups
+
+Usage
+=====
+
+To user this module, you need to:
+
+1. Activate debug mode
+2. Go to Settings > Users & Companies > Users
+3. Open the form view of the User to whom you want to grant User
+   Management access
+4. Tick User Management (in Extra Rights Section)
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-backend/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-backend/issues/new?body=module:%20group_user_management%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* Le Filament
+
+Contributors
+------------
+
+-  Rémi - Le Filament (https://le-filament.com)
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-backend <https://github.com/OCA/server-backend/tree/16.0/group_user_management>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

group_user_management/__init__.py

@@ -0,0 +1 @@
+from . import models

group_user_management/__manifest__.py

@@ -0,0 +1,17 @@
+{
+    "name": "User management Group",
+    "version": "16.0.1.0.0",
+    "category": "Tools",
+    "author": "Le Filament, Odoo Community Association (OCA)",
+    "license": "LGPL-3",
+    "development_status": "Beta",
+    "website": "https://github.com/OCA/server-backend",
+    "depends": ["base", "auth_signup"],
+    "data": [
+        "security/res_groups.xml",
+        "security/ir_ui_menu.xml",
+        "security/ir.model.access.csv",
+        "views/res_users_view.xml",
+    ],
+    "installable": True,
+}

group_user_management/i18n/fr.po

@@ -0,0 +1,54 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* group_user_management
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-06-11 08:28+0000\n"
+"PO-Revision-Date: 2024-06-11 08:28+0000\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: group_user_management
+#: model:ir.model,name:group_user_management.model_res_groups
+msgid "Access Groups"
+msgstr "Groupes"
+
+#. module: group_user_management
+#: model:ir.model,name:group_user_management.model_res_partner
+msgid "Contact"
+msgstr "Contact"
+
+#. module: group_user_management
+#: model:ir.model.fields,field_description:group_user_management.field_res_partner__signup_expiration
+#: model:ir.model.fields,field_description:group_user_management.field_res_users__signup_expiration
+msgid "Signup Expiration"
+msgstr "Expiration de la session de connexion"
+
+#. module: group_user_management
+#: model:ir.model.fields,field_description:group_user_management.field_res_partner__signup_token
+#: model:ir.model.fields,field_description:group_user_management.field_res_users__signup_token
+msgid "Signup Token"
+msgstr "Jeton de connexion"
+
+#. module: group_user_management
+#: model:ir.model.fields,field_description:group_user_management.field_res_partner__signup_type
+#: model:ir.model.fields,field_description:group_user_management.field_res_users__signup_type
+msgid "Signup Token Type"
+msgstr "Type de jeton de connexion"
+
+#. module: group_user_management
+#: model:res.groups,comment:group_user_management.group_user_manager
+msgid "This group allows to manage users and related access rights"
+msgstr "Ce groupe permet de gérer les utilisateurs et leurs droits d'accès"
+
+#. module: group_user_management
+#: model:res.groups,name:group_user_management.group_user_manager
+msgid "User Management"
+msgstr "Gestion des Utilisateurs"

group_user_management/i18n/user_management_role.pot

@@ -0,0 +1,54 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* group_user_management
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-06-11 08:28+0000\n"
+"PO-Revision-Date: 2024-06-11 08:28+0000\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: group_user_management
+#: model:ir.model,name:group_user_management.model_res_groups
+msgid "Access Groups"
+msgstr ""
+
+#. module: group_user_management
+#: model:ir.model,name:group_user_management.model_res_partner
+msgid "Contact"
+msgstr ""
+
+#. module: group_user_management
+#: model:ir.model.fields,field_description:group_user_management.field_res_partner__signup_expiration
+#: model:ir.model.fields,field_description:group_user_management.field_res_users__signup_expiration
+msgid "Signup Expiration"
+msgstr ""
+
+#. module: group_user_management
+#: model:ir.model.fields,field_description:group_user_management.field_res_partner__signup_token
+#: model:ir.model.fields,field_description:group_user_management.field_res_users__signup_token
+msgid "Signup Token"
+msgstr ""
+
+#. module: group_user_management
+#: model:ir.model.fields,field_description:group_user_management.field_res_partner__signup_type
+#: model:ir.model.fields,field_description:group_user_management.field_res_users__signup_type
+msgid "Signup Token Type"
+msgstr ""
+
+#. module: group_user_management
+#: model:res.groups,comment:group_user_management.group_user_manager
+msgid "This group allows to manage users and related access rights"
+msgstr ""
+
+#. module: group_user_management
+#: model:res.groups,name:group_user_management.group_user_manager
+msgid "User Management"
+msgstr ""

group_user_management/models/__init__.py

@@ -0,0 +1,2 @@
+from . import res_groups
+from . import res_partner

group_user_management/models/res_groups.py

@@ -0,0 +1,70 @@
+#  Copyright (c) 2024- Le Filament (https://le-filament.com)
+#  Copyright (c) 2004- Odoo S.A.
+#  License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
+
+from lxml import etree
+from lxml.builder import E
+
+from odoo import api, models
+
+from odoo.addons.base.models.ir_model import MODULE_UNINSTALL_FLAG
+
+
+class GroupsView(models.Model):
+    _inherit = "res.groups"
+
+    # The following lines are copied / modified from Odoo base module,
+    # res_users.py file, same function _update_user_groups_view(self)
+    @api.model
+    def _update_user_groups_view(self):
+        """Modify the view with xmlid ``base.user_groups_view``, which inherits
+        the user form view, and introduces the reified group fields.
+        """
+        super()._update_user_groups_view()
+
+        # remove the language to avoid translations,
+        # it will be handled at the view level
+        self = self.with_context(lang=None)
+
+        # We have to try-catch this, because at first init the view does not
+        # exist but we are already creating some basic groups.
+        view = self.env.ref(
+            "group_user_management.user_groups_view_admin_limited",
+            raise_if_not_found=False,
+        )
+        if not (view and view._name == "ir.ui.view"):
+            return
+
+        if self._context.get("install_filename") or self._context.get(
+            MODULE_UNINSTALL_FLAG
+        ):
+            # use a dummy view during install/upgrade/uninstall
+            xml = E.field(name="parent_id", position="after")
+
+        else:
+            admin_categories = [
+                category
+                for category in self.get_groups_by_application()
+                if category[0].xml_id
+                == "base.module_category_administration_administration"
+            ]
+            for _app, _kind, gs, _category_name in admin_categories:
+                field_name = str(
+                    "sel_groups_" + "_".join(str(it) for it in sorted(gs.ids))
+                )
+                xpath_expr = "//group[field[@name='" + field_name + "']]"
+                xml = E.xpath(expr=xpath_expr, position="attributes")
+                group_attribute = E.attribute(name="groups")
+                group_attribute.text = "base.group_erp_manager"
+                xml.append(group_attribute)
+            xml.addprevious(etree.Comment("GENERATED AUTOMATICALLY BY GROUPS"))
+
+        # serialize and update the view
+        xml_content = etree.tostring(xml, pretty_print=True, encoding="unicode")
+        if xml_content != view.arch:  # avoid useless xml validation if no change
+            new_context = dict(view._context)
+            new_context.pop(
+                "install_filename", None
+            )  # don't set arch_fs for this computed view
+            new_context["lang"] = None
+            view.with_context(**new_context).write({"arch": xml_content})

group_user_management/models/res_partner.py

@@ -0,0 +1,24 @@
+#  Copyright (c) 2024- Le Filament (https://le-filament.com)
+#  License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
+
+from odoo import fields, models
+
+
+class ResPartner(models.Model):
+    _inherit = "res.partner"
+
+    signup_token = fields.Char(
+        copy=False,
+        groups="base.group_erp_manager, group_user_management.group_user_manager",
+        compute="_compute_token",
+        inverse="_inverse_token",
+    )
+    signup_type = fields.Char(
+        string="Signup Token Type",
+        copy=False,
+        groups="base.group_erp_manager, group_user_management.group_user_manager",
+    )
+    signup_expiration = fields.Datetime(
+        copy=False,
+        groups="base.group_erp_manager, group_user_management.group_user_manager",
+    )

group_user_management/readme/CONTEXT.md

@@ -0,0 +1,17 @@
+[ This file is optional but strongly suggested to allow end-users to evaluate the
+module's usefulness in their context. ]
+The purpose of this module is to add a new group for user management to grant user
+authorization to manage users but without allowing configuration of other stuff of the instance
+(as default Administration > Access Rights can do)
+
+In other terms, if you want to get a user administrator on your instance that will :
+  - Create new users
+  - Update user rights
+  - Update passwords or generate renew password links
+  - Archive or remove users
+
+But is not authorized to :
+  - Grant himself (or anyone else) Administration / Access Rights or Administration / Settings role
+  - Update advanced configuration of the instance
+  - Update access rights / ir rules
+  - Create or Update existing groups

group_user_management/readme/CONTRIBUTORS.md

@@ -0,0 +1 @@
+- Rémi - Le Filament <remi-filament> (https://le-filament.com)

group_user_management/readme/DESCRIPTION.md

@@ -0,0 +1,8 @@
+This module adds a group (a res_groups for granting access rights) "User Management"
+which allows to read / create / update / delete users from your companies :
+  * including access rights management
+  * excluding Administration group access rights management
+
+The purpose of this new group is to grant user authorization to manage users but without
+allowing configuration of other stuff of the instance
+(as default Administration > Access Rights can do)

group_user_management/readme/USAGE.md

@@ -0,0 +1,6 @@
+To user this module, you need to:
+
+1. Activate debug mode
+1. Go to Settings > Users & Companies > Users
+1. Open the form view of the User to whom you want to grant User Management access
+1. Tick User Management (in Extra Rights Section)

group_user_management/security/ir.model.access.csv

@@ -0,0 +1,8 @@
+"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
+"access_ir_model_access_group_user_manager","ir_model_access_group_user_manager","base.model_ir_model_access","group_user_manager",1,0,0,0
+"access_ir_rule_group_user_manager","ir_rule group_user_manager","base.model_ir_rule","group_user_manager",1,0,0,0
+"access_res_company_group_user_manager","res_company group_user_manager","base.model_res_company","group_user_manager",1,1,0,0
+"access_res_users_group_user_manager","res_users group_user_manager","base.model_res_users","group_user_manager",1,1,1,1
+"access_res_users_deletion_group_user_manager","res_users_deletion group_user_manager","base.model_res_users_deletion","group_user_manager",1,1,1,1
+"access_change_password_wizard","access.change.password.wizard","base.model_change_password_wizard","group_user_manager",1,1,1,0
+"access_change_password_user","access.change.password.user","base.model_change_password_user","group_user_manager",1,1,1,0