139 lines
5.4 KiB
Python
139 lines
5.4 KiB
Python
|
# -*- coding: utf-8 -*-
|
||
|
|
# Part of Odoo. See LICENSE file for full copyright and licensing details.
|
||
|
|
|
||
|
|
from odoo.exceptions import AccessError, UserError
|
||
|
|
from odoo.tests import tagged
|
||
|
|
from odoo.tools import mute_logger
|
||
|
|
|
||
|
|
from odoo.addons.base.tests.common import BaseUsersCommon
|
||
|
|
from odoo.addons.sale.tests.common import SaleCommon
|
||
|
|
|
||
|
|
|
||
|
|
@tagged('post_install', '-at_install')
|
||
|
|
class TestAccessRights(BaseUsersCommon, SaleCommon):
|
||
|
|
|
||
|
|
@classmethod
|
||
|
|
def setUpClass(cls):
|
||
|
|
super().setUpClass()
|
||
|
|
|
||
|
|
cls.sale_user2 = cls.env['res.users'].create({
|
||
|
|
'name': 'salesman_2',
|
||
|
|
'login': 'salesman_2',
|
||
|
|
'email': 'default_user_salesman_2@example.com',
|
||
|
|
'signature': '--\nMark',
|
||
|
|
'notification_type': 'email',
|
||
|
|
'groups_id': [(6, 0, cls.group_sale_salesman.ids)],
|
||
|
|
})
|
||
|
|
|
||
|
|
# Create the SO with a specific salesperson
|
||
|
|
cls.sale_order.user_id = cls.sale_user
|
||
|
|
|
||
|
|
def test_access_sales_manager(self):
|
||
|
|
""" Test sales manager's access rights """
|
||
|
|
SaleOrder = self.env['sale.order'].with_user(self.sale_manager)
|
||
|
|
so_as_sale_manager = SaleOrder.browse(self.sale_order.id)
|
||
|
|
|
||
|
|
# Manager can see the SO which is assigned to another salesperson
|
||
|
|
so_as_sale_manager.read()
|
||
|
|
# Manager can change a salesperson of the SO
|
||
|
|
so_as_sale_manager.write({'user_id': self.sale_user2.id})
|
||
|
|
|
||
|
|
# Manager can create the SO for other salesperson
|
||
|
|
sale_order = SaleOrder.create({
|
||
|
|
'partner_id': self.partner.id,
|
||
|
|
'user_id': self.sale_user.id
|
||
|
|
})
|
||
|
|
self.assertIn(
|
||
|
|
sale_order.id, SaleOrder.search([]).ids,
|
||
|
|
'Sales manager should be able to create the SO of other salesperson')
|
||
|
|
# Manager can confirm the SO
|
||
|
|
sale_order.action_confirm()
|
||
|
|
# Manager can not delete confirmed SO
|
||
|
|
with self.assertRaises(UserError), mute_logger('odoo.models.unlink'):
|
||
|
|
sale_order.unlink()
|
||
|
|
|
||
|
|
# Manager can delete the SO of other salesperson if SO is in 'draft' or 'cancel' state
|
||
|
|
so_as_sale_manager.unlink()
|
||
|
|
self.assertNotIn(
|
||
|
|
so_as_sale_manager.id, SaleOrder.search([]).ids,
|
||
|
|
'Sales manager should be able to delete the SO')
|
||
|
|
|
||
|
|
@mute_logger('odoo.addons.base.models.ir_model', 'odoo.addons.base.models.ir_rule')
|
||
|
|
def test_access_sales_person(self):
|
||
|
|
""" Test Salesperson's access rights """
|
||
|
|
SaleOrder = self.env['sale.order'].with_user(self.sale_user2)
|
||
|
|
so_as_salesperson = SaleOrder.browse(self.sale_order.id)
|
||
|
|
|
||
|
|
# Salesperson can see only their own sales order
|
||
|
|
with self.assertRaises(AccessError):
|
||
|
|
so_as_salesperson.read()
|
||
|
|
|
||
|
|
# Now assign the SO to themselves
|
||
|
|
# (using self.sale_order to do the change as superuser)
|
||
|
|
self.sale_order.write({'user_id': self.sale_user2.id})
|
||
|
|
|
||
|
|
# The salesperson is now able to read it
|
||
|
|
so_as_salesperson.read()
|
||
|
|
# Salesperson can change a Sales Team of SO
|
||
|
|
so_as_salesperson.write({'team_id': self.sale_team.id})
|
||
|
|
|
||
|
|
# Salesperson can't create a SO for other salesperson
|
||
|
|
with self.assertRaises(AccessError):
|
||
|
|
self.env['sale.order'].with_user(self.sale_user2).create({
|
||
|
|
'partner_id': self.partner.id,
|
||
|
|
'user_id': self.sale_user.id
|
||
|
|
})
|
||
|
|
|
||
|
|
# Salesperson can't delete Sale Orders
|
||
|
|
with self.assertRaises(AccessError):
|
||
|
|
so_as_salesperson.unlink()
|
||
|
|
|
||
|
|
# Salesperson can confirm the SO
|
||
|
|
so_as_salesperson.action_confirm()
|
||
|
|
|
||
|
|
@mute_logger('odoo.addons.base.models.ir_model', 'odoo.addons.base.models.ir_rule')
|
||
|
|
def test_access_portal_user(self):
|
||
|
|
""" Test portal user's access rights """
|
||
|
|
SaleOrder = self.env['sale.order'].with_user(self.user_portal)
|
||
|
|
so_as_portal_user = SaleOrder.browse(self.sale_order.id)
|
||
|
|
|
||
|
|
# Portal user can see the confirmed SO for which they are assigned as a customer
|
||
|
|
with self.assertRaises(AccessError):
|
||
|
|
so_as_portal_user.read()
|
||
|
|
|
||
|
|
self.sale_order.partner_id = self.user_portal.partner_id
|
||
|
|
self.sale_order.action_confirm()
|
||
|
|
# Portal user can't edit the SO
|
||
|
|
with self.assertRaises(AccessError):
|
||
|
|
so_as_portal_user.write({'team_id': self.sale_team.id})
|
||
|
|
# Portal user can't create the SO
|
||
|
|
with self.assertRaises(AccessError):
|
||
|
|
SaleOrder.create({
|
||
|
|
'partner_id': self.partner.id,
|
||
|
|
})
|
||
|
|
# Portal user can't delete the SO which is in 'draft' or 'cancel' state
|
||
|
|
self.sale_order.action_cancel()
|
||
|
|
with self.assertRaises(AccessError):
|
||
|
|
so_as_portal_user.unlink()
|
||
|
|
|
||
|
|
@mute_logger('odoo.addons.base.models.ir_model')
|
||
|
|
def test_access_employee(self):
|
||
|
|
""" Test classic employee's access rights """
|
||
|
|
SaleOrder = self.env['sale.order'].with_user(self.user_internal)
|
||
|
|
so_as_internal_user = SaleOrder.browse(self.sale_order.id)
|
||
|
|
|
||
|
|
# Employee can't see any SO
|
||
|
|
with self.assertRaises(AccessError):
|
||
|
|
so_as_internal_user.read()
|
||
|
|
# Employee can't edit the SO
|
||
|
|
with self.assertRaises(AccessError):
|
||
|
|
so_as_internal_user.write({'team_id': self.sale_team.id})
|
||
|
|
# Employee can't create the SO
|
||
|
|
with self.assertRaises(AccessError):
|
||
|
|
SaleOrder.create({
|
||
|
|
'partner_id': self.partner.id,
|
||
|
|
})
|
||
|
|
# Employee can't delete the SO
|
||
|
|
with self.assertRaises(AccessError):
|
||
|
|
so_as_internal_user.unlink()
|