Skip to content

Commit

Permalink
[IMP] impersonate_login: Restrict Admin settings impersonation
Browse files Browse the repository at this point in the history
  • Loading branch information
toita86 committed Nov 15, 2024
1 parent cf67a5b commit 5b11ccd
Show file tree
Hide file tree
Showing 8 changed files with 69 additions and 0 deletions.
2 changes: 2 additions & 0 deletions impersonate_login/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ Contributors
- Kévin Roche <kevin.roche@akretion.com>
- [360ERP](https://www.360erp.com):
- Andrea Stirpe
- `Ooops404 <https://www.ooops404.com/>`_:
- Eduard Brahas <eduard@ooops404.com>

Maintainers
~~~~~~~~~~~
Expand Down
1 change: 1 addition & 0 deletions impersonate_login/__manifest__.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
"views/assets.xml",
"views/res_users.xml",
"views/impersonate_log.xml",
"views/res_config_settings.xml",
"security/group.xml",
"security/ir.model.access.csv",
],
Expand Down
1 change: 1 addition & 0 deletions impersonate_login/models/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@
from . import mail_message
from . import impersonate_log
from . import model
from . import res_config_settings
12 changes: 12 additions & 0 deletions impersonate_login/models/res_config_settings.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
from odoo import fields, models


class ResConfigSettings(models.TransientModel):
_inherit = "res.config.settings"

restrict_impersonate_admin_settings = fields.Boolean(
string="Restrict Impersonation of 'Administration: Settings' Users",
config_parameter="impersonate_login.restrict_impersonate_admin_settings",
help="If enabled, users with the 'Administration: Settings' access right"
" cannot be impersonated.",
)
16 changes: 16 additions & 0 deletions impersonate_login/models/res_users.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,22 @@ def _is_impersonate_user(self):

def impersonate_login(self):
if request:

config_restrict = (
self.env["ir.config_parameter"]
.sudo()
.get_param("impersonate_login.restrict_impersonate_admin_settings")
)
if config_restrict:
admin_settings_group = self.env.ref("base.group_system")

Check warning on line 34 in impersonate_login/models/res_users.py

View check run for this annotation

Codecov / codecov/patch

impersonate_login/models/res_users.py#L34

Added line #L34 was not covered by tests
if admin_settings_group in self.groups_id:
raise UserError(

Check warning on line 36 in impersonate_login/models/res_users.py

View check run for this annotation

Codecov / codecov/patch

impersonate_login/models/res_users.py#L36

Added line #L36 was not covered by tests
_(
"You cannot impersonate users with"
" 'Administration: Settings' access rights."
)
)

if request.session.impersonate_from_uid:
if self.id == request.session.impersonate_from_uid:
return self.back_to_origin_login()
Expand Down
2 changes: 2 additions & 0 deletions impersonate_login/readme/CONTRIBUTORS.rst
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
- Kévin Roche <kevin.roche@akretion.com>
- [360ERP](https://www.360erp.com):
- Andrea Stirpe
- `Ooops404 <https://www.ooops404.com/>`_:
- Eduard Brahas <eduard@ooops404.com>
2 changes: 2 additions & 0 deletions impersonate_login/static/description/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -426,6 +426,8 @@ <h2><a class="toc-backref" href="#toc-entry-5">Contributors</a></h2>
<li>Kévin Roche &lt;<a class="reference external" href="mailto:kevin.roche&#64;akretion.com">kevin.roche&#64;akretion.com</a>&gt;</li>
<li>[360ERP](<a class="reference external" href="https://www.360erp.com">https://www.360erp.com</a>):
- Andrea Stirpe</li>
<li><a class="reference external" href="https://www.ooops404.com/">Ooops404</a>:
- Eduard Brahas &lt;<a class="reference external" href="mailto:eduard&#64;ooops404.com">eduard&#64;ooops404.com</a>&gt;</li>
</ul>
</div>
<div class="section" id="maintainers">
Expand Down
33 changes: 33 additions & 0 deletions impersonate_login/views/res_config_settings.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
<odoo>
<record id="view_res_config_settings_impersonate" model="ir.ui.view">
<field name="name">res.config.settings.impersonate</field>
<field name="model">res.config.settings</field>
<field name="inherit_id" ref="base_setup.res_config_settings_view_form" />
<field name="arch" type="xml">
<xpath expr="//div[@id='invite_users']" position="after">
<div id="impersonate_login">
<h2>Impersonation Login</h2>
<div
class="row mt16 o_settings_container"
name="impersonate_login_settings_container"
>
<div
class="col-12 col-lg-6 o_setting_box"
id="impersonate_login_settings"
>
<div class="o_setting_right_pane">
<label for="restrict_impersonate_admin_settings">
Restrict Impersonation Login
</label>
<field
name="restrict_impersonate_admin_settings"
string="Restrict Impersonation of 'Administration: Settings' Users"
/>
</div>
</div>
</div>
</div>
</xpath>
</field>
</record>
</odoo>

0 comments on commit 5b11ccd

Please sign in to comment.