diff --git a/impersonate_login/README.rst b/impersonate_login/README.rst index eb25fdab03..0073fb540b 100644 --- a/impersonate_login/README.rst +++ b/impersonate_login/README.rst @@ -81,6 +81,8 @@ Contributors - Kévin Roche - [360ERP](https://www.360erp.com): - Andrea Stirpe +- `Ooops404 `_: + - Eduard Brahas Maintainers ~~~~~~~~~~~ diff --git a/impersonate_login/__manifest__.py b/impersonate_login/__manifest__.py index 35b39b0e6a..49b8702c42 100644 --- a/impersonate_login/__manifest__.py +++ b/impersonate_login/__manifest__.py @@ -21,6 +21,7 @@ "views/assets.xml", "views/res_users.xml", "views/impersonate_log.xml", + "views/res_config_settings.xml", "security/group.xml", "security/ir.model.access.csv", ], diff --git a/impersonate_login/models/__init__.py b/impersonate_login/models/__init__.py index debb66e9c1..d483c409d4 100644 --- a/impersonate_login/models/__init__.py +++ b/impersonate_login/models/__init__.py @@ -4,3 +4,4 @@ from . import mail_message from . import impersonate_log from . import model +from . import res_config_settings diff --git a/impersonate_login/models/res_config_settings.py b/impersonate_login/models/res_config_settings.py new file mode 100644 index 0000000000..79d409837e --- /dev/null +++ b/impersonate_login/models/res_config_settings.py @@ -0,0 +1,12 @@ +from odoo import fields, models + + +class ResConfigSettings(models.TransientModel): + _inherit = "res.config.settings" + + restrict_impersonate_admin_settings = fields.Boolean( + string="Restrict Impersonation of 'Administration: Settings' Users", + config_parameter="impersonate_login.restrict_impersonate_admin_settings", + help="If enabled, users with the 'Administration: Settings' access right" + " cannot be impersonated.", + ) diff --git a/impersonate_login/models/res_users.py b/impersonate_login/models/res_users.py index c3307dddd7..22a2939ee5 100644 --- a/impersonate_login/models/res_users.py +++ b/impersonate_login/models/res_users.py @@ -24,6 +24,22 @@ def _is_impersonate_user(self): def impersonate_login(self): if request: + + config_restrict = ( + self.env["ir.config_parameter"] + .sudo() + .get_param("impersonate_login.restrict_impersonate_admin_settings") + ) + if config_restrict: + admin_settings_group = self.env.ref("base.group_system") + if admin_settings_group in self.groups_id: + raise UserError( + _( + "You cannot impersonate users with" + " 'Administration: Settings' access rights." + ) + ) + if request.session.impersonate_from_uid: if self.id == request.session.impersonate_from_uid: return self.back_to_origin_login() diff --git a/impersonate_login/readme/CONTRIBUTORS.rst b/impersonate_login/readme/CONTRIBUTORS.rst index 56c4cb59e2..2198ac7c2a 100644 --- a/impersonate_login/readme/CONTRIBUTORS.rst +++ b/impersonate_login/readme/CONTRIBUTORS.rst @@ -1,3 +1,5 @@ - Kévin Roche - [360ERP](https://www.360erp.com): - Andrea Stirpe +- `Ooops404 `_: + - Eduard Brahas diff --git a/impersonate_login/static/description/index.html b/impersonate_login/static/description/index.html index 29d39506a1..c7b3bfdc92 100644 --- a/impersonate_login/static/description/index.html +++ b/impersonate_login/static/description/index.html @@ -426,6 +426,8 @@

Contributors

  • Kévin Roche <kevin.roche@akretion.com>
  • [360ERP](https://www.360erp.com): - Andrea Stirpe
    • +
  • Ooops404: +- Eduard Brahas <eduard@ooops404.com>
    • diff --git a/impersonate_login/views/res_config_settings.xml b/impersonate_login/views/res_config_settings.xml new file mode 100644 index 0000000000..8717e32c53 --- /dev/null +++ b/impersonate_login/views/res_config_settings.xml @@ -0,0 +1,33 @@ + + + res.config.settings.impersonate + res.config.settings + + + +
    +

    Impersonation Login

    +
    +
    +
    + + +
    +
    +
    +
    +     +     +     +