From 52fe7b7f38e1364527b5c260b9a0299100114748 Mon Sep 17 00:00:00 2001 From: oca-ci Date: Tue, 15 Oct 2024 19:37:54 +0000 Subject: [PATCH 1/7] [UPD] Update cetmix_tower_yaml.pot --- cetmix_tower_server/security/cx_tower_plan_line_security.xml | 4 ++-- cetmix_tower_server/security/ir.model.access.csv | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cetmix_tower_server/security/cx_tower_plan_line_security.xml b/cetmix_tower_server/security/cx_tower_plan_line_security.xml index 0179fdf4..d80ad240 100644 --- a/cetmix_tower_server/security/cx_tower_plan_line_security.xml +++ b/cetmix_tower_server/security/cx_tower_plan_line_security.xml @@ -14,9 +14,9 @@ Tower plan line: manager access rule - [('access_level', '<=', '2')] + ['|',('create_uid', '=', user.id),('create_uid', '=', False)] - + diff --git a/cetmix_tower_server/security/ir.model.access.csv b/cetmix_tower_server/security/ir.model.access.csv index d647ad7a..5e7e5ab6 100644 --- a/cetmix_tower_server/security/ir.model.access.csv +++ b/cetmix_tower_server/security/ir.model.access.csv @@ -14,11 +14,11 @@ access_server_user,Server->User,model_cx_tower_server,group_user,1,0,0,0 access_server_manager,Server->Manager,model_cx_tower_server,group_manager,1,1,1,0 access_server_root,Server->Root,model_cx_tower_server,group_root,1,1,1,1 access_interpreter_user,Interpreter->User,model_cx_tower_interpreter,group_user,1,0,0,0 -access_interpreter_manager,Interpreter->Manager,model_cx_tower_interpreter,group_manager,1,1,1,0 +access_interpreter_manager,Interpreter->Manager,model_cx_tower_interpreter,group_manager,1,1, 1,0 access_interpreter_root,Interpreter->Root,model_cx_tower_interpreter,group_root,1,1,1,1 access_command_user,Command->User,model_cx_tower_command,group_user,1,0,0,0 access_command_manager,Command->Manager,model_cx_tower_command,group_manager,1,1,1,0 -access_command_root,Command->Root,model_cx_tower_command,group_root,1,1,1,1 +access_command_root,Command->Root,model_cx_tower_command,group_root,1,1,1,1 access_execute_command_user,Execute Command->User,model_cx_tower_command_execute_wizard,group_user,1,1,1,1 access_execute_plan_user,Execute Plan->User,model_cx_tower_plan_execute_wizard,group_user,1,1,1,1 access_key_user,Key->User,model_cx_tower_key,group_user,1,0,0,0 From f9bd725c2d287c9f13b30e96583f6af72e7814a9 Mon Sep 17 00:00:00 2001 From: George Smirnov Date: Wed, 11 Sep 2024 12:08:58 +0400 Subject: [PATCH 2/7] [IMP] cetmix_tower_server: managers can delete own plan lines Before this commit ------------------ Members of the group_manager cannot delete the plan lines they have created After this commit ------------------ Members of the group_manager can delete the plan lines they have created --- .../security/cx_tower_plan_line_security.xml | 17 ++++++++++++++--- .../security/ir.model.access.csv | 4 ++-- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/cetmix_tower_server/security/cx_tower_plan_line_security.xml b/cetmix_tower_server/security/cx_tower_plan_line_security.xml index d80ad240..f216dfc2 100644 --- a/cetmix_tower_server/security/cx_tower_plan_line_security.xml +++ b/cetmix_tower_server/security/cx_tower_plan_line_security.xml @@ -12,14 +12,25 @@ - Tower plan line: manager access rule + Tower plan line: manager Read/Write access rule - ['|',('create_uid', '=', user.id),('create_uid', '=', False)] + [('access_level', '<=', '2')] - + + + + + + Tower plan line: manager delete own records + + [('create_uid', '=', user.id)] + + + + Tower plan line: root access rule diff --git a/cetmix_tower_server/security/ir.model.access.csv b/cetmix_tower_server/security/ir.model.access.csv index 5e7e5ab6..c08af4cf 100644 --- a/cetmix_tower_server/security/ir.model.access.csv +++ b/cetmix_tower_server/security/ir.model.access.csv @@ -18,7 +18,7 @@ access_interpreter_manager,Interpreter->Manager,model_cx_tower_interpreter,group access_interpreter_root,Interpreter->Root,model_cx_tower_interpreter,group_root,1,1,1,1 access_command_user,Command->User,model_cx_tower_command,group_user,1,0,0,0 access_command_manager,Command->Manager,model_cx_tower_command,group_manager,1,1,1,0 -access_command_root,Command->Root,model_cx_tower_command,group_root,1,1,1,1 +access_command_root,Command->Root,model_cx_tower_command,group_root,1,1,1,1 access_execute_command_user,Execute Command->User,model_cx_tower_command_execute_wizard,group_user,1,1,1,1 access_execute_plan_user,Execute Plan->User,model_cx_tower_plan_execute_wizard,group_user,1,1,1,1 access_key_user,Key->User,model_cx_tower_key,group_user,1,0,0,0 @@ -30,7 +30,7 @@ access_plan_user,Plan->User,model_cx_tower_plan,group_user,1,0,0,0 access_plan_manager,Plan->Manager,model_cx_tower_plan,group_manager,1,1,1,0 access_plan_root,Plan->Root,model_cx_tower_plan,group_root,1,1,1,1 access_plan_line_user,Plan Line->User,model_cx_tower_plan_line,group_user,1,0,0,0 -access_plan_line_manager,Plan Line->Manager,model_cx_tower_plan_line,group_manager,1,1,1,0 +access_plan_line_manager,Plan Line->Manager,model_cx_tower_plan_line,group_manager,1,1,1,1 access_plan_line_root,Plan Line->Root,model_cx_tower_plan_line,group_root,1,1,1,1 access_plan_line_action_user,Plan Line Action->User,model_cx_tower_plan_line_action,group_user,1,0,0,0 access_plan_line_action_manager,Plan Line Action->Manager,model_cx_tower_plan_line_action,group_manager,1,1,1,0 From 7bb13c0872b3067be61fc248a75a6ea7c3747f3e Mon Sep 17 00:00:00 2001 From: George Smirnov Date: Thu, 12 Sep 2024 10:38:30 +0400 Subject: [PATCH 3/7] [IMP] cetmix_tower_server: managers can delete own plan line actions Before this commit ------------------ Members of the group_manager cannot delete the plan line actions they have created After this commit ------------------ Members of the group_manager can delete the plan lines actions they have created --- .../cx_tower_plan_line_action_security.xml | 15 ++++- .../security/ir.model.access.csv | 2 +- cetmix_tower_server/tests/test_plan.py | 58 +++++++++++++++++++ 3 files changed, 73 insertions(+), 2 deletions(-) diff --git a/cetmix_tower_server/security/cx_tower_plan_line_action_security.xml b/cetmix_tower_server/security/cx_tower_plan_line_action_security.xml index 74068caf..9437bc40 100644 --- a/cetmix_tower_server/security/cx_tower_plan_line_action_security.xml +++ b/cetmix_tower_server/security/cx_tower_plan_line_action_security.xml @@ -12,12 +12,25 @@ - Tower plan line action: manager access rule + Tower plan line action: manager Read/Write access rule [('access_level', '<=', '2')] + + + + + + + Tower plan line action: manager delete own records + + [('create_uid', '=', user.id)] + + diff --git a/cetmix_tower_server/security/ir.model.access.csv b/cetmix_tower_server/security/ir.model.access.csv index c08af4cf..a4851f32 100644 --- a/cetmix_tower_server/security/ir.model.access.csv +++ b/cetmix_tower_server/security/ir.model.access.csv @@ -33,7 +33,7 @@ access_plan_line_user,Plan Line->User,model_cx_tower_plan_line,group_user,1,0,0, access_plan_line_manager,Plan Line->Manager,model_cx_tower_plan_line,group_manager,1,1,1,1 access_plan_line_root,Plan Line->Root,model_cx_tower_plan_line,group_root,1,1,1,1 access_plan_line_action_user,Plan Line Action->User,model_cx_tower_plan_line_action,group_user,1,0,0,0 -access_plan_line_action_manager,Plan Line Action->Manager,model_cx_tower_plan_line_action,group_manager,1,1,1,0 +access_plan_line_action_manager,Plan Line Action->Manager,model_cx_tower_plan_line_action,group_manager,1,1,1,1 access_plan_line_action_root,Plan Line Action->Root,model_cx_tower_plan_line_action,group_root,1,1,1,1 access_plan_log_user,Plan Log->User,model_cx_tower_plan_log,group_user,1,0,0,0 access_plan_log_root,Plan Log->User,model_cx_tower_plan_log,group_root,1,1,1,1 diff --git a/cetmix_tower_server/tests/test_plan.py b/cetmix_tower_server/tests/test_plan.py index d8a0b495..11e53e87 100644 --- a/cetmix_tower_server/tests/test_plan.py +++ b/cetmix_tower_server/tests/test_plan.py @@ -735,3 +735,61 @@ def test_flight_plan_copy(self): original_action.variable_value_ids.value_char, "Variable value should be the same in the copied action", ) + + def test_plan_lines_access_rights(self): + + # Create a test plan with plan lines + self.plan_2 = self.Plan.create( + { + "name": "Test plan 2", + "note": "Test note", + "tag_ids": [ + (6, 0, [self.env.ref("cetmix_tower_server.tag_staging").id]) + ], + "line_ids": [ + (0, 0, {"command_id": self.command_create_dir.id, "sequence": 1}), + (0, 0, {"command_id": self.command_list_dir.id, "sequence": 2}), + ], + } + ) + # Ensure default access level is correct + self.assertEqual(self.plan_2.access_level, "2") + + # Remove user_bob from all cxtower_server groups + self.remove_from_group( + self.user_bob, + [ + "cetmix_tower_server.group_user", + "cetmix_tower_server.group_manager", + "cetmix_tower_server.group_root", + ], + ) + + # Ensure that user without any group cannot access plan lines + test_plan_2_as_bob = self.plan_2.with_user(self.user_bob) + with self.assertRaises(AccessError): + plan_line_name = test_plan_2_as_bob.line_ids[0].command_id.name + + # Add user_bob to `group_user` and test plan.line access + self.add_to_group(self.user_bob, "cetmix_tower_server.group_user") + # Set access level to 1, so group_user can access the plan + self.plan_2.write({"access_level": "1"}) + self.plan_2.line_ids[0].write({"access_level": "1"}) + + plan_line_name = test_plan_2_as_bob.line_ids[0].command_id.name + self.assertEqual( + plan_line_name, "Create directory", msg="User should access plan lines with access_level 1" + ) + + # Add user_bob to `group_manager` and test edit rights for plan.line + self.add_to_group(self.user_bob, "cetmix_tower_server.group_manager") + test_plan_2_as_bob.write({"access_level": "2"}) + self.assertEqual(test_plan_2_as_bob.access_level, "2") + test_plan_2_as_bob.line_ids.write({"sequence": 3}) + self.assertEqual( + test_plan_2_as_bob.line_ids[0].sequence, 3, msg="Manager should be able to update sequence" + ) + + # Ensure that manager cannot delete plan lines they did not create + with self.assertRaises(AccessError): + test_plan_2_as_bob.line_ids.unlink() From 5b1a182052c5d7ed4a92fa022feb6f1b6a7e4527 Mon Sep 17 00:00:00 2001 From: George Smirnov Date: Thu, 26 Sep 2024 16:47:40 +0200 Subject: [PATCH 4/7] [IMP] cetmix_tower_server: add new tests for plan lines access rights --- cetmix_tower_server/tests/test_plan.py | 44 ++++++++++++++++++++------ 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/cetmix_tower_server/tests/test_plan.py b/cetmix_tower_server/tests/test_plan.py index 11e53e87..6d8efbf2 100644 --- a/cetmix_tower_server/tests/test_plan.py +++ b/cetmix_tower_server/tests/test_plan.py @@ -737,7 +737,6 @@ def test_flight_plan_copy(self): ) def test_plan_lines_access_rights(self): - # Create a test plan with plan lines self.plan_2 = self.Plan.create( { @@ -765,20 +764,20 @@ def test_plan_lines_access_rights(self): ], ) - # Ensure that user without any group cannot access plan lines + # Ensure that user without any group cannot access plan lines test_plan_2_as_bob = self.plan_2.with_user(self.user_bob) with self.assertRaises(AccessError): plan_line_name = test_plan_2_as_bob.line_ids[0].command_id.name # Add user_bob to `group_user` and test plan.line access self.add_to_group(self.user_bob, "cetmix_tower_server.group_user") - # Set access level to 1, so group_user can access the plan + # Set access level to 1, so group_user can access the plan lines self.plan_2.write({"access_level": "1"}) - self.plan_2.line_ids[0].write({"access_level": "1"}) - - plan_line_name = test_plan_2_as_bob.line_ids[0].command_id.name + plan_line_name = test_plan_2_as_bob.line_ids[0].name self.assertEqual( - plan_line_name, "Create directory", msg="User should access plan lines with access_level 1" + plan_line_name, + "Test create directory", + msg="User should access plan lines with access_level 1", ) # Add user_bob to `group_manager` and test edit rights for plan.line @@ -787,9 +786,36 @@ def test_plan_lines_access_rights(self): self.assertEqual(test_plan_2_as_bob.access_level, "2") test_plan_2_as_bob.line_ids.write({"sequence": 3}) self.assertEqual( - test_plan_2_as_bob.line_ids[0].sequence, 3, msg="Manager should be able to update sequence" + test_plan_2_as_bob.line_ids[0].sequence, + 3, + msg="Manager should be able to update sequence", ) # Ensure that manager cannot delete plan lines they did not create with self.assertRaises(AccessError): - test_plan_2_as_bob.line_ids.unlink() + test_plan_2_as_bob.line_ids[0].unlink() + + # Create a new plan line as user_bob (manager) + plan_line_as_bob = self.plan_line.with_user(self.user_bob).create( + { + "plan_id": test_plan_2_as_bob.id, + "command_id": self.command_create_dir.id, + "sequence": 10, + } + ) + + # Ensure the plan line was created and check that create_uid is user_bob + self.assertEqual( + plan_line_as_bob.create_uid.id, + self.user_bob.id, + msg="Create_uid should be user_bob", + ) + + # Check that user_bob can delete the plan line he has just created + plan_line_as_bob.unlink() + + # Ensure the plan line has been deleted + self.assertFalse( + plan_line_as_bob.exists(), + msg="Manager should be able to delete own plan line", + ) From d97cab7da6b7b0fab33225cd7e8609ea380c4406 Mon Sep 17 00:00:00 2001 From: George Smirnov Date: Fri, 27 Sep 2024 14:01:13 +0200 Subject: [PATCH 5/7] [IMP] cetmix_tower_server: add tests for plan line actions --- cetmix_tower_server/tests/test_plan.py | 93 ++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/cetmix_tower_server/tests/test_plan.py b/cetmix_tower_server/tests/test_plan.py index 6d8efbf2..ca204e94 100644 --- a/cetmix_tower_server/tests/test_plan.py +++ b/cetmix_tower_server/tests/test_plan.py @@ -819,3 +819,96 @@ def test_plan_lines_access_rights(self): plan_line_as_bob.exists(), msg="Manager should be able to delete own plan line", ) + + # def test_plan_line_action_access_rights(self): + # # Create a test plan with plan lines + # self.plan_2 = self.Plan.create( + # { + # "name": "Test plan 2", + # "note": "Test note", + # "tag_ids": [ + # (6, 0, [self.env.ref("cetmix_tower_server.tag_staging").id]) + # ], + # "line_ids": [ + # (0, 0, {"command_id": self.command_create_dir.id, "sequence": 1}), + # ], + # } + # ) + + # # Create a plan line action for the first line + # self.plan_line_action = self.env['cx.tower.plan.line.action'].create({ + # "line_id": self.plan_2.line_ids[0].id, + # "condition": "==", + # "value_char": "0", + # "action": "n", + # }) + + # # Ensure default access level is correct + # self.assertEqual(self.plan_2.access_level, "2") + + # # Remove user_bob from all cxtower_server groups + # self.remove_from_group( + # self.user_bob, + # [ + # "cetmix_tower_server.group_user", + # "cetmix_tower_server.group_manager", + # "cetmix_tower_server.group_root", + # ], + # ) + + # # Ensure that user_bob without any group cannot access plan line actions + # test_plan_line_action_as_bob = self.plan_line_action.with_user(self.user_bob) + # with self.assertRaises(AccessError): + # action_name = test_plan_line_action_as_bob.name + + # # Add user_bob to `group_user` and test plan.line.action access + # self.add_to_group(self.user_bob, "cetmix_tower_server.group_user") + # # Set access level to 1, so group_user can access the plan line actions + # self.plan_2.write({"access_level": "1"}) + # self.assertEqual(test_plan_line_action_as_bob.access_level, "1") + + # # action_condition_read = test_plan_line_action_as_bob.read([]) + # # self.assertEqual( + # # action_condition_read[0].name, + # # test_plan_line_action_as_bob[0].name, + # # msg="User should access plan line actions with access_level 1", + # # ) + + # # Add user_bob to `group_manager` and test edit rights for plan.line.action + # self.add_to_group(self.user_bob, "cetmix_tower_server.group_manager") + # test_plan_line_action_as_bob.write({"value_char": "1"}) + # self.assertEqual( + # test_plan_line_action_as_bob.value_char, + # "1", + # msg="Manager should be able to update plan line action", + # ) + + # # Ensure that manager cannot delete plan line actions they did not create + # with self.assertRaises(AccessError): + # test_plan_line_action_as_bob.unlink() + + # # Create a new plan line action as user_bob (manager) + # plan_line_action_as_bob = self.env['cx.tower.plan.line.action']. + # with_user(self.user_bob).create({ + # "line_id": test_plan_2_as_bob.line_ids[0].id, + # "condition": ">", + # "value_char": "100", + # "action": "e", + # }) + + # # Ensure the plan line action was created + # and check that create_uid is user_bob + # self.assertEqual( + # plan_line_action_as_bob.create_uid.id, + # self.user_bob.id, + # msg="Create_uid should be user_bob", + # ) + + # # Check that user_bob can delete the plan line action he has just created + # plan_line_action_as_bob.unlink() + + # # Ensure the plan line action has been deleted + # self.assertFalse( + # plan_line_action_as_bob.exists(), + # msg="Manager should be able to delete own plan line action", + # ) From d4517281751ee1655df997cfd27a0bb3864ce40c Mon Sep 17 00:00:00 2001 From: George Smirnov Date: Thu, 17 Oct 2024 00:53:06 +0300 Subject: [PATCH 6/7] [IMP] cetmix_tower_server: update variable values access rules: Before this commit: memnbers of group_user and group_manager have no access to variable values related to plan line actions After this commit: members of group user can read variable values related to plan line actions members of group manager can - read variable values related to plan line actions - delete variable values related to plan line actions they have created --- .../cx_tower_variable_value_security.xml | 61 ++++++++++++++++++- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/cetmix_tower_server/security/cx_tower_variable_value_security.xml b/cetmix_tower_server/security/cx_tower_variable_value_security.xml index 697addb6..f41e5551 100644 --- a/cetmix_tower_server/security/cx_tower_variable_value_security.xml +++ b/cetmix_tower_server/security/cx_tower_variable_value_security.xml @@ -1,8 +1,12 @@ - - Tower variable value: manager access rule + + + Tower variable value: user and manager access rule ['|', ('is_global', '=', True), ('server_id.message_partner_ids', 'in', [user.partner_id.id])] @@ -13,6 +17,59 @@ + + Tower variable value: user access to variable values in plan line action + rule + + + [ + ('plan_line_action_id.access_level', '=', '1') + ] + + + + + + Tower variable value: manager access to variable values in plan line + action rule + + + [ + ('plan_line_action_id.access_level', '<=', '2') + ] + + + + + + + + + + Tower variable value: manager delete own variable values in plan line + action + + + [ + ('plan_line_action_id.create_uid', '=', user.id) + ] + + + + + Tower variable value: root access rule From 062210fd231968f4f3c60dd46e097c89c5078fbc Mon Sep 17 00:00:00 2001 From: George Smirnov Date: Thu, 17 Oct 2024 14:55:23 +0300 Subject: [PATCH 7/7] [IMP] cetmix_tower_server: update tests for plan line actions --- cetmix_tower_server/tests/test_plan.py | 199 +++++++++++++------------ 1 file changed, 107 insertions(+), 92 deletions(-) diff --git a/cetmix_tower_server/tests/test_plan.py b/cetmix_tower_server/tests/test_plan.py index ca204e94..61b2416c 100644 --- a/cetmix_tower_server/tests/test_plan.py +++ b/cetmix_tower_server/tests/test_plan.py @@ -820,95 +820,110 @@ def test_plan_lines_access_rights(self): msg="Manager should be able to delete own plan line", ) - # def test_plan_line_action_access_rights(self): - # # Create a test plan with plan lines - # self.plan_2 = self.Plan.create( - # { - # "name": "Test plan 2", - # "note": "Test note", - # "tag_ids": [ - # (6, 0, [self.env.ref("cetmix_tower_server.tag_staging").id]) - # ], - # "line_ids": [ - # (0, 0, {"command_id": self.command_create_dir.id, "sequence": 1}), - # ], - # } - # ) - - # # Create a plan line action for the first line - # self.plan_line_action = self.env['cx.tower.plan.line.action'].create({ - # "line_id": self.plan_2.line_ids[0].id, - # "condition": "==", - # "value_char": "0", - # "action": "n", - # }) - - # # Ensure default access level is correct - # self.assertEqual(self.plan_2.access_level, "2") - - # # Remove user_bob from all cxtower_server groups - # self.remove_from_group( - # self.user_bob, - # [ - # "cetmix_tower_server.group_user", - # "cetmix_tower_server.group_manager", - # "cetmix_tower_server.group_root", - # ], - # ) - - # # Ensure that user_bob without any group cannot access plan line actions - # test_plan_line_action_as_bob = self.plan_line_action.with_user(self.user_bob) - # with self.assertRaises(AccessError): - # action_name = test_plan_line_action_as_bob.name - - # # Add user_bob to `group_user` and test plan.line.action access - # self.add_to_group(self.user_bob, "cetmix_tower_server.group_user") - # # Set access level to 1, so group_user can access the plan line actions - # self.plan_2.write({"access_level": "1"}) - # self.assertEqual(test_plan_line_action_as_bob.access_level, "1") - - # # action_condition_read = test_plan_line_action_as_bob.read([]) - # # self.assertEqual( - # # action_condition_read[0].name, - # # test_plan_line_action_as_bob[0].name, - # # msg="User should access plan line actions with access_level 1", - # # ) - - # # Add user_bob to `group_manager` and test edit rights for plan.line.action - # self.add_to_group(self.user_bob, "cetmix_tower_server.group_manager") - # test_plan_line_action_as_bob.write({"value_char": "1"}) - # self.assertEqual( - # test_plan_line_action_as_bob.value_char, - # "1", - # msg="Manager should be able to update plan line action", - # ) - - # # Ensure that manager cannot delete plan line actions they did not create - # with self.assertRaises(AccessError): - # test_plan_line_action_as_bob.unlink() - - # # Create a new plan line action as user_bob (manager) - # plan_line_action_as_bob = self.env['cx.tower.plan.line.action']. - # with_user(self.user_bob).create({ - # "line_id": test_plan_2_as_bob.line_ids[0].id, - # "condition": ">", - # "value_char": "100", - # "action": "e", - # }) - - # # Ensure the plan line action was created - # and check that create_uid is user_bob - # self.assertEqual( - # plan_line_action_as_bob.create_uid.id, - # self.user_bob.id, - # msg="Create_uid should be user_bob", - # ) - - # # Check that user_bob can delete the plan line action he has just created - # plan_line_action_as_bob.unlink() - - # # Ensure the plan line action has been deleted - # self.assertFalse( - # plan_line_action_as_bob.exists(), - # msg="Manager should be able to delete own plan line action", - # ) + def test_plan_line_action_access_rights(self): + # Create a test plan with plan lines + self.plan_2 = self.Plan.create( + { + "name": "Test plan 2", + "note": "Test note", + "tag_ids": [ + (6, 0, [self.env.ref("cetmix_tower_server.tag_staging").id]) + ], + "line_ids": [ + (0, 0, {"command_id": self.command_create_dir.id, "sequence": 1}), + ], + } + ) + # Create a plan line action for the first line + self.plan_line_action = self.env["cx.tower.plan.line.action"].create( + { + "line_id": self.plan_2.line_ids[0].id, + "condition": "==", + "value_char": "0", + "action": "n", + } + ) + + # Ensure default access level is correct + self.assertEqual(self.plan_2.access_level, "2") + + # Remove user_bob from all cxtower_server groups + self.remove_from_group( + self.user_bob, + [ + "cetmix_tower_server.group_user", + "cetmix_tower_server.group_manager", + "cetmix_tower_server.group_root", + ], + ) + + # Ensure that user_bob without any group cannot access plan line actions + test_plan_line_action_as_bob = self.plan_line_action.with_user(self.user_bob) + with self.assertRaises(AccessError): + plan_line_action_read_result = test_plan_line_action_as_bob.read([]) + + # Add user_bob to `group_user` and test plan.line.action access + self.add_to_group(self.user_bob, "cetmix_tower_server.group_user") + # Set access level to 1, so group_user can access the plan line actions + self.plan_2.write({"access_level": "1"}) + self.assertEqual(test_plan_line_action_as_bob.access_level, "1") + self.plan_2.invalidate_cache() + plan_line_action_read_result = test_plan_line_action_as_bob.condition + self.assertEqual( + plan_line_action_read_result, + test_plan_line_action_as_bob.condition, + msg="User should access plan line actions with access_level 1", + ) + + # Add user_bob to `group_manager` and test plan.line.action access + self.add_to_group(self.user_bob, "cetmix_tower_server.group_manager") + # Set access level to 2, so group_manager can access the plan line action + self.plan_2.write({"access_level": "2"}) + self.assertEqual(test_plan_line_action_as_bob.access_level, "2") + # Ensure that user_bob as member of group_manager + # can read to plan line actions + plan_line_action_read_result = test_plan_line_action_as_bob.read([]) + self.assertEqual( + plan_line_action_read_result[0]["name"], + test_plan_line_action_as_bob.name, + msg="Name should be the same", + ) + + # Ensure that manager can update plan line actions they did not create + test_plan_line_action_as_bob.write({"sequence": 3}) + self.assertEqual( + test_plan_line_action_as_bob.sequence, + 3, + msg="Manager should be able to update sequence", + ) + + # Ensure that manager cannot delete plan line actions they did not create + with self.assertRaises(AccessError): + test_plan_line_action_as_bob.unlink() + + # Create a new plan line action as user_bob manager + + self.new_plan_line_action = self.env["cx.tower.plan.line.action"].create( + { + "line_id": self.plan_2.line_ids[0].id, + "condition": ">", + "value_char": "100", + "action": "e", + } + ) + + self.new_plan_line_action.write({"create_uid": self.user_bob}) + self.assertEqual( + self.new_plan_line_action.create_uid.id, + self.user_bob.id, + msg="Create_uid should be user_bob", + ) + + # # Check that user_bob can delete the plan line action he has created + self.new_plan_line_action.with_user(self.user_bob).unlink() + + # Ensure the plan line action has been deleted + self.assertFalse( + self.new_plan_line_action.exists(), + msg="Manager should be able to delete own plan line action", + )