From d8ca2b96844b2f1c6724812457666fa7603cd493 Mon Sep 17 00:00:00 2001
From: Matt Marcha <matt@pacific-erp.com>
Date: Fri, 25 Oct 2024 17:24:39 -1000
Subject: [PATCH] Restrict access to data

---
 estate/__manifest__.py                   |  3 +-
 estate/models/estate_property.py         |  6 ++--
 estate/security/ir.model.access.csv      | 12 ++++---
 estate/security/security.xml             | 44 ++++++++++++++++++++++++
 estate/views/estate_menus.xml            |  2 +-
 estate/views/estate_property_views.xml   |  4 +++
 estate_account/models/estate_property.py |  5 ++-
 7 files changed, 67 insertions(+), 9 deletions(-)
 create mode 100644 estate/security/security.xml

diff --git a/estate/__manifest__.py b/estate/__manifest__.py
index 10432b5..d1a848f 100644
--- a/estate/__manifest__.py
+++ b/estate/__manifest__.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 {
     'name': 'Real Estate',
-    'category': 'Tutorials/Estate',
+    'category': 'Real Estate/Brokerage',
     'application': True,
     'installable': True,
     'author': 'Matt Marcha',
@@ -15,6 +15,7 @@
         'views/estate_property_views.xml',
         'views/res_users_views.xml',
         'views/estate_menus.xml',
+        'security/security.xml',
         'security/ir.model.access.csv',
         'data/estate.property.type.csv',
     ],
diff --git a/estate/models/estate_property.py b/estate/models/estate_property.py
index 0d87087..b8f673b 100644
--- a/estate/models/estate_property.py
+++ b/estate/models/estate_property.py
@@ -11,6 +11,7 @@ class EstateProperty(models.Model):
     _name = "estate.property"
     _description = "Properties for the Estate module"
     _order = "id desc"
+    _check_company_auto = True
 
     _sql_constraints = [
         ('check_expected_price', 'CHECK (expected_price > 0)', 'Expected rice should be superior to 0'),
@@ -39,12 +40,13 @@ class EstateProperty(models.Model):
     garden_area = fields.Integer()
     garden_orientation = fields.Selection(selection=[('north', 'North'), ('south', 'South'), ('east', 'East'), ('west', 'West')])
     property_type_id = fields.Many2one("estate.property.type", "Property Type")
-    salesman_id = fields.Many2one("res.users", string="Salesman")
-    buyer_id = fields.Many2one("res.partner", string="Buyer")
+    salesman_id = fields.Many2one("res.users", string="Salesman", check_company=True)
+    buyer_id = fields.Many2one("res.partner", string="Buyer", check_company=True)
     tag_ids = fields.Many2many("estate.property.tag", string="Tags")
     offer_ids = fields.One2many("estate.property.offer", "property_id", string="Offers")
     total_area = fields.Integer(compute="_get_total_area", readonly=True)
     best_price = fields.Float(compute="_compute_best_price")
+    company_id = fields.Many2one('res.company', 'Company', required=True, default=lambda self: self.env.company)
 
 
     # ----------------- CRUD methods  --------------------------- #
diff --git a/estate/security/ir.model.access.csv b/estate/security/ir.model.access.csv
index 4c593ed..23e7a1d 100644
--- a/estate/security/ir.model.access.csv
+++ b/estate/security/ir.model.access.csv
@@ -1,5 +1,9 @@
 id,name,model_id/id,group_id/id,perm_read,perm_write,perm_create,perm_unlink
-access_estate_property,access_estate_property,model_estate_property,base.group_user,1,1,1,1
-access_estate_property_type,access_estate_property_type,model_estate_property_type,base.group_user,1,1,1,1
-access_estate_property_tag,access_estate_property_tag,model_estate_property_tag,base.group_user,1,1,1,1
-access_estate_property_offer,access_estate_property_offer,model_estate_property_offer,base.group_user,1,1,1,1
\ No newline at end of file
+access_estate_property_manager,access_estate_property_manager,model_estate_property,estate_group_manager,1,1,1,1
+access_estate_property_type_manager,access_estate_property_type_manager,model_estate_property_type,estate_group_manager,1,1,1,1
+access_estate_property_tag_manager,access_estate_property_tag_manager,model_estate_property_tag,estate_group_manager,1,1,1,1
+access_estate_property_offer_manager,access_estate_property_offer_manager,model_estate_property_offer,estate_group_manager,1,1,1,1
+access_estate_property_agent,access_estate_property_agent,model_estate_property,estate_group_user,1,1,1,0
+access_estate_property_type_agent,access_estate_property_type_agent,model_estate_property_type,estate_group_user,1,0,0,0
+access_estate_property_tag_agent,access_estate_property_tag_agent,model_estate_property_tag,estate_group_user,1,0,0,0
+access_estate_property_offer_agent,access_estate_property_offer_agent,model_estate_property_offer,estate_group_user,1,1,1,1
\ No newline at end of file
diff --git a/estate/security/security.xml b/estate/security/security.xml
new file mode 100644
index 0000000..211ad07
--- /dev/null
+++ b/estate/security/security.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+    <record id="base.module_category_real_estate_brokerage" model="ir.module.category" />
+
+    <record id="estate_group_user" model="res.groups">
+        <field name="name">Agent</field>
+        <field name="category_id" ref="base.module_category_real_estate_brokerage"/>
+    </record>
+
+    <record id="estate_group_manager" model="res.groups">
+        <field name="name">Manager</field>
+        <field name="category_id" ref="base.module_category_real_estate_brokerage"/>
+        <field name="implied_ids" eval="[(4, ref('estate.estate_group_user'))]"/>
+    </record>
+
+
+    <record id="rule_estate_property_agent_owner" model="ir.rule">
+        <field name="name">Restrict properties management for agents to their owners</field>
+        <field name="model_id" ref="model_estate_property"/>
+        <field name="perm_create" eval="False"/>
+        <field name="groups" eval="[(4, ref('estate.estate_group_user'))]"/>
+        <field name="domain_force">[
+            '|', ('salesman_id', '=', user.id),
+                 ('salesman_id', '=', False)
+        ]</field>
+    </record>
+
+    <record id="rule_estate_property_manager" model="ir.rule">
+        <field name="name">Manager rule</field>
+        <field name="model_id" ref="model_estate_property"/>
+        <field name="groups" eval="[Command.link(ref('estate.estate_group_manager'))]"/>
+        <field name="domain_force">[(1, '=', 1)]</field>
+    </record>
+
+    <record id="rule_estate_property_company" model="ir.rule">
+        <field name="name">Restrict properties management for agents of the property's company</field>
+        <field name="model_id" ref="model_estate_property"/>
+        <field name="global" eval="True"/>
+        <field name="domain_force">
+            [('company_id', 'in', company_ids)]
+        </field>
+    </record>
+
+</odoo>
\ No newline at end of file
diff --git a/estate/views/estate_menus.xml b/estate/views/estate_menus.xml
index 3961fcf..728e4fe 100644
--- a/estate/views/estate_menus.xml
+++ b/estate/views/estate_menus.xml
@@ -4,7 +4,7 @@
 	<menuitem id="estate_property_menu" name="Advertisements" parent="estate_menu_root" />
 	<menuitem id="estate_property_menu_action" action="estate_property_action" parent="estate_property_menu"/>
 
-	<menuitem id="estate_property_menu_settings" name="Settings" parent="estate_menu_root" />
+	<menuitem id="estate_property_menu_settings" name="Settings" parent="estate_menu_root" groups="estate.estate_group_manager"/>
 	<menuitem id="estate_property_type_menu_action" action="estate_property_type_action" name="Property Types" parent="estate_property_menu_settings"/>
 	<menuitem id="estate_property_tag_menu_action" action="estate_property_tag_action" name="Property Tags" parent="estate_property_menu_settings"/>
 </odoo>
\ No newline at end of file
diff --git a/estate/views/estate_property_views.xml b/estate/views/estate_property_views.xml
index 7481347..b1390bd 100644
--- a/estate/views/estate_property_views.xml
+++ b/estate/views/estate_property_views.xml
@@ -13,6 +13,7 @@
         <field name="arch" type="xml">
             <tree string="Properties"  decoration-success="state in ('offer_accepted', 'offer_received')" decoration-muted="state == 'sold'" decoration-bf="state == 'offer_accepted'" >
                 <field name="name" />
+                <field name="company_id" invisible="1" />
                 <field name="property_type_id" />
                 <field name="tag_ids" widget="many2many_tags" options="{'color_field': 'color'}" />
                 <field name="postcode" />
@@ -41,6 +42,7 @@
                         <field name="name" />
                     </h1>
                     <field name="tag_ids" widget="many2many_tags" options="{'color_field': 'color'}" />
+                    <field name="company_id" invisible="1" />
                     <group>
                         <group>
                             <field name="property_type_id" can_create="False" can_write="False" options="{'no_create': true, 'no_open': true}" />
@@ -88,6 +90,7 @@
         <field name="arch" type="xml">
             <search>
                 <field name="name" string="Title" />
+                <field name="company_id" invisible="1" />
                 <field name="postcode"/>
                 <field name="property_type_id" />
                 <field name="bedrooms"/>
@@ -111,6 +114,7 @@
                     <t t-name="kanban-box">
                         <div class="oe_kanban_global_click">
                             <h3><field name="name"/></h3>
+                            <field name="company_id" invisible="1" />
                             <p>
                                 Expected price : <field name="expected_price" /><br />
                                 <t t-if="record.best_price.raw_value > 0.00">Best offer : <field name="best_price" /><br /></t>
diff --git a/estate_account/models/estate_property.py b/estate_account/models/estate_property.py
index 01ffa08..a114d9a 100644
--- a/estate_account/models/estate_property.py
+++ b/estate_account/models/estate_property.py
@@ -9,6 +9,9 @@ class EstateProperty(models.Model):
         """
         Create an invoice when a property is sold
         """
+        self.check_access_rights('write')
+        self.check_access_rule('write')
+
         # Run the parent method first so that nothing is
         # invoiced if an error is raised
         parent = super().action_sold()
@@ -33,6 +36,6 @@ class EstateProperty(models.Model):
                 ],
                 }
             # Create the invoice
-            self.env['account.move'].create(vals)
+            self.env['account.move'].sudo().create(vals)
 
         return parent
\ No newline at end of file