Metadata-Version: 2.1
Name: odoo-addon-model_access_restriction
Version: 16.0.1.0.0.1
Summary: New type of access rule to restrict permissions based on groups
Home-page: https://github.com/sygel-technology/sy-server-backend
Author: Sygel, Odoo Community Association (OCA)
Author-email: support@odoo-community.org
License: AGPL-3
Classifier: Programming Language :: Python
Classifier: Framework :: Odoo
Classifier: Framework :: Odoo :: 16.0
Classifier: License :: OSI Approved :: GNU Affero General Public License v3
Requires-Python: >=3.10
Requires-Dist: odoo<16.1dev,>=16.0a

========================
Model Access Restriction
========================

.. 
   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   !! This file is generated by oca-gen-addon-readme !!
   !! changes will be overwritten.                   !!
   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   !! source digest: sha256:0c055b65752326d4ef6893093f454c8b73a50bca341357353ae6fee60e3d0fc7
   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
    :target: https://odoo-community.org/page/development-status
    :alt: Beta
.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
    :alt: License: AGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-sygel--technology%2Fsy--server--backend-lightgray.png?logo=github
    :target: https://github.com/sygel-technology/sy-server-backend/tree/16.0/model_access_restriction
    :alt: sygel-technology/sy-server-backend

|badge1| |badge2| |badge3|

This module adds a new model to configure Odoo permissions, the "Model
Access Restrictions"

This model allows to restrict the access to a model for all users except
the ones that belong to at least one group of a list of allowed groups.

While Odoo's default access rules provide permissions, and having one
already gives you access, these new rules remove them, and failing to
comply with one restricts your access.

**Table of contents**

.. contents::
   :local:

Configuration
=============

To configure this module, you need to:

- Go to Settings / Technical / Security / Model Access Restrictions
- Create a new access restriction
- Select the model to restrict the access
- Select the operations the rule applies to. If the operation is not
  selected the restriction won't apply to that operation which means
  users will access the model as always.
- Select the groups that will have access to the model. The rest of
  groups will have the access disabled.

**Interaction between access records**

Normal access records give permissions. Access restriction records
remove permissions. If a user does not have one group of a restriction,
the access will be forbidden.

Detailed algorithm:

1. Normal access records are combined together with a logical OR
   operator. If a user has the group of an access record, access will be
   granted.
2. Access restriction records are applied before normal access, and
   combined together with a logical AND operator. If a restriction is
   not met, the access is forbidden.
3. A restriction is not met if the user does not belong to any of the
   allowed groups.

Example:
``ACCESS_1 OR ACCESS_2 AND (ACCESS_RESTRICTION_1 AND ACCESS_RESTRICTION_2)``

- ACCESS_1: Group: Internal Users
- ACCESS_2 Group: Administrator
- \***\*: Allowed Groups: Internal Users
- ACCESS_RESTRICTION_2 Allowed Groups: Administrator

| An internal user won't have access in this example because they do not
  meet the requirement of ACCESS_RESTRICTION_2.
| ``TRUE OR FALSE AND (TRUE AND FALSE) = TRUE AND (FALSE) = FALSE``

Bug Tracker
===========

Bugs are tracked on `GitHub Issues <https://github.com/sygel-technology/sy-server-backend/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/sygel-technology/sy-server-backend/issues/new?body=module:%20model_access_restriction%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.

Do not contact contributors directly about support or help with technical issues.

Credits
=======

Authors
-------

* Sygel

Contributors
------------

- `Sygel <https://www.sygel.es>`__:

  - Alberto Martínez
  - Manuel Regidor
  - Valentin Vinagre
  - Harald Panten

Maintainers
-----------

.. |maintainer-tisho99| image:: https://github.com/tisho99.png?size=40px
    :target: https://github.com/tisho99
    :alt: tisho99

Current maintainer:

|maintainer-tisho99| 

This module is part of the `sygel-technology/sy-server-backend <https://github.com/sygel-technology/sy-server-backend/tree/16.0/model_access_restriction>`_ project on GitHub.

You are welcome to contribute.
