Skip to content

Latest commit

 

History

History

spp_user_roles

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

OpenSPP User Roles

Beta License: LGPL-3 OpenSPP/openspp-modules

OpenSPP User Roles

Overview

The spp_user_roles module enhances the user role management capabilities of OpenSPP, providing a more granular and context-aware approach to user permissions. It builds upon the base user role system in Odoo and introduces the concept of "local" roles, allowing administrators to assign permissions based on specific geographical areas.

Purpose

This module aims to:

  • Define Local Roles: Introduce the concept of roles that are specific to a particular geographical area (e.g., Center Area).
  • Restrict User Access: Limit the access of users with local roles to data and operations within their assigned areas.
  • Enhance Data Security: Improve data security by ensuring that users can only view and modify information relevant to their assigned locations.

Dependencies and Integration

  1. G2P Registry: Base (g2p_registry_base): This module indirectly depends on the res.partner model from the G2P Registry: Base module, as it modifies the access rules for registrant data based on a user's assigned areas.
  2. G2P Registry: Group (g2p_registry_group): Similar to the Base module, it impacts access to group registrant data based on area assignments.
  1. OpenSPP Area (spp_area): The module heavily relies on the area hierarchy defined in the spp_area module. Local roles are directly associated with specific areas, and user access is restricted accordingly.
  2. OpenSPP ID Queue (spp_idqueue): Integrates with the ID Queue module to control access to ID card requests and batches based on area assignments, ensuring that users only manage requests originating from their designated locations.
  3. Base User Role (base_user_role): Extends the base Odoo module for user role management, inheriting its core functionalities and adding the area-based restrictions.

Additional Functionality

  • Role Type (role_type):
    • Adds a new field to the res.users.role model to distinguish between "global" roles (with system-wide access) and "local" roles (restricted to specific areas).
  • Local Area (local_area_id):
    • Introduces a field in the res.users.role.line model to associate local roles with specific areas.
    • This field is only visible and editable for roles marked as "local."
  • Center Area IDs (center_area_ids):
    • Adds a computed field to the res.users model to store the areas assigned to a user through their local roles.
  • Area-Based Data Filtering:
    • Modifies the search methods for models like res.partner to automatically include area-based filters when accessed by users with local roles.
    • Ensures that users only see data relevant to their assigned areas.
  • API Integration:
    • Integrates with the OpenSPP API to enforce area-based access control for API requests.
    • API responses for users with local roles are automatically filtered to include only data within their authorized locations.

Conclusion

The spp_user_roles module significantly enhances the security and granularity of user permissions in OpenSPP. By introducing local roles and area-based access control, it ensures that users can only access and manage information within their designated geographical areas. This is particularly crucial for large-scale programs with decentralized operations, where different teams or individuals are responsible for specific regions.

Table of contents

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed feedback.

Do not contact contributors directly about support or help with technical issues.

Credits

Authors

  • OpenSPP.org

Maintainers

Current maintainers:

jeremi gonzalesedwin1123

This module is part of the OpenSPP/openspp-modules project on GitHub.

You are welcome to contribute.