[14.0] add auth_res_users_apikeys_server_env

auth_res_users_apikeys_server_env/README.rst

@@ -0,0 +1,103 @@
+=====================================
+Auth Users API key server environment
+=====================================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:2c7e031d4a765b77b1cd162f11ba209e35cdc152033b1c6d11899e3b70398113
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+    :alt: License: LGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/14.0/auth_res_users_apikeys_server_env
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-14-0/server-auth-14-0-auth_res_users_apikeys_server_env
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=14.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+Configure API keys (`res.users.apikeys`) per environment.
+
+This can be very useful when other applications communicate with odoo
+over jsonrpc to avoid mixing your keys between various
+environments ie: when restoring Odoo production databases to staging/tests/dev environments.
+
+This module let change the scope of your API keys in user form view. This module expect scope
+set to `rpc_<env>` where `<env>` is the `running_env` used by `server_environment` module.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+
+* got to the user preference form
+* add new keys for each env on production databases
+* set scope of each key regarding target environment with template: `rpc_<env>`
+  where `<env>` is the `running_env` used by `server_environment` module.
+
+only api key matching this env would works.
+
+.. note::
+
+    If you keep scope as empty string you would get default behavior and match any env
+.. warning::
+
+    Unfortunately as key are already encrypted and key field not expose to the ORM
+    on base module we can't configure key in config files as it would be with
+    server_environment and server_environment_data_encryption
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_res_users_apikeys_server_env%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Camptocamp
+
+Contributors
+~~~~~~~~~~~~
+
+* Pierre Verkest <[email protected]>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/14.0/auth_res_users_apikeys_server_env>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_res_users_apikeys_server_env/__init__.py

@@ -0,0 +1 @@
+from . import models

auth_res_users_apikeys_server_env/__manifest__.py

@@ -0,0 +1,19 @@
+# Copyright 2021 Camptocamp SA
+# @author: Simone Orsi <[email protected]>
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+{
+    "name": "Auth Users API key server environment",
+    "summary": """
+Configure user api keys (`res.users.apikeys`) via server env.
+    """,
+    "version": "14.0.1.1.0",
+    "license": "LGPL-3",
+    "website": "https://github.com/OCA/server-auth",
+    "author": "Camptocamp,Odoo Community Association (OCA)",
+    "depends": ["base", "server_environment"],
+    "data": [
+        "security/ir.model.access.csv",
+        "views/res_users_apikeys.xml",
+    ],
+}

auth_res_users_apikeys_server_env/models/__init__.py

@@ -0,0 +1,2 @@
+from . import res_users_apikeys
+from . import res_users

auth_res_users_apikeys_server_env/models/res_users.py

@@ -0,0 +1,29 @@
+# Copyright 2018 ACSONE SA/NV
+# Copyright 2021 Camptocamp SA
+# @author: Simone Orsi <[email protected]>
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+
+from odoo import models
+from odoo.exceptions import AccessDenied
+from odoo.tools.config import config
+
+
+class ResUsers(models.Model):
+
+    _inherit = "res.users"
+
+    def _check_credentials(self, password, user_agent_env):
+        try:
+            return super()._check_credentials(password, user_agent_env)
+        except AccessDenied:
+            pass
+        if (
+            self.env["res.users.apikeys"]._check_credentials(
+                scope=f'rpc_{config.get("running_env", "test")}', key=password
+            )
+            == self.env.uid
+        ):
+            return self.env.uid
+
+        raise AccessDenied()

auth_res_users_apikeys_server_env/models/res_users_apikeys.py

@@ -0,0 +1,12 @@
+# Copyright 2023 Foodles
+# @author: Pierre Verkest <[email protected]>
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+
+from odoo import fields, models
+
+
+class ResUsersAPIKeys(models.Model):
+    _inherit = "res.users.apikeys"
+
+    scope = fields.Char(readonly=False)

auth_res_users_apikeys_server_env/readme/CONFIGURE.rst

@@ -0,0 +1,16 @@
+
+* got to the user preference form
+* add new keys for each env on production databases
+* set scope of each key regarding target environment with template: `rpc_<env>`
+  where `<env>` is the `running_env` used by `server_environment` module.
+
+only api key matching this env would works.
+
+.. note::
+
+    If you keep scope as empty string you would get default behavior and match any env
+.. warning::
+
+    Unfortunately as key are already encrypted and key field not expose to the ORM
+    on base module we can't configure key in config files as it would be with
+    server_environment and server_environment_data_encryption

auth_res_users_apikeys_server_env/readme/CONTRIBUTORS.rst

@@ -0,0 +1 @@
+* Pierre Verkest <[email protected]>

auth_res_users_apikeys_server_env/readme/DESCRIPTION.rst

@@ -0,0 +1,8 @@
+Configure API keys (`res.users.apikeys`) per environment.
+
+This can be very useful when other applications communicate with odoo
+over jsonrpc to avoid mixing your keys between various
+environments ie: when restoring Odoo production databases to staging/tests/dev environments.
+
+This module let change the scope of your API keys in user form view. This module expect scope
+set to `rpc_<env>` where `<env>` is the `running_env` used by `server_environment` module.

auth_res_users_apikeys_server_env/security/ir.model.access.csv

@@ -0,0 +1,2 @@
+"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
+"access_res_users_apikeys_admin","API user key managed by admin",model_res_users_apikeys,base.group_system,1,1,1,1