-
Mitali Patel authored
Purpose ======= - Quickly share the url to someone else (a client, a colleague,...) - Ensure that the recipient can access at least the portal view of the shared record. - Typically used when a client cannot retrieve the mail to access his order. The share link can be used in this case. Specifications ============== For any object inheriting form portal.mixin: - Add a button SHARE (not visible in edit mode) - When clicking on this button, a popup opens with : - A warning message for tasks and projects only (see below) - the link (like in gmail) that can be copied - Recipients - mail composer (with preselected template) ==> see below - button [Send Link] [Copy Link] Discard - After sharing document, put internal note like "Document shared to xyz,...." with template message - Anyone with the link, even anonymous user (not logged in) can have access to the document with the access token provided in the url. Impacted models: - account.invoice (Community) - project.project (Community) - project.task (Community) - purchase.order (Community) - sale.order (Community) - helpdesk.ticket (Enterprise) Warning messages and access rules: Allowed : - SO canceled or draft will be accessible with the link with access_token - If the customer account is B2B (signup not enabled), the recipient will anyway see the document as the user specifically wants the recipient to see the document. Restrictions : - For Project and Task, if the privacy is not public, then, there is a contradiction between the access_token mechanism and the privacy of the document. - A warning message will be displayed in the share wizard to inform the user if the document cannot be visible by the recipients and to ask him to set the privacy to 'Visible by following customer'. The send button will, in that case, be hidden. - To avoid to block the share for a new project, default privacy value is now set to 'Visible by followong customer' Technical implementation ======================== - Move the access_token mechanism (field + methods + mail controller) to the portal.mixin to be able to use it in a generic way for each object inheriting the portal.mixin - Generalise a part of the _*model*_get_page_view_values method into a single one in portal - Generalize the _*model*_check_access into the portal controller of the portal module - Remove the init_column + default value for the access_token > old records have an access_token, > new one won't but it will be generated on demand via the get_access_token Done for performance reasons - Add share button into action menu separately. + kanban view context menu (except for task and project where button not in action menu but 'simple' button for task and project because other modules already provide action to send documents by email, which is not the case for project and task.) - Add a sign_token used to authentify the recipient in the portal view chatter, if any. The message will be posted as if the user was logged in. - Set the _get_share_url as private for security reason - Add a redirect parameter to _get_share_url to get If false : The direct portal view url If True : The redirect url (mail/view/?) - Cleaning up unnecessary code - Bug fix : - Before, if user was not logged and record had partner_id, if partner id was null, post message was done as admin. Now, the post message is done as public user. - If the user had an uid but had no access_token, he could be able to gain the access token of the record. check_access_rights was missing in the get_access_action. Task ID : 30985 Closes #2562984f528bc
