Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[17.0][ADD] hr_attendance_ip_check #168

Open
wants to merge 5 commits into
base: 17.0
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ addon | version | maintainers | summary
--- | --- | --- | ---
[hr_attendance_calendar_view](hr_attendance_calendar_view/) | 17.0.1.0.0 | | This module adds the calendar view as an option to display attendance
[hr_attendance_reason](hr_attendance_reason/) | 17.0.1.0.0 | | HR Attendance Reason
[hr_attendance_ip_check](hr_attendance_ip_check/) | 17.0.1.0.0 | | Allow attendance check in from specified ip networks only.

[//]: # (end addons)

Expand Down
86 changes: 86 additions & 0 deletions hr_attendance_ip_check/README.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
======================
HR Attendance IP Check
======================

..
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:9c42d93221a4eaaee6cef7fc24f794aa874329b16f87e541023fff7a066eac98
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
:target: https://odoo-community.org/page/development-status
:alt: Beta
.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
:target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
:alt: License: AGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fhr--attendance-lightgray.png?logo=github
:target: https://github.com/OCA/hr-attendance/tree/17.0/hr_attendance_ip_check
:alt: OCA/hr-attendance
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
:target: https://translation.odoo-community.org/projects/hr-attendance-17-0/hr-attendance-17-0-hr_attendance_ip_check
:alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
:target: https://runboat.odoo-community.org/builds?repo=OCA/hr-attendance&target_branch=17.0
:alt: Try me on Runboat

|badge1| |badge2| |badge3| |badge4| |badge5|

Allow attendance check in from specified ip networks only.

**Table of contents**

.. contents::
:local:

Bug Tracker
===========

Bugs are tracked on `GitHub Issues <https://github.com/OCA/hr-attendance/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/OCA/hr-attendance/issues/new?body=module:%20hr_attendance_ip_check%0Aversion:%2017.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.

Do not contact contributors directly about support or help with technical issues.

Credits
=======

Authors
-------

* Mint System GmbH

Contributors
------------

- Janik von Rotz [email protected]
- Son Ho [email protected]

Other credits
-------------

The original development of this module has been done by Mint System. It
can be found in:
https://github.com/Mint-System/Odoo-Apps-HR/tree/15.0/hr_attendance_ip_check

This module has been ported to the OCA with their agreement.

Maintainers
-----------

This module is maintained by the OCA.

.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org

OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.

This module is part of the `OCA/hr-attendance <https://github.com/OCA/hr-attendance/tree/17.0/hr_attendance_ip_check>`_ project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
1 change: 1 addition & 0 deletions hr_attendance_ip_check/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
from . import models
19 changes: 19 additions & 0 deletions hr_attendance_ip_check/__manifest__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Copyright 2024 Janik von Rotz <[email protected]>
# Copyright 2024 Camptocamp
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
{
"name": "HR Attendance IP Check",
"summary": """
Allow attendance check in from specified ip networks only.
""",
"author": "Mint System GmbH, Odoo Community Association (OCA)",
"website": "https://github.com/OCA/hr-attendance",
"category": "Technical",
"version": "17.0.1.0.0",
"license": "AGPL-3",
"depends": ["hr_attendance"],
"data": ["views/attendance_cidr.xml", "security/ir.model.access.csv"],
"application": False,
"auto_install": False,
"images": ["images/screen.png"],
}
119 changes: 119 additions & 0 deletions hr_attendance_ip_check/i18n/de.po
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
# Translation of Odoo Server.
# This file contains the translation of the following modules:
# * hr_attendance_ip_check
#
msgid ""
msgstr ""
"Project-Id-Version: Odoo Server 15.0+e\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2023-02-22 10:08+0000\n"
"PO-Revision-Date: 2023-02-22 10:08+0000\n"
"Last-Translator: \n"
"Language-Team: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: \n"
"Plural-Forms: \n"

#. module: hr_attendance_ip_check
#: model_terms:ir.ui.view,arch_db:hr_attendance_ip_check.view_form
#: model_terms:ir.ui.view,arch_db:hr_attendance_ip_check.view_tree
msgid "192.168.2.0/24"
msgstr ""

#. module: hr_attendance_ip_check
#: model:ir.model,name:hr_attendance_ip_check.model_attendance_cidr
msgid "Allowed Attendance CIDR"
msgstr "Erlaube Anwesenheit CIDR"

#. module: hr_attendance_ip_check
#: model:ir.model,name:hr_attendance_ip_check.model_hr_attendance
msgid "Attendance"
msgstr "Anwesenheit"

#. module: hr_attendance_ip_check
#: model:ir.model.fields,field_description:hr_attendance_ip_check.field_hr_employee__attendance_cidr_ids
msgid "Attendance Cidr"
msgstr ""

#. module: hr_attendance_ip_check
#: model:ir.actions.act_window,name:hr_attendance_ip_check.ir_attendance_cidr_act
#: model:ir.ui.menu,name:hr_attendance_ip_check.menu_ir_attendance_cidr
msgid "Attendance IP Check"
msgstr "Anwesenheit IP Check"

#. module: hr_attendance_ip_check
#: model:ir.model.fields,field_description:hr_attendance_ip_check.field_attendance_cidr__cidr
msgid "CIDR"
msgstr ""

#. module: hr_attendance_ip_check
#: model:ir.model.fields,help:hr_attendance_ip_check.field_attendance_cidr__single_check
msgid "Check if CIDR should no be combined with other CIDRs."
msgstr "Aktiveren wenn die CIDR nicht mit anderen CIDRs kombiniert werden soll."

#. module: hr_attendance_ip_check
#: model:ir.model.fields,field_description:hr_attendance_ip_check.field_attendance_cidr__create_uid
msgid "Created by"
msgstr ""

#. module: hr_attendance_ip_check
#: model:ir.model.fields,field_description:hr_attendance_ip_check.field_attendance_cidr__create_date
msgid "Created on"
msgstr ""

#. module: hr_attendance_ip_check
#: model:ir.model.fields,field_description:hr_attendance_ip_check.field_attendance_cidr__display_name
msgid "Display Name"
msgstr ""

#. module: hr_attendance_ip_check
#: model:ir.model,name:hr_attendance_ip_check.model_hr_employee
msgid "Employee"
msgstr "Mitarbeiter"

#. module: hr_attendance_ip_check
#: model:ir.model.fields,field_description:hr_attendance_ip_check.field_attendance_cidr__employee_ids
msgid "Employees"
msgstr "Mitarbeitende"

#. module: hr_attendance_ip_check
#: model:ir.model.fields,field_description:hr_attendance_ip_check.field_attendance_cidr__id
msgid "ID"
msgstr ""

#. module: hr_attendance_ip_check
#: model:ir.model.fields,field_description:hr_attendance_ip_check.field_attendance_cidr____last_update
msgid "Last Modified on"
msgstr ""

#. module: hr_attendance_ip_check
#: model:ir.model.fields,field_description:hr_attendance_ip_check.field_attendance_cidr__write_uid
msgid "Last Updated by"
msgstr ""

#. module: hr_attendance_ip_check
#: model:ir.model.fields,field_description:hr_attendance_ip_check.field_attendance_cidr__write_date
msgid "Last Updated on"
msgstr ""

#. module: hr_attendance_ip_check
#: code:addons/hr_attendance_ip_check/models/hr_employee.py:0
#, python-format
msgid ""
"Not allowed to create new attendance record for %(empl_name)s, the client ip"
" is not in the list of allowed ip networks."
msgstr ""
"Die Erstellung von neuen Anwesenheits-Einträgen ist für %(empl_name)s nicht "
"erlaubt, die Client-IP ist nicht in der Liste der erlaubt IP-Netzwerken."

#. module: hr_attendance_ip_check
#: model:ir.model.fields,field_description:hr_attendance_ip_check.field_attendance_cidr__single_check
msgid "Single Check"
msgstr "Einzelprüfung"

#. module: hr_attendance_ip_check
#: code:addons/hr_attendance_ip_check/models/allowed_cidrs.py:0
#, python-format
msgid "This is not a valid CIDR."
msgstr "Das ist keine valide CIDR."
Binary file added hr_attendance_ip_check/images/screen.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
3 changes: 3 additions & 0 deletions hr_attendance_ip_check/models/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
from . import allowed_cidrs
from . import hr_employee
from . import hr_attendance
32 changes: 32 additions & 0 deletions hr_attendance_ip_check/models/allowed_cidrs.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Copyright 2024 Janik von Rotz <[email protected]>
# Copyright 2024 Camptocamp
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
import ipaddress
import logging

from odoo import _, api, fields, models
from odoo.exceptions import ValidationError

_logger = logging.getLogger(__name__)


class AttendanceCidr(models.Model):
_name = "attendance.cidr"
_description = "Allowed Attendance CIDR"
_rec_name = "cidr"

employee_ids = fields.Many2many(
"hr.employee", string="Employees", ondelete="restrict"
)
cidr = fields.Char(string="CIDR")
single_check = fields.Boolean(
help="Check if CIDR should no be combined with other CIDRs."
)

@api.constrains("cidr")
def _validate_cidr(self):
for rec in self:
try:
ipaddress.IPv4Network(rec.cidr)
except Exception:
raise ValidationError(_("This is not a valid CIDR.")) from None
14 changes: 14 additions & 0 deletions hr_attendance_ip_check/models/hr_attendance.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Copyright 2024 Janik von Rotz <[email protected]>
# Copyright 2024 Camptocamp
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
from odoo import api, models


class HrAttendance(models.Model):
_inherit = "hr.attendance"

@api.constrains("check_in", "check_out", "employee_id")
def _check_validity(self):
for attendance in self:
attendance.employee_id._attendance_ip_check()
return super()._check_validity()
60 changes: 60 additions & 0 deletions hr_attendance_ip_check/models/hr_employee.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
# Copyright 2024 Janik von Rotz <[email protected]>
# Copyright 2024 Camptocamp
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
import ipaddress
import logging

from odoo import _, exceptions, fields, models
from odoo.http import request
from odoo.tools import config

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
from odoo.tools import config

_logger = logging.getLogger(__name__)


class HrEmployee(models.Model):
_inherit = "hr.employee"

attendance_cidr_ids = fields.Many2many("attendance.cidr", ondelete="restrict")

def _attendance_ip_check(self):
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When called this method is doing several calls on self but it can be a recordset and will lead to failures

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Branch updated, please check again

"""Return if client ip is not in totp cidrs."""
test_enable = config["test_enable"]
# Get remote ip
if test_enable:
ip_address = ipaddress.IPv4Address("127.0.0.1")
else:
ip_address = ipaddress.IPv4Address(

Check warning on line 26 in hr_attendance_ip_check/models/hr_employee.py

View check run for this annotation

Codecov / codecov/patch

hr_attendance_ip_check/models/hr_employee.py#L26

Added line #L26 was not covered by tests
request.httprequest.environ["REMOTE_ADDR"]
)

# Get cidrs from employees
employee_cidrs = self.sudo().attendance_cidr_ids

# Get single check cidrs
allowed_cidrs = employee_cidrs.filtered("single_check")[:1]

# Combine global and employee cidrs
if not allowed_cidrs:
allowed_cidrs = self.env["attendance.cidr"].search(
[("employee_ids", "=", False)]
)
allowed_cidrs += employee_cidrs

# Chech if ip is in allowed_cidrs
in_cidr = any(
ip_address in cidr
for cidr in allowed_cidrs.mapped(lambda r: ipaddress.IPv4Network(r.cidr))
)

# Raise exception if there is a cidr list and the client ip is not in cidr
if allowed_cidrs and not in_cidr:
raise exceptions.ValidationError(

Check warning on line 51 in hr_attendance_ip_check/models/hr_employee.py

View check run for this annotation

Codecov / codecov/patch

hr_attendance_ip_check/models/hr_employee.py#L51

Added line #L51 was not covered by tests
_(
"Not allowed to create new attendance record for "
"%(empl_name)s, the client ip is not in the "
"list of allowed ip networks."
)
% {
"empl_name": self.name,
}
)
3 changes: 3 additions & 0 deletions hr_attendance_ip_check/pyproject.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
[build-system]
requires = ["whool"]
build-backend = "whool.buildapi"
2 changes: 2 additions & 0 deletions hr_attendance_ip_check/readme/CONTRIBUTORS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
* Janik von Rotz <[email protected]>
* Son Ho <[email protected]>
5 changes: 5 additions & 0 deletions hr_attendance_ip_check/readme/CREDITS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@

The original development of this module has been done by Mint System.
It can be found in: https://github.com/Mint-System/Odoo-Apps-HR/tree/15.0/hr_attendance_ip_check

This module has been ported to the OCA with their agreement.
1 change: 1 addition & 0 deletions hr_attendance_ip_check/readme/DESCRIPTION.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Allow attendance check in from specified ip networks only.
3 changes: 3 additions & 0 deletions hr_attendance_ip_check/security/ir.model.access.csv
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_attendance_cidr_user,access_attendance_cidr_user,hr_attendance_ip_check.model_attendance_cidr,base.group_user,1,0,0,0
access_attendance_cidr_admin,access_attendance_cidr_admin,hr_attendance_ip_check.model_attendance_cidr,base.group_system,1,1,1,1
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Loading