[MIG] base_user_role_company: migrate to 19.0

- Replace groups_id with group_ids in views/actions
- Bump version to 19.0.1.0.0; adjust manifests/assets
- Use env attributes and Domain expressions
- Adopt new Constraint/Index APIs where applicable

Functional changes

Author: Milan Topuzov

base_user_role_company/controllers/main.py

@@ -8,9 +8,10 @@
 
 class HomeExtended(Home):
     @http.route()
-    def web_load_menus(self, unique):
-        response = super().web_load_menus(unique)
+    def web_load_menus(self, *args, **kwargs):
+        response = super().web_load_menus(*args, **kwargs)
         # On logout & re-login we could see wrong menus being rendered
         # To avoid this, menu http cache must be disabled
-        response.headers.remove("Cache-Control")
+        # Using .pop() as Werkzeug Headers no longer supports __delitem__ (del)
+        response.headers.pop("Cache-Control", None)
         return response

base_user_role_company/models/ir_http.py

@@ -8,13 +8,13 @@
 class IrHttp(models.AbstractModel):
     _inherit = "ir.http"
 
-    def session_info(self):
+    def session_info(self, *args, **kwargs):
         """
         Based on the selected companies (cids),
         calculate the roles to enable.
         A role should be enabled only when it applies to all selected companies.
         """
-        result = super().session_info()
+        result = super().session_info(*args, **kwargs)
         if self.env.user.role_line_ids:
             cids_str = request.httprequest.cookies.get("cids", str(self.env.company.id))
             cids = [int(cid) for cid in cids_str.split("-")]

base_user_role_company/models/role.py

@@ -28,15 +28,15 @@ def _check_company(self):
                 raise ValidationError(
                     self.env._(
                         'User "%(user)s" does not have access to the company '
-                        '"%(company)s"'
+                        '"%(company)s"',
+                        user=record.user_id.name,
+                        company=record.company_id.name,
                     )
-                    % {"user": record.user_id.name, "company": record.company_id.name}
                 )
 
-    _sql_constraints = [
-        (
-            "user_role_uniq",
-            "unique (user_id,role_id,company_id)",
-            "Roles can be assigned to a user only once at a time",
-        )
-    ]
+    # Override parent unique constraint to allow the same role multiple times
+    # for a user, provided company_id differs.
+    _user_role_uniq = models.Constraint(
+        "UNIQUE (user_id, role_id, company_id)",
+        "Roles can be assigned to a user only once at a time",
+    )

base_user_role_company/models/user.py

@@ -7,20 +7,18 @@
 class ResUsers(models.Model):
     _inherit = "res.users"
 
-    @classmethod
-    def authenticate(cls, db, credential, user_agent_env):
-        auth_info = super().authenticate(db, credential, user_agent_env)
-        # On login, ensure the proper roles are applied
-        # The last Role applied may not be the correct one,
-        # sonce the new session current company can be different
-        with cls.pool.cursor() as cr:
-            env = api.Environment(cr, auth_info["uid"], {})
+    def authenticate(self, *args, **kwargs):
+        auth_info = super().authenticate(*args, **kwargs)
+        # Ensure proper roles are applied for the logged-in user
+        uid = auth_info.get("uid") if isinstance(auth_info, dict) else None
+        if uid:
+            env = api.Environment(self.env.cr, uid, {})
             if env.user.role_line_ids:
                 env.user.set_groups_from_roles()
         return auth_info
 
-    def _get_enabled_roles(self):
-        res = super()._get_enabled_roles()
+    def _get_enabled_roles(self, *args, **kwargs):
+        res = super()._get_enabled_roles(*args, **kwargs)
         if self.role_line_ids:
             active_roles = self.env["res.users.role.line"]
             if self.env.context.get("active_company_ids"):
@@ -32,8 +30,9 @@ def _get_enabled_roles(self):
                     active_roles |= role_line
                 elif role_line.company_id.id in company_ids:
                     role_line_companies = self.role_line_ids.filtered(
-                        lambda x, rl=role_line: x.role_id == rl.role_id
-                        and x.company_id.id in company_ids
+                        lambda x, rl=role_line: (
+                            x.role_id == rl.role_id and x.company_id.id in company_ids
+                        )
                     )
                     if len(role_line_companies) == len(company_ids):
                         active_roles |= role_line

base_user_role_company/tests/__init__.py

@@ -1,2 +1,3 @@
 from . import test_role_per_company
 from . import test_use_only_enabled_roles
+from . import test_load_menus

base_user_role_company/tests/test_load_menus.py

@@ -0,0 +1,14 @@
+# Copyright 2026 Open Source Integrators
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+from odoo.tests.common import HttpCase
+
+
+class LoadMenusTests(HttpCase):
+    def setUp(self):
+        super().setUp()
+        self.authenticate("admin", "admin")
+
+    def test_load_menus(self):
+        # expect no errors on HomeExtended.web_load_menus controller
+        self.url_open("/web/webclient/load_menus")

base_user_role_company/tests/test_role_per_company.py

@@ -1,6 +1,7 @@
 # Copyright 2021 Open Source Integrators
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
 
+from odoo.exceptions import ValidationError
 from odoo.tests.common import TransactionCase
 
 
@@ -11,6 +12,7 @@ def setUp(self):
         self.Company = self.env["res.company"]
         self.company1 = self.env.ref("base.main_company")
         self.company2 = self.Company.create({"name": "company2"})
+        self.company3 = self.Company.create({"name": "company3"})
         # GROUPS for roles
         self.groupA = self.env.ref("base.group_user")
         self.groupB = self.env.ref("base.group_system")
@@ -49,15 +51,15 @@ def test_110_company_1(self):
             active_company_ids=self.company1.ids
         ).set_groups_from_roles()
         expected = self.groupA | self.groupB | self.groupC
-        found = self.test_user.groups_id.filtered(lambda x: x in expected)
+        found = self.test_user.group_ids.filtered(lambda x: x in expected)
         self.assertEqual(expected, found)
 
     def test_120_company_2(self):
         "Company 2 selected: Roles A and C are enabled"
         self.test_user.with_context(
             active_company_ids=self.company2.ids
         ).set_groups_from_roles()
-        enabled = self.test_user.groups_id
+        enabled = self.test_user.group_ids
         expected = self.groupA | self.groupC
         found = enabled.filtered(lambda x: x in expected)
         self.assertEqual(expected, found)
@@ -71,11 +73,24 @@ def test_130_all_company(self):
         self.test_user.with_context(
             active_company_ids=[self.company1.id, self.company2.id]
         ).set_groups_from_roles()
-        enabled = self.test_user.groups_id
+        enabled = self.test_user.group_ids
         expected = self.groupA | self.groupC
         found = enabled.filtered(lambda x: x in expected)
         self.assertEqual(expected, found)
 
         not_expected = self.groupB
         found = enabled.filtered(lambda x: x in not_expected)
         self.assertFalse(found)
+
+    def test_140_company_3(self):
+        "Company 3 selected: ValidationError"
+        user_vals = {
+            "name": "ROLES TEST USER 2",
+            "login": "test_user_2",
+            "company_ids": [(6, 0, [self.company1.id, self.company2.id])],
+            "role_line_ids": [
+                (0, 0, {"role_id": self.roleA.id, "company_id": self.company3.id}),
+            ],
+        }
+        with self.assertRaises(ValidationError):
+            self.User.create(user_vals)

base_user_role_company/tests/test_use_only_enabled_roles.py

@@ -46,7 +46,7 @@ def test_110_enabled_role_is_used(self):
             active_company_ids=self.company1.ids
         ).set_groups_from_roles()
         expected = self.groupA | self.groupB
-        found = self.test_user.groups_id.filtered(lambda x: x in expected)
+        found = self.test_user.group_ids.filtered(lambda x: x in expected)
         self.assertEqual(expected, found)
 
     def test_120_disabled_role_is_not_used(self):
@@ -58,5 +58,5 @@ def test_120_disabled_role_is_not_used(self):
             active_company_ids=self.company1.ids
         ).set_groups_from_roles()
         expected = self.groupA
-        found = self.test_user.groups_id.filtered(lambda x: x in expected)
+        found = self.test_user.group_ids.filtered(lambda x: x in expected)
         self.assertEqual(expected, found)