[18.0][ADD] base_tier_validation_authentication_confirm

base_tier_validation_authentication_confirm/README.rst

@@ -0,0 +1,87 @@
+===========================================
+Base Tier Validation Authentication Confirm
+===========================================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:dc29a5a30d78467106dfe713b562de411e73d395f4ee15536d189548d1e43631
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--ux-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-ux/tree/18.0/base_tier_validation_authentication_confirm
+    :alt: OCA/server-ux
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-ux-18-0/server-ux-18-0-base_tier_validation_authentication_confirm
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-ux&target_branch=18.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+Allows to add an authentication check to tier validation, where the user
+must confirm his authentication in order to approve or reject the tier
+review.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Configuration
+=============
+
+To configure this module, you need to:
+
+1. Go to *Settings > Technical > Tier Validations > Tier Definition >
+   Select one tier definition*.
+2. Mark "Require Authentication" field.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-ux/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-ux/issues/new?body=module:%20base_tier_validation_authentication_confirm%0Aversion:%2018.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* ForgeFlow
+
+Contributors
+------------
+
+- Arnau Cruz arnau.cruz@forgeflow.com
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-ux <https://github.com/OCA/server-ux/tree/18.0/base_tier_validation_authentication_confirm>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

base_tier_validation_authentication_confirm/__init__.py

@@ -0,0 +1,2 @@
+from . import models
+from . import wizards

base_tier_validation_authentication_confirm/__manifest__.py

@@ -0,0 +1,17 @@
+# Copyright 2026 ForgeFlow S.L. (https://www.forgeflow.com)
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+{
+    "name": "Base Tier Validation Authentication Confirm",
+    "summary": "Authentication confirmation for base tiers.",
+    "version": "18.0.1.0.0",
+    "category": "Tools",
+    "website": "https://github.com/OCA/server-ux",
+    "author": "ForgeFlow, Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "depends": ["base_tier_validation"],
+    "data": [
+        "views/tier_definition_view.xml",
+    ],
+    "application": False,
+    "installable": True,
+}

base_tier_validation_authentication_confirm/models/__init__.py

@@ -0,0 +1,4 @@
+from . import tier_definition
+from . import tier_review
+from . import tier_validation
+from . import res_users

base_tier_validation_authentication_confirm/models/res_users.py

@@ -0,0 +1,57 @@
+# Copyright 2026 ForgeFlow S.L. (https://www.forgeflow.com)
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+import json
+from functools import wraps
+
+from odoo import _
+from odoo.exceptions import UserError
+from odoo.http import request
+
+
+def _jsonable(o):
+    try:
+        json.dumps(o)
+    except TypeError:
+        return False
+    else:
+        return True
+
+
+def check_authentication(fn):
+    @wraps(fn)
+    def wrapped(self, *args, **kwargs):
+        if not request:
+            raise UserError(_("This method can only be accessed over HTTP"))
+
+        if self.env.context.get("identity_checked"):
+            return fn(self, *args, **kwargs)
+
+        ctx = self.env.context.copy()
+        ctx["identity_checked"] = True
+
+        safe_context = {k: v for k, v in ctx.items() if _jsonable(v)}
+
+        w = (
+            self.sudo()
+            .env["res.users.identitycheck"]
+            .create(
+                {
+                    "request": json.dumps(
+                        [safe_context, self._name, self.ids, fn.__name__, args, kwargs]
+                    )
+                }
+            )
+        )
+
+        return {
+            "type": "ir.actions.act_window",
+            "res_model": "res.users.identitycheck",
+            "res_id": w.id,
+            "name": _("Security Control"),
+            "target": "new",
+            "views": [(False, "form")],
+        }
+
+    wrapped.__has_check_identity = True
+    return wrapped

base_tier_validation_authentication_confirm/models/tier_definition.py

@@ -0,0 +1,14 @@
+# Copyright 2026 ForgeFlow S.L. (https://www.forgeflow.com)
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import fields, models
+
+
+class TierDefinition(models.Model):
+    _inherit = "tier.definition"
+
+    require_authentication = fields.Boolean(
+        help="If enabled, the user will be asked to authenticate "
+        "himself in order to validate or reject the tier.",
+        default=False,
+    )

base_tier_validation_authentication_confirm/models/tier_review.py

@@ -0,0 +1,12 @@
+# Copyright 2026 ForgeFlow S.L. (https://www.forgeflow.com)
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import fields, models
+
+
+class TierReview(models.Model):
+    _inherit = "tier.review"
+
+    require_authentication = fields.Boolean(
+        related="definition_id.require_authentication", readonly=True
+    )

base_tier_validation_authentication_confirm/models/tier_validation.py

@@ -0,0 +1,40 @@
+# Copyright 2026 ForgeFlow S.L. (https://www.forgeflow.com)
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import fields, models
+
+from .res_users import check_authentication
+
+
+class TierValidation(models.AbstractModel):
+    _inherit = "tier.validation"
+
+    require_authentication = fields.Boolean(compute="_compute_require_authentication")
+
+    def _compute_require_authentication(self):
+        for rec in self:
+            require_authentication = rec.review_ids.filtered(
+                lambda r: r.status in ("waiting", "pending")
+                and (self.env.user in r.reviewer_ids)
+            ).mapped("require_authentication")
+            rec.require_authentication = True in require_authentication
+
+    def validate_tier(self):
+        self.ensure_one()
+        if not self.has_comment and self.require_authentication:
+            return self._validate_tier_with_identity_check()
+        return super().validate_tier()
+
+    def reject_tier(self):
+        self.ensure_one()
+        if not self.has_comment and self.require_authentication:
+            return self._reject_tier_with_identity_check()
+        return super().reject_tier()
+
+    @check_authentication
+    def _validate_tier_with_identity_check(self):
+        return super().validate_tier()
+
+    @check_authentication
+    def _reject_tier_with_identity_check(self):
+        return super().reject_tier()

base_tier_validation_authentication_confirm/pyproject.toml

@@ -0,0 +1,3 @@
+[build-system]
+requires = ["whool"]
+build-backend = "whool.buildapi"

base_tier_validation_authentication_confirm/readme/CONFIGURE.md

@@ -0,0 +1,5 @@
+To configure this module, you need to:
+
+1.  Go to *Settings \> Technical \> Tier Validations \> Tier
+    Definition \> Select one tier definition*.
+2.  Mark "Require Authentication" field.

base_tier_validation_authentication_confirm/readme/CONTRIBUTORS.md

@@ -0,0 +1 @@
+- Arnau Cruz <arnau.cruz@forgeflow.com>

base_tier_validation_authentication_confirm/readme/DESCRIPTION.md

@@ -0,0 +1,2 @@
+Allows to add an authentication check to tier validation,
+where the user must confirm his authentication in order to approve or reject the tier review.