give rigth to Page aprover group on the page_history model and hide the button for unallowed group thought the security isn't enforced a the orm level

(../7.0pageapproval/ rev 9)

document_page_approval/document_page_approval.py

@@ -37,10 +37,20 @@ class document_page_history_wkfl(orm.Model):
     
     def can_user_approve_page(self, cr, uid, ids, name, args, context=None):
         user = self.pool.get('res.users').browse(cr,uid,uid)
+        res = {}
         for page in self.browse(cr, uid, ids, context=context):
-            res[page.id] = page.approver_gid in user.groups_id
+            res[page.id]= self.can_user_approve_this_page(page.page_id, user)
         
         return res
+    
+    def can_user_approve_this_page(self, page, user):
+        if page:
+            res = page.approver_gid in user.groups_id
+            res = res or self.can_user_approve_this_page(page.parent_id, user)
+        else:
+            res=False
+            
+        return res
         
     _columns = {
         'state': fields.selection([
@@ -50,10 +60,9 @@ class document_page_history_wkfl(orm.Model):
         'approved_uid': fields.many2one('res.users', "Approved By"),
         'is_parent_approval_required': fields.related('page_id', 'is_parent_approval_required', string="parent approval", type='boolean', store=False),
         'approver_gid': fields.related('page_id', 'approver_gid', string="Approver group", type='many2one', relation='res.groups', store=False),
-        'can_user_approve_page': fields.function(can_user_approve_page, string="can user approve this page", type='boolean'),
+        'can_user_approve_page': fields.function(can_user_approve_page, string="can user approve this page", type='boolean', store=False),
         }
         
-        
 class document_page_approval(orm.Model):
     _inherit = 'document.page'
     def _get_display_content(self, cr, uid, ids, name, args, context=None):

document_page_approval/document_page_view.xml

@@ -8,9 +8,12 @@
             <field name="arch" type="xml">
                 <xpath expr="//form/label[@for='page_id']" position="before">
                     <header attrs="{'invisible':[('is_parent_approval_required','=',False)]}">
-                        <button name="page_approval_approve" string="Approve" states="draft" />
+                        <span attrs="{'invisible':[('can_user_approve_page','=',False)]}">
+                            <button name="page_approval_approve" string="Approve" states="draft"/>
+                        </span>
                         <field name="state" widget="statusbar" statusbar_visible="draft,approved"/>
                         <field name="is_parent_approval_required" invisible="1"/>
+                        <field name="can_user_approve_page" invisible="1"/>
                     </header>
                 </xpath>
             </field>

document_page_approval/security/document_page_security.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<openerp>
+<data noupdate="0">
+    <record id="base.group_document_approver_user" model="res.groups">
+        <field name="name">Document approver</field>
+        <field name="users" eval="[(4, ref('base.user_root'))]"/>
+    </record>
+</data>
+</openerp>

document_page_approval/security/ir.model.access.csv

@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+document_page_history,document.page.history,model_document_page_history,base.group_document_approver_user,1,1,1,0