تخطي للذهاب إلى المحتوى
القائمة
لقد تم الإبلاغ عن هذا السؤال
1 الرد
21144 أدوات العرض

Hello,


I have 3 group roles: user, manager and logist. And need that user and manager on states 'approved', and 'to_approve_second' do not have write right.


all the users have write right and there are ir.rules:


<record id="purchase_request_followers_rule" model="ir.rule">

        <field name="name">Follow Purchase Request</field>

        <field name="model_id" ref="model_purchase_request"/>

        <field name="groups" eval="[(6,0, [ref('group_purchase_request_user')])]"/>

        <field name="perm_read" eval="True"/>

        <field name="perm_write" eval="False"/>

        <field name="perm_create" eval="False"/>

        <field name="perm_unlink" eval="False"/>

        <field name="domain_force">['|',('requested_by','=',user.id),

                                        ('message_partner_ids', 'in', [user.partner_id.id])]</field>

    </record>


    <record id="purchase_request_rule" model="ir.rule">

        <field name="name">Purchase Request User</field>

        <field name="model_id" ref="model_purchase_request"/>

        <field name="groups" eval="[(6,0, [ref('group_purchase_request_user')])]"/>

        <field name="perm_read" eval="True"/>

        <field name="perm_write" eval="True"/>

        <field name="perm_create" eval="True"/>

        <field name="perm_unlink" eval="True"/>

        <field name="domain_force">[('requested_by','=',user.id)]</field>

    </record>


    <record id="purchase_request_manager_rule" model="ir.rule">

        <field name="name">Purchase Request Manager</field>

        <field name="model_id" ref="model_purchase_request"/>

        <field name="groups" eval="[(6,0, [ref('group_purchase_request_manager')])]"/>

        <field name="perm_read" eval="True"/>

        <field name="perm_write" eval="True"/>

        <field name="perm_create" eval="True"/>

        <field name="perm_unlink" eval="True"/>

    </record>


I tried to add:


<record id="purchase_request_user_access" model="ir.rule">

        <field name="name">Purchase Request User Rule</field>

        <field name="model_id" ref="model_purchase_request"/>

        <field name="groups" eval="[(6,0, [ref('group_purchase_request_user')])]"/>

        <field name="perm_read" eval="True"/>

        <field name="perm_write" eval="False"/>

        <field name="perm_create" eval="False"/>

        <field name="perm_unlink" eval="False"/>

        <field name="domain_force">[('state','in',('approved', 'to_approve_second'))]</field>

    </record>


<record id="purchase_request_manager_access" model="ir.rule">

        <field name="name">Purchase Request Manager Rule</field>

        <field name="model_id" ref="model_purchase_request"/>

        <field name="groups" eval="[(6,0, [ref('group_purchase_request_manager')])]"/>

        <field name="perm_read" eval="True"/>

        <field name="perm_write" eval="False"/>

        <field name="perm_create" eval="False"/>

        <field name="perm_unlink" eval="False"/>

        <field name="domain_force">[('state','in',('approved', 'to_approve_second'))]</field>

    </record>


But nothing happens. User and manager can edit the document on  'approved' and 'to_approve_second' states.
What can be wrong?


الصورة الرمزية
إهمال
أفضل إجابة

1. In field "groups" you use command "6", instead of using "4".
"6"
replaces all existing records in the set by the ids list

"4" adds an existing record of id id to the set.

Look at Odoo ORM Documentation, part "Model Reference" https://doc.open-odoo.ru/developer/11.0/en/reference/orm.html#model-reference


2. For creating Rerord Rule depend from field 'state', then you need use field 'state' in domain.

You have to add in domains something like ('state','=','approved') or ('state','=','to_approve_second').

Example: <field name="domain_force">[('state','=','approved'), '|',('requested_by','=',user.id), ('message_partner_ids', 'in', [user.partner_id.id])]</field>

3. But non-global Record Rules are add rights from each other. They do not remove rights! In you case you need to add 'prohibiting' rules and you can't make them global(because you need to work only for some groups). In this way, if exist classic Record Rules which allow access for write - then your 'prohibiting' Record Rules will not worked.

To make your rules work you need:
3.1. remove classic Record Rules from database
Example:

<delete model="ir.rule" search="[('id','=',ref('some_classic_record_rule_id_which_you_need_to_change'))]"/>

3.2. or use inherit classic Record Rules and change domains for adding ('state','=','approved') to them.



الصورة الرمزية
إهمال
المنشورات ذات الصلة الردود أدوات العرض النشاط
0
ديسمبر 21
2255
2
أغسطس 25
2580
1
يوليو 25
986
1
أغسطس 25
1151
0
مايو 25
1434