Skip to Content
Menú
This question has been flagged
1 Respondre
3402 Vistes

Hi. I've added one group called Manager. I want to restrict all access to some model (say, model B) if the user is not a manager.

The way I did this initially, is that I added groups="my_module.group_id" to menuitems and fields so that they only show if the user is in the manager group. However, I can still access the model B if I happen to sneak into its views using URL. So setting groups attribute is not enough.

Then I restricted access to model B directly from \ir.model.access.csv file, however, users now can't access model A (main model, which has one2many field referencing model B) at all.

It says: "You are not allowed to access 'model name' (model.name) records."

I want it to let me see all the other fields of model A except the ones that relate to model B.

I'll provide more info if necessary.

Avatar
Descartar
Best Answer

Hi,

If we have to restrict access to a model using a security group, we can use groups attribute or set access rights in the ir.model.access.csv file. If you have conflict with One2many fields from the model in the view of another model, then you can try using a boolean field with a compute method and attrs attribute for the One2many field to hide it. Here, we are hiding the fields based on the user group and independent of the model:
(Example: Hiding the order lines of purchase order from custom module based on a group)
Security group:

< record id="group_purchase_editor" model="res.groups">
        < field name="name">Purchase Order Editor
        < field name="category_id" ref="base.module_category_inventory_purchase"/>
    < /record>
Boolean field and compute method added in the model:

class PurchaseOrder(models.Model):
_inherit = "purchase.order"

    purchase_order_editor = fields.Boolean(
        string='Editor', compute='_compute_purchase_order_editor')

    def _compute_purchase_order_editor(self):
        """
        This function is used to update the purchase_order_editor field
        based on the user group
        """
        for record in self:
            record.purchase_order_editor = False
            if record.user_has_groups('custom_module_name.group_purchase_editor'):
                record.purchase_order_editor = True
Update the form view:

< record id="purchase_order_view_form" model="" rel="ugc">ir.ui.view">
        < field name="name">purchase.order.view.form.inherit.custom_module_name
        < field name="model">purchase.order
        < field name="inherit_id" ref="purchase.purchase_order_form" />
        < field name="arch" type="xml">
            < xpath expr="//field[@name='partner_id']" position="after">
                < field name="purchase_order_editor" invisible="1" />
            < /xpath>
            < xpath expr="//field[@name='order_line']" position="attributes">
                < attribute name="attrs">{'invisible': [('purchase_order_editor', '=', False)]}
            < /xpath>
        < /field>
    < /record>
Hope it helps
Avatar
Descartar
Related Posts Respostes Vistes Activitat
0
de nov. 15
4698
1
de març 15
8376
1
de març 15
4979
10
de des. 23
36699
1
de des. 21
9716