Skip to Content
Menú
This question has been flagged
1 Respondre
4038 Vistes

Hi everyone, I have a custom model "A" that has a Many2many relationship to the hr.applicant model.

I have two groups of users in my application: admin and non-admin. I want both groups to have read permission of model "A", but only the admin group should have read permissions on hr.applicant.

I thought I could achieve this by adding groups="my_admin_group" to the field in model A's views, but unfortunately this is not working.

It's important to note that the approach above works IF the field is Many2one, rather than Many2many, which results in the value of the field being hidden from the non-admin group. But if the fields is Many2many (which is required in my case) it throws a permission error.

I have also tried to make the field conditionally invisible, but to no avail.


Any ideas of why this is happening, and how to work around it? Thank you.

Avatar
Descartar
Best Answer

Because you are giving read access to the source model, the user will get access to read the same. If you do not want the user to access the source model directly from front end, you can hide the menu for the group which enables the user to go to the particular screen.

Avatar
Descartar
Autor

I don't think that would solve my problem, but anyway I already got an answer on the Github issue I created.
The solution is to set the "groups" field attribute at the model level (i.e. on the Python file) rather than only on the view. That makes it so the non-admin group can access the view, but simply doesn't receive the private field on the frontend.

Related Posts Respostes Vistes Activitat
2
de març 24
2352
3
d’ag. 23
3882
1
d’oct. 22
3410
0
de set. 22
1810
3
de jul. 22
2825