Hi, i am confused in Access Right and Record Rules base on several conditions. I had created Access Right for 3 groups: Password Authentication Password Authentication 30 Low <field name=

Access Right and Record Rules Issues

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Accounting
Inventory
PoS
Project management
MRP

Take the tour

All Posts People Badges

Tags (View all)

odoo v14 accounting v15 odoo16features

About this forum

Help

Access Right and Record Rules Issues

odoo8.0

3 Replies

5801 Views

12e1121

Hi, i am confused in Access Right and Record Rules base on several conditions.

I had created Access Right for 3 groups:

		<record model="ir.module.category" id="module_category_password">
			<field name="name">Password Authentication</field>
			<field name="description">Password Authentication</field>
			<field name="sequence">30</field>
		</record>
		<record id="password_user_id" model="res.groups">
			<field name="name">Low</field>
			<field name="category_id" ref="module_category_password"></field>
			<field name="comment">Low Permission can only view password.</field>
		</record>
		
		<record id="password_officer_id" model="res.groups">
			<field name="name">Medium</field>
			<field name="category_id" ref="module_category_password"></field>
            <field name="implied_ids" eval="[(4, ref('password_user_id'))]"/>
			<field name="comment">Medium Permission will have certain right for Password Authentication.</field>
		</record>
		
		<record id="password_manager_id" model="res.groups">
			<field name="name">High</field>
			<field name="category_id" ref="module_category_password"></field>
            <field name="implied_ids" eval="[(4, ref('password_officer_id'))]"/>
			<field name="comment">High Permission will have all access right for Password Authentication.</field>
		</record>

The columns created:

    _columns = {
		'account_name': fields.char('Account Name', required=True),
		'username': fields.char('Username/Email', required=True),
		'password': fields.char('Password', required=True),
        'confirm_password': fields.char('Confirm Password', required=True),
		'confidential_level': fields.selection([("High", "High"), ("Medium", "Medium"), ("Low", "Low")], 'Confidential Level', required=True), 
		'security_question': fields .text('Security Question'),
        'note': fields .text('Note'),
    }

The ir.model.access:

id,name,model_id/id,group_id/id,perm_read,perm_write,perm_create,perm_unlink

access_password_authentication_manager,password.authentication.manager,model_password_authentication,password_manager_id,1,1,1,1

access_password_authentication_officer,password.authentication.officer,model_password_authentication,password_officer_id,1,1,1,1

access_password_authentication_user,password.authentication.user,model_password_authentication,password_user_id,1,0,0,0

My conditions needed in this custom module are:

High - Have all access

Medium - Can create, view, edit, delete low and medium confidential level password

Low - Only can view Low Confidential Password

Low and High Group is working perfectly. However, for medium group it is not working, it seems that the High Confidential is not view-able (it should be viewable but not editable).

The Record Rule added:

		 <record model="ir.rule" id="module_category_password_rule">
				 <field name="name">Password Rule Medium</field>
				 <field name="model_id" ref="model_password_authentication"></field>
				 <field name="groups" eval="[(4,ref('password_officer_id'))]"></field>
				 <field name="domain_force">[('confidential_level', '!=', 'High')]</field>
				 <field eval="0" name="perm_write"></field>
				 <field eval="1" name="perm_read"></field>
				 <field eval="1" name="perm_unlink"></field>
				 <field eval="1" name="perm_create"></field>
		 </record>

Can someone please advise? Thank you.

12e1121

Author

I might need to post my correction. Odoo does not let me edit my post.

My problems are:

High: Can't view high confidential password (It should be view-able)

Medium: Can't view high confidential password, can't edit medium and low confidential password (it should be view-able and not editable in High, editable in Medium and Low)

Low: Works perfectly

Fatih Piristine

Best Answer

for medium, you may need to apply some rules on views / window actions. I had run into similar issue and found solution that way. it is messy but not impossible.

12e1121

Author

Thanks FP! You ignited me the ideas! Here is what i did for my solution and i hope can helps those who have same issue like me:

- Remove Record Rules.

-Added on_change method for my confidential_level field (Very similar to states, but in this case the "states" can be edit based on user's group)

    def onchange_confidential_level (self, cr, uid, ids, confidential_level, context = None):
        warning = False
        result = {}
        warning_msgs = ''
        models_user = self.pool.get ('res.users')
        confidential_level_db = self.browse (cr, uid, ids) .confidential_level
        if confidential_level == "High":
            # Check if Confidential Level is High and user group
            flag = models_user.has_group (cr, uid, 'password_authentication.password_manager_id')
            if not flag:
                warning_msgs = 'You have no permission to edit the confidential level.'
                result ['confidential_level'] = confidential_level_db
        else:
            if confidential_level_db == "High":
				# Check if Confidential Level is High and user group
                flag = models_user.has_group (cr, uid, 'password_authentication.password_manager_id')
                if not flag:
                    warning_msgs = 'You have no permission to edit the confidential level.'
                    result ['confidential_level'] = confidential_level_db
        if warning_msgs:
            warning = {
                       'title': _ ('Warning'),
                       'message': warning_msgs
                    }					
        return {'value': result, 'warning': warning}

The on_change method restricted medium user to edit High Confidential Level password.

Enjoying the discussion? Don't just read, join in!

Create an account today to enjoy exclusive features and engage with our awesome community!

Related Posts	Replies	Views
how to implement joint piece in odoo 8 in one view odoo8.0	0 Apr 24	401
what is the reason behind extra move? in stock odoo8.0	4 Nov 23	4251
How to solve fields.function issue in odoo 8 odoo8.0	0 Oct 23	378
how to restrict create and delete access in one2many field tree view odoo8.0	0 Dec 22	1334
odoo8 How to pass parameters in the URL ? Solved odoo8.0	2 Dec 23	17353

This question has been flagged

Enjoying the discussion? Don't just read, join in!