Skip to Content
This question has been flagged
securitytutorialRules
1 Reply
1650 Views
Avatar
John Doe

I'm going through access rules tutorial \https://www.odoo.com/documentation/14.0/developer/howtos/rdtraining/B_acl_irrules.html#access-rules

please someone tell me how to paste XML code here in a way it doesn't trim the tags away. I can't even show example of the rule, but you will find it in the link above


It's written that this rule 

Only applies to the “create”, “update” (write) and “delete” (unlink) operations: here we want every employee to be able to see other users’ records but only the author / assignee can update a record.


I don't get it. We haven't even written anything about create/update/unlink in the rule, why does it apply to those operations? Also, the code says (I think) that when the domain is met, read permission should be false, which doesn't make sense at all.

Please explain.

Avatar
Discard
Avatar
Paresh Wagh
Best Answer

Hi Ameus:

Since the XML does not explicitly specify a value for perm_write, perm_create and perm_unlink, Odoo will assign the default values (True) to these fields when the rule is created.

Here's a link to the code that defines these fields: https://github.com/odoo/odoo/blob/14.0/odoo/addons/base/models/ir_rule.py#L13


Regarding your second question, the rule seems to be just a sample to illustrate the syntax and not an actual working rule. For example, the "ref" is pointing to "model_to_manage".

Avatar
Discard
Related Posts Replies Views Activity
User Access Restriction by IP in Odoo
security
Avatar
0
Dec 24
49
How to call a server action depending on Activity State change
Rules
Avatar
Avatar
2
Nov 24
77
Security header at Odoo With Domain
security
Avatar
0
May 24
249
How do I restrict specific group of users to the posting of Journal entries
security
Avatar
Avatar
1
Dec 23
1088
Security Record Override
security
Avatar
0
Dec 23
310