Skip to Content
This question has been flagged
securitygroupsopenerp7
4 Replies
17715 Views
Avatar
Matias Garcia Isaia

I have a module that adds a flag to res.partner. If the flag for an object is enabled, that object only has to be visible to users in a Priviliged group. In addition, as only those users can set which objects have this flag enabled, they are the only ones who should see the flag field in the views.

I'm using OpenERP 7 and read here (://doc openerp com /trunk/server/04_security/) the use of groups properties, both at object-level and view-level.

But when I open the view with a non-Priviliged user, I get an Access Denied by ACLs for operation: read, uid: 5, model: res.partner, fields: priviliged error.

How can I manage to do this? Am I doing something wrong?

partner_modif.py:

class partner_modif(osv.osv):
    _name = "res.partner"
    _inherit = "res.partner"
    _columns = { 
                  'priviliged': fields.boolean('Priviliged', required=False, groups="my-module.priviliged_users")
                  }
    _defaults = {
                  'priviliged': lambda *a: 0
                 }
partner_modif()

partner_view_modif.xml:

<?xml version="1.0" encoding="utf-8"?>
<openerp>
    <data>
        <record id="view_partner_address_form1_inherit" model="ir.ui.view">
            <field name="name">res.partner.address.form1.inherit</field>
            <field name="model">res.partner</field>
            <field name="inherit_id" ref="base.view_partner_form" />
            <field name="arch" type="xml">
                    <field name="function" position="after">
                        <field name="priviliged" groups="my-module.priviliged_users"/>
                    </field>
              </field>
        </record>

    <record id="my-module.priviliged_users" model="res.groups">
        <field name="name">Priviliged</field>
        <field name="comment">Priviliged users</field>
    </record>

    <record model="ir.rule" id="partner_priviliged_users">
        <field name="name">Priviliged users see all partners</field>
        <field name="model_id" ref="model_res_partner"/>
        <field name="domain_force">[(True, '=', True)]</field>
        <field name="groups" eval="[(4, ref('my-module.priviliged_users'))]"/>
    </record>

    <record model="ir.rule" id="partner_unpriviliged_users">
        <field name="name">Non priviliged users see un-priviliged partners</field>
        <field name="model_id" ref="model_res_partner"/>
        <field name="domain_force">[('priviliged', '=', False)]</field>
        <field name="groups" eval="[(4, ref('base.group_user'))]"/>
    </record>
    </data>
</openerp>
Avatar
Discard
Xsias

Have you create a ir_model_access.csv in the folder security of your module ?

Matias Garcia Isaia
Author

@Xsias: no, I haven't. Never read about. I'm searching now, if you have any recommended link, it'll be appreciated :)

Sehrish

1- How to check login user group in odoo: https://goo.gl/Ts3qqK

2- How to visible and invisible fields in odoo: https://goo.gl/BCxCpk

Avatar
Xsias
Best Answer

Here some links about ir_model_access :

https://accounts.openerp.com/forum/Help-1/question/12430

In this link you can read :

For :

id  name    model_id/id group_id/id perm_read   perm_write  
perm_create perm_unlink
model_bpl_worker_manager    bpl_worker  model_bpl_worker    
group_checkroll_manager 1   1   1   1
  • id = unique identify for the permission (Example: MY_MODULE_res_partner_manager)
  • name = unique name for the permission (Example: res_partner manager)
  • model_id/id = the model unique name of the class you want apply permission on (Example model_res_partner)
  • group_id/id = group permission apply on (yopu can define it in xml group file or call an existing group with syntax module.group_id)
  • perm_read,perm_write,perm_create,perm_unlink = the 4 values for the relative permission to read, write,create,unlink record on defined class. 1 is True (you can do this action) and 0 is Faslse (you can't)

A simple way to understand this file is to read an existing csv in some OpenERP base module like sale, account, product, etc...

Some useful link: http://www.zbeanztech.com/blog/security-openerp

I can give you others links likes :

http://forum.openerp.com/forum/topic16596.html

http://stackoverflow.com/questions/15966676/openerp-7-access-rights-for-user-roles

Avatar
Discard
Related Posts Replies Views Activity
Security Fear: Make fields of a model secret without using groups attribute
security groups
Avatar
0
Nov 15
3184
access rights manual Solved
security groups
Avatar
Avatar
1
Mar 15
3620
How to display a view with one field removed for certain groups?
security groups
Avatar
Avatar
1
Mar 15
7070
Permission for a group to edit a single field only? Solved
security v7 groups
Avatar
Avatar
Avatar
Avatar
Avatar
10
Dec 23
34623
Make Field Read Only for specific Group Solved
security fields groups
Avatar
Avatar
1
Dec 21
7966