Skip to Content
This question has been flagged
security
1 Reply
7634 Views
Avatar
Tyler K

I have a module I'm developing that allows users to submit Change Requests. All Change Requests must be visible to all users, but only the owner of a Change Request is allowed to edit that specific Change Request.

How can I implement this using Odoo's security mechanisms?

Right now, I have defined an access rule as follows (note that the group is empty to specify default employees group)...

id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
document_app_change_request_user,document_app.change_request.user,model_document_app_change_request,,1,1,1,1

Also, I have defined a record rule as follows..

<record id="document_app_change_request_user_rule" model="ir.rule"
<field name="name">Change Request: Write permission for owners only.</field>
<field name="model_id" ref="model_document_app_change_request"/>
<field name="perm_write" eval="1"/>
<field name="domain_force">[('create_uid','=',user.id)]</field>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
</record>

Avatar
Discard
luna_22

Hello, please if you found a solution, kindly share it, I have the same problem.
Thank you.

Avatar
Krimi Shah
Best Answer

Hi Tyler,

According me, you need to make two types of users. One who is User and other one is Manager.

So as per the users, record rules will be applied. Below is the code which you can refer.

<!-- Record Rule: Property Managers -->
<record id="property_rule_manager" model="ir.rule">
	<field name="name">Property Manager</field
	<field name="model_id" ref="model_property"/>
	<field name="domain_force">[(1,'=',1)]</field>
        <field name="groups" eval="[(4,ref('hr.group_hr_manager')), (4,ref('hr.group_hr_user'))]"/>
        <field name='perm_create' eval='True'/>
        <field name='perm_read' eval='True'/>
        <field name='perm_unlink' eval='True'/>
        <field name='perm_write' eval='True'/>
</record>

<!-- Record Rule: for User -->
<record id="property_rule_user" model="ir.rule">
	<field name="name">Property User</field>
	<field name="model_id" ref="model_property"/>
	<field name="domain_force">[('partner_id','=',user.partner_id.id)]</field>
	<field name="groups" eval="[(4,ref('base.group_user'))]"/>
	<field name='perm_create' eval='False'/>
        <field name='perm_read' eval='True'/>
        <field name='perm_unlink' eval='False'/>
        <field name='perm_write' eval='False'/>
</record>
Avatar
Discard
Tyler K
Author

Thanks for your response.

I'm not sure that your solution addresses my requirements. I need users to have write/delete access to the Change Requests they create; however, if someone else creates a Change Request, then the user should only have read access.

I guess what I'm trying to achieve is sort of like a post on social media. Users can edit their own posts, but they can't edit the posts of other users. This is the behavior I'm looking for.

Related Posts Replies Views Activity
User Access Restriction by IP in Odoo
security
Avatar
0
Dec 24
29
Security header at Odoo With Domain
security
Avatar
0
May 24
249
How do I restrict specific group of users to the posting of Journal entries
security
Avatar
Avatar
1
Dec 23
1083
Security Record Override
security
Avatar
0
Dec 23
309
Security restrictions for IT department
security
Avatar
0
Jun 23
548