Hi. I've added one group called Manager. I want to restrict all access to some model (say, model B) if the user is not a manager.
The way I did this initially, is that I added groups="my_module.group_id" to menuitems and fields so that they only show if the user is in the manager group. However, I can still access the model B if I happen to sneak into its views using URL. So setting groups attribute is not enough.
Then I restricted access to model B directly from \ir.model.access.csv file, however, users now can't access model A (main model, which has one2many field referencing model B) at all.
It says: "You are not allowed to access 'model name' (model.name) records."
I want it to let me see all the other fields of model A except the ones that relate to model B.
I'll provide more info if necessary.
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Accounting
- Inventory
- PoS
- Project
- MRP
This question has been flagged
1
Reply
4390
Views
Hi,
If we have to restrict access to a model using a security group, we can use groups attribute or set access rights in the ir.model.access.csv file. If you have conflict with One2many fields from the model in the view of another model, then you can try using a boolean field with a compute method and attrs attribute for the One2many field to hide it. Here, we are hiding the fields based on the user group and independent of the model:
(Example: Hiding the order lines of purchase order from custom module based on a group)
Security group:
< record id="group_purchase_editor" model="res.groups">
< field name="name">Purchase Order Editor
< field name="category_id" ref="base.module_category_inventory_purchase"/>
< /record>Boolean field and compute method added in the model:class PurchaseOrder(models.Model):
_inherit = "purchase.order"
purchase_order_editor = fields.Boolean(
string='Editor', compute='_compute_purchase_order_editor')
def _compute_purchase_order_editor(self):
"""
This function is used to update the purchase_order_editor field
based on the user group
"""
for record in self:
record.purchase_order_editor = False
if record.user_has_groups('custom_module_name.group_purchase_editor'):
record.purchase_order_editor = TrueUpdate the form view:< record id="purchase_order_view_form" model="" rel="ugc">ir.ui.view"> < field name="name">purchase.order.view.form.inherit.custom_module_name < field name="model">purchase.order < field name="inherit_id" ref="purchase.purchase_order_form" /> < field name="arch" type="xml"> < xpath expr="//field[@name='partner_id']" position="after"> < field name="purchase_order_editor" invisible="1" /> < /xpath> < xpath expr="//field[@name='order_line']" position="attributes"> < attribute name="attrs">{'invisible': [('purchase_order_editor', '=', False)]} < /xpath> < /field> < /record>Hope it helps
Enjoying the discussion? Don't just read, join in!
Create an account today to enjoy exclusive features and engage with our awesome community!
Sign up| Related Posts | Replies | Views | Activity | |
|---|---|---|---|---|
|
0
Nov 15
|
5631 | ||
|
1
Mar 15
|
9197 | ||
|
access rights manual
Solved
|
|
1
Mar 15
|
5675 | |
|
10
Dec 23
|
37779 | ||
|
1
Oct 25
|
10826 |
