Skip to Content
This question has been flagged
2 Replies
8140 Views
Avatar
Alessandro Strazzari

An Access rights row gives write access on a model (res_partner for instance), then the edit button appears on all records and I can edit and save any res_partner records.

Then I add a record rule that restricts write access to some records only. The rule works because when I try to save other records the "The requested operation cannot be completed due to security restrictions" error appears, but the useless and misleading Edit button still appears on all res_partner records.

Why? How to show or enable the Edit button only on records with write access rights?

Thanks

Avatar
Discard
Avatar
Bharat Parmar (bhp)
Best Answer

I don't know what you written in ir.model.access.csv file. but, i think you need to set access rights like this,

id,name,model_id/id,group_id/id,perm_read,perm_write,perm_create,perm_unlink
course_administrator,course manager,model_security_model_model1,group_manager,1,1,1,1
course_create_only_users,course all,model_security_model_model1,,1,0,1,1

and don't forget to put administrator users in group_manager.


Avatar
Discard
Bharat Parmar (bhp)

inherit your view to hide the edit button

<record id="view_form_remove_edit" model="ir.ui.view">

<field name="name">view.form.remove.edit</field>

<field name="model">module_name</field>

<field name="inherit_id" ref="module_name.your_parent_view"/>

<field name="groups_id" eval="[(6, 0, [ref('your_group')])]"/>

<field name="arch" type="xml">

<xpath expr="//form" position="attributes">

<attribute name="edit">false</attribute>

</xpath>

</field>

</record>

Avatar
Alessandro Strazzari
Author Best Answer

Hi, thanks for your aswer.

I think you are suggesting to define a global ir.model.access row "course_create_only_users" without write permission on "course" model, so by default no user can edit courses.

Than a group_manager's ir.model.access row "course_administrator" with all RWCD rights, so the users into the group_manager can edit courses.

That is right, but doesn't apply to my question.

My problem is that I can't define the W right based on group. I need a record rule that restrict the W access based on single record. For instance suppose that the users into the group_manager, ie the teachers, can edit its own courses only, so I need to define a record rule on model course like "[('teacher_id', '=', user.id)].

The rule blocks the Write operation if the current user is not the teacher_id of the course, but in the detail view of the course the user can see the edit button and he can click on it and only after Save action it will appears the "The requested operation cannot be completed due to security restrictions" error.

That is not a good ux!

Avatar
Discard
Alessandro Strazzari
Author

@Bharat Parmar (bhp)

The solution you suggest of "inherit your view to hide the edit button" is still based on groups visibility. I need some way to disable or hide the edit button if the current user is not the owner of the current record, ie if 'teacher_id', '!=', user.id