Hello,
I have a rights management issue, the way it works remains really obscure to me.
In my project, the members of the group_project_scrum_responsible can create and read every project, but only write when their user.id is the project.scrum_master_id
As I understand the documentation, I first have to set access to the models for the group, in security/ir.model.access.csv:
access_project_scrum_project_project_psri,access.project.project.psri,model_project_project,project_scrum.group_project_scrum_responsible_internal,1,1,1,0
This is working fine, my user can now read, write, create but not unlink, as expected.
Then, I specify a rule to precise the perm_write right:
<record id="psri_project_specific_rule" model="ir.rule">
<field name="name">PSRI only writes project if he is SM</field>
<field name="model_id" ref="project.model_project_project"/>
<field name="groups" eval="[(4, ref('project_scrum.group_project_scrum_responsible_internal'))]"/>
<field name="perm_read" eval="0"/>
<field name="perm_write" eval="1"/>
<field name="perm_create" eval="0"/>
<field name="perm_unlink" eval="0"/>
<field name="domain_force">[('scrum_master_id', '=', user.id)]</field>
</record>
The rule is considered in debug mode, so I guess there is no syntax issue. But it's inefficient : nothing happens.
Thanks for your help.
At first, check if your rule appear if settings > "security" by searching it by name. "PSRI only writes project if he is SM". If it appears in Odoo, check you rule settings. If it does not - something wring in your xml.
Also try to create access rule manually in Odoo web intarface to check desired behaviour.