Skip to Content
This question has been flagged
record_rulesaccess_rulesodoov11
2 Replies
6207 Views
Avatar
FCarmo

Hi everyone,

I'm trying to add some security rules to my module, but I'm unable to do so.

I'm using multi company and trying to show only records that meet these requirements:
> Same company
> Same company and shared resource either True or False
> Different Company and shared resource must be True

The rules do exactly what I want, except when I try to enter a record it says that I need "read permissions"

P.S: Don't worry about the rule names. I'm trying to start this first.

This is what I have:

From the csv security file.

id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_neos_res_company_user,access_neos_res_company_user,base.model_res_company,neos_resource_reservation.group_neos_resource_user,1,0,0,0
access_neos_res_users_user,access_neos_res_users_user,base.model_res_users,neos_resource_reservation.group_neos_resource_user,1,1,0,0
access_neos_res_partner_user,access_neos_res_partner_user,base.model_res_partner,neos_resource_reservation.group_neos_resource_user,1,1,0,0
access_neos_resource_user,access_neos_resource_user,model_resource_reservation,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_access_right_user,access_fleet_vehicle_access_right_user,fleet.model_fleet_vehicle,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_model_access_right_user,access_fleet_vehicle_model_access_right_user,fleet.model_fleet_vehicle_model,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_tag_access_right_user,access_fleet_vehicle_tag_access_right_user,fleet.model_fleet_vehicle_tag,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_state_access_right_user,access_fleet_vehicle_state_access_right_user,fleet.model_fleet_vehicle_state,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_model_brand_access_right_user,access_fleet_vehicle_model_brand_access_right_user,fleet.model_fleet_vehicle_model_brand,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_service_type_access_right_user,access_fleet_service_type_access_right_user,fleet.model_fleet_service_type,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_access_fleet_vehicle_cost_user,access_access_fleet_vehicle_cost_user,fleet.model_fleet_vehicle_cost,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_odometer_access_right,access_fleet_vehicle_odometer_access_right,fleet.model_fleet_vehicle_odometer,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_log_services_access_right_user,access_fleet_vehicle_log_services_access_right_user,fleet.model_fleet_vehicle_log_services,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_log_contract_access_right_user,access_fleet_vehicle_log_contract_access_right_user,fleet.model_fleet_vehicle_log_contract,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_log_fuel_access_right,access_fleet_vehicle_log_fuel_access_right,fleet.model_fleet_vehicle_log_fuel,neos_resource_reservation.group_neos_resource_user,1,1,1,0

And from the xml security file:

<?xml version="1.0" encoding="utf-8"?>
<odoo>
    <data noupdate="0">
        <!--####################### GROUPS #######################-->
        <record id="module_neos_resource_reservation" model="ir.module.category">
            <field name="name">Resource Management</field>
            <field name="description">Permissions for the resource reservation module.</field>
            <field name="sequence">20</field>
        </record>

        <record id="group_neos_resource_anon_user" model="res.groups">
            <field name="name">Anonymous</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="implied_ids" eval="[(4, ref('base.group_public'))]" />
            <field name="comment">Anonymous User Group.</field>
        </record>

        <record id="group_neos_resource_user" model="res.groups">
            <field name="name">User</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="implied_ids" eval="[(4, ref('base.group_user'))]"/>
            <field name="comment">Common user</field>
        </record>

        <record id="group_neos_resource_manager" model="res.groups">
            <field name="name">Manager</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="users" eval="[(4, ref('base.user_root'))]"/>
            <field name="implied_ids" eval="[(6, 0, [
                ref('group_neos_resource_user'),
            ])]"/>
            <field name="comment">This user will have access to all records of everyone within is own company.</field>
        </record>

        <record id="group_neos_resource_sudo_manager" model="res.groups">
            <field name="name">Super Manager</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="users" eval="[(4, ref('base.user_root'))]"/>
            <field name="implied_ids" eval="[(6, 0, [
                ref('group_neos_resource_manager'),
            ])]"/>
            <field name="comment">This user will have access to everything.</field>
        </record>

        <!--####################### USER #######################-->
        <record id="rule_fleet_vehicle_owner_user" model="ir.rule">
            <field name="name">User owner vehicle</field>
            <field name="model_id" ref="fleet.model_fleet_vehicle"/>
            <field name="global" eval="True"/>
            <field name="groups" eval="[(4, ref('group_neos_resource_user'))]"/>
            <field name="domain_force">[('owner_id','=',user.company_id.id),'|',('shared_resource','=',True),('shared_resource','!=',True)]</field>
        </record>
        
        <record id="rule_fleet_vehicle_owner_user2" model="ir.rule">
            <field name="name">User owner vehicle</field>
            <field name="model_id" ref="fleet.model_fleet_vehicle"/>
            <field name="global" eval="True"/>
            <field name="groups" eval="[(4, ref('group_neos_resource_user'))]"/>
            <field name="domain_force">[('owner_id','!=',user.company_id.id),('shared_resource','=',True)]</field>
            <field name="perm_read" eval="True"/>
            <field name="perm_write" eval="False"/> <!-- eval="True" -->
            <field name="perm_create" eval="False"/>
            <field name="perm_unlink" eval="False"/>
        </record>
        
        <!--####-->
        
        <!--<record id="rule_fleet_vehicle_owner_user3" model="ir.rule">-->
        <!--    <field name="name">User owner vehicle</field>-->
        <!--    <field name="model_id" ref="fleet.model_fleet_vehicle"/>-->
        <!--    <field name="groups" eval="[(4, ref('group_neos_resource_user'))]"/>-->
        <!--    <field name="domain_force">[('owner_id','!=',user.company_id.id),('shared_resource','!=',True)]</field>-->
        <!--    <field name="perm_read" eval="True"/>-->
        <!--    <field name="perm_write" eval="True"/>-->
        <!--    <field name="perm_create" eval="False"/>-->
        <!--    <field name="perm_unlink" eval="False"/>-->
        <!--</record>-->
        <!---->
        <!--####-->

Funny thing is, if I uncomment the record rule above, and replace the record "rule_fleet_vehicle_owner_user2" perm_write with "True", it shows every record (which is not what I want) and I can do everything normally.


Any guesses on what is wrong?


Thank you and have a good day



Avatar
Discard
Avatar
Tiến Paul
Best Answer

in "rule_fleet_vehicle_owner_user2"and "rule_fleet_vehicle_owner_user3"
Not used by True or False that is 1 or 0

<field name="perm_read" eval="True"/>-->
        <!--    <field name="perm_write" eval="True"/>-->
        <!--    <field name="perm_create" eval="False"/>-->
        <!--    <field name="perm_unlink" eval="False"/>--> Must be
<field name="perm_read" eval="1"/>-->
        <!--    <field name="perm_write" eval="1"/>-->
        <!--    <field name="perm_create" eval="0"/>-->
        <!--    <field name="perm_unlink" eval="0"/>-->
Not used by True or False
Avatar
Discard
Avatar
Arturo Ruiz
Best Answer

Hi, in your csv security file line # 6 you use  "fleet.model_fleet_vehicle"  and the values at end of this line are "1,1,1,0".
In your xml security file, under "<record id="rule_fleet_vehicle_owner_user2" model="ir.rule"> the last 4 lines <field name> are eval as True, False, False, False.
You said "Funny thing is ...." , are you tried using  True, True, True, False  (1,1,1,0) ?




Avatar
Discard
Related Posts Replies Views Activity
Can you restrict User access to Bills / Payments v16
record_rules access_rules
Avatar
Avatar
Avatar
2
Jan 24
922
what is different access right and record rules in odoo online
record_rules access_rules odooonline
Avatar
Avatar
Avatar
2
Jun 24
965
Give a Single User Access Rights to Specific Field
groups record_rules access_rules
Avatar
Avatar
Avatar
2
Aug 23
1280
Record Rule for Contacts (A Specific Group of Users Can Only See Other Users)
res.partner record_rules access_rules
Avatar
Avatar
Avatar
Avatar
3
Aug 23
4597
Record Rules related to current user Solved
record_rules access_rules accessrights
Avatar
Avatar
1
Dec 20
5430