I recently switched from using the web ui to module programing for a module i am making for extending the stock fleet management module (i had to, because with web ui, i had no way to make bidirectional many2many fields, nor set the "name" field of one of my custom models to be computed (concatenating the info from other 3 required fields), which i needed for displaying in a many2one selection field.)
I added 2 models of my own and extended the vehicle model. I also added views/menues/actions for my models, and replaced the stock vehicle views with my extended ones.
I have now to add security to my models/views/menues/actions, and even after reading the documentation and trying, i don't understand how it works.
Since i knew nothing on this matter, i learned with the v8.0 documentation, but the security part is not enough for me to learn it it seems:
I don't need to add new groups, since i am extending the ones from the fleet menu:
The first group should have full access to my added stuff, and the 2nd one should have read/creation access. (my new models are "events" and "fleet insurance", and both have their menu item for accessing their tree/form views).
Any tips in the right direction? I looked at the security files in the fleet module (one xml, one csv), and i can't grasp the naming in anything in the csv file before the GROUP (which i mentioned above) and the 1 or 0 for enabling or disabling permissions.
In the XML where i defined the menu/actions, i specified the group_fleet_manager, but that seems to do nothing (And i want to give read access at least for users).
Roberto, security in Odoo is controlled through 3 mechanism, AFAIK:
- For each model, you can specify the ACL (Settings >> Technical >> Security >> Access Control List). You can make this specific for a group, or for Public (if you don't specify any group). The ACL specify whether the group (or everyone if it is Public) have Create, Write, Update, and Delete access to the model. Note that if you don't specify any ACL, then only Super Admin have access to your model. In modules, usually this is specified and loaded as csv file. Check the odoo/addons/account/security/ir.model.access.csv file for samples. In fact the name of the file must be exactly that (ir.model.access.csv).
- For each model, you can specify Record Rules (Settings >> Technical >> Security >> Record Rules). Here you can futher tune the types of records that a group (or Public if you don't specify any group) have access to. The rule is specified in the domain form. You can check odoo/addons/account/security/account_security.xml for samples.
- For each view, you can futher control access to widgets by way of groups attribute. This groups attribute can contain a list of groups XML IDs that can view that widgets when the form is displayed. odoo/odoo/addons/account/account_bank_view.xml have samples for this.
Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!
About This Community
|Asked: 11/27/14, 12:53 PM|
|Seen: 1670 times|
|Last updated: 3/16/15, 8:10 AM|