This question has been flagged
1 Reply
7131 Views
Avatar
Roberto Cocchiararo

Hi

I recently switched from using the web ui to module programing for a module i am making for extending the stock fleet management module (i had to, because with web ui, i had no way to make bidirectional many2many fields, nor set the "name" field of one of my custom models to be computed (concatenating the info from other 3 required fields), which i needed for displaying in a many2one selection field.)

I added 2 models of my own and extended the vehicle model. I also added views/menues/actions for my models, and replaced the stock vehicle views with my extended ones.

I have now to add security to my models/views/menues/actions, and even after reading the documentation and trying, i don't understand how it works.

Since i knew nothing on this matter, i learned with the v8.0 documentation, but the security part is not enough for me to learn it it seems:

https://www.odoo.com/documentation/8.0/howtos/backend.html#security

I don't need to add new groups, since i am extending the ones from the fleet menu:

group_fleet_manager

group_fleet_user

The first group should have full access to my added stuff, and the 2nd one should have read/creation access. (my new models are "events" and "fleet insurance", and both have their menu item for accessing their tree/form views).

Any tips in the right direction? I looked at the security files in the fleet module (one xml, one csv), and i can't grasp the naming in anything in the csv file before the GROUP (which i mentioned above) and the 1 or 0 for enabling or disabling permissions.

In the XML where i defined the menu/actions, i specified the group_fleet_manager, but that seems to do nothing (And i want to give read access at least for users).

Avatar
Discard
Roberto Cocchiararo
Author

Hi again. I thought i had this after those explanations, but i don't T_T. I made a module that extends some models/objects in the fleet module. (i had previously done that in the web UI). Then, i wanted to add the 2 groups i manually made (by copying the 2 groups in the fleet module, and removing the unwanted menu items). For that, i copied the 2 security files from the fleet module, and replaced in them the group names with my own ones. I also had to add fleet. in some places, because if i did not, ODOO would thing i was working with some mymodule. stuff. When i try to install, i get: #"Exception: Module loading vehiculospc failed: file vehiculospc/security/ir.model.access.csv could not be processed: Line 1 : No matching record found for external id 'model_fleet_vehicle_model' in field 'Object'"#

Avatar
Ivan
Best Answer

Roberto, security in Odoo is controlled through 3 mechanism, AFAIK:

  • For each model, you can specify the ACL (Settings >> Technical >> Security >> Access Control List).  You can make this specific for a group, or for Public (if you don't specify any group).  The ACL specify whether the group (or everyone if it is Public) have Create, Write, Update, and Delete access to the model.  Note that if you don't specify any ACL, then only Super Admin have access to your model.  In modules, usually this is specified and loaded as csv file.  Check the odoo/addons/account/security/ir.model.access.csv file for samples.  In fact the name of the file must be exactly that (ir.model.access.csv).
  • For each model, you can specify Record Rules (Settings >> Technical >> Security >> Record Rules).  Here you can futher tune the types of records that a group (or Public if you don't specify any group) have access to.  The rule is specified in the domain form.  You can check odoo/addons/account/security/account_security.xml for samples.
  • For each view, you can futher control access to widgets by way of groups attribute.  This groups attribute can contain a list of groups XML IDs that can view that widgets when the form is displayed.  odoo/odoo/addons/account/account_bank_view.xml have samples for this.

 

Avatar
Discard
Roberto Cocchiararo
Author

I am trying to use the first method, but from the samples (i looked at the fleet module one, since that one i know how to use and i wanted to emulate it's way of doing it), i was unable to fully understand it. The "columns" in .csv file are: "id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink". I believe "id" and "name" have to be made up by me. Then "model_id:id" confuses me, because i do not find a correlation to the models with that, it also seems "made up", but if that is so, how does it work? "group_id:id" is the group.

Ivan

model_id:id will be in the in the format of model_XXXX where XXXX is the model's name with all the dots converted to underscore. e.g. sale.order -> model_sale_order. This is the XML ID of the model, which will be created automatically. group_id:id is the group. You also need to supply the XML ID of these groups. If this field is empty, it will became a public ACL. Usually when you create a group, you use in XML file. YYYY is the XML ID. If you want to find out the XML ID of a particular object, there are 2 paths that you can choose. First path is activate developer's mode, go the the object's Form View and select the View Log from the Combo Box on the top left of the view. Second path is to search it through Settings >> Technical >> Sequences & Identifiers >> External Identifiers and search for that particular model and ID. perm_XXX need to be boolean (1 or 0) for read, write, create, and delete (unlink) respectively.

Marvin Taboada

Hello Roberto, John. I posted an answer in another question where I elaborate about External IDs. There I explain why we have to use 'model_XXXX' or even 'module_name.model_XXXX' in a similar context (references to 'ir.model' records). Feel free to take a look here: https://www.odoo.com/forum/help-1/question/what-does-field-name-model-id-ref-xxxx-refer-to-68794