Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

2

Field level 'read' access rights missing in Odoo 8.0?

By
Marvin Taboada
on 11/6/14, 10:33 PM 1,538 views

Hi, I have been using field level 'read/write' access rights in OpenERP 7.0 (please don't be confused with the 'groups' field attribute) and I know the low level details of what is their effect. Just as a reference, below are links to the 7.0 sources where they are processed in the ORM of v7.0:

* field_object.read (field values are cleared after reading the DB if the user doesn't have read permission)

* field_object.write: (field keys/values are silently removed before writing them to the database if the user doesn't have write permissions)

My problem is that I have not found where field level 'read' (only read) access rights are processed in Odoo 8.0, I have read the new ORM sources and identified the corresponding read method (_read_from_database), but I have not found any chunk of code where field level 'read' access rights are processed. I'm afraid the feature is missing in v8.0.

On the other hand, field level 'write' access rights is correctly processed in the _write method for Odoo 8.0.

Is this a missing feature in Odoo 8.0?

Are field level 'read/write' access rights a feature that is expected to be included in Odoo 8.0?

Thanks in advance for your attention,

Marvin

0

Atchuthan - Technical Consultant, Sodexis Inc

--Atchuthan - Technical Consultant, Sodexis Inc--
3918
| 5 3 8
Puducherry, India
--Atchuthan - Technical Consultant, Sodexis Inc--
Passionate coder in Python/Odoo(formerly known as OpenERP).

Contact me via GMail: atchuthantu@gmail.com via Skype: atchuthan_skype
via Linkedin: http://in.linkedin.com/in/atchuthantu
Atchuthan - Technical Consultant, Sodexis Inc
On 11/7/14, 1:30 AM

 

In my opinion, we use check_access_rights method to check whether the access is available for the particular table.
self.check_access_rights(cr, uid, 'read')
fields = self.check_field_access_rights(cr, user, 'read', fields)   

    def check_field_access_rights(self, cr, user, operation, fields, context=None):
        """
        Check the user access rights on the given fields. This raises Access
        Denied if the user does not have the rights. Otherwise it returns the
        fields (as is if the fields is not falsy, or the readable/writable
        fields if fields is falsy).
        """

then using the generated fields list, self._read_flat(cr, user, select, fields, context, load) is called.

So, why do we need to check the access once again after the _read_flat is generated? 

Wrong answer my friend, I already said I'm not talking about the 'field_object.groups' attribute. Please review the implementation of 'check_field_access_rights' at https://github.com/odoo/odoo/blob/7.0/openerp/osv/orm.py#L3646 to verify that it is not related to my question. Thanks anyway for your time.

Marvin Taboada
on 11/7/14, 3:07 PM

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

2 follower(s)

Stats

Asked: 11/6/14, 10:33 PM
Seen: 1538 times
Last updated: 3/16/15, 8:10 AM