I created a "VALIDATOR" group which have to access write only when invoices are in state "validate", but it does not work (I test with perm_read and it works, but not with perm_write... ) Have you any solution please ?

I understood that I have to create Acces Rights for my custom group "VALIDATOR (it is possible to make it by XML/CSV, I choosed CSV) and it works with the rights:

• read : 1

• write : 1

• create : 0

• unlink : 0
  

But when I want to make conditions to this rights, I need to use Rules :

<record id="invoice_validators_write" model="ir.rule">
			<field name="name">Validators can only write when state is 'validate'</field>
			<field name="model_id" ref="account.model_account_invoice" />
			<field name="groups" eval="[(4,ref('group_validator'))]" /> 
			<field name="perm_read" eval="0" />
			<field name="perm_write" eval="1" />
			<field name="perm_create" eval="0" />
			<field name="perm_unlink" eval="0" />
			<field name="domain_force">[('state','=','validate')]</field>
		</record>
		
		<record id="invoice_validators_read" model="ir.rule">
			<field name="name">Validators can read invoices when state is 'draft','validate' and 'confirm'</field>
			<field name="model_id" ref="account.model_account_invoice" />
			<field name="groups" eval="[(4,ref('group_validator'))]" />
			<field name="perm_read" eval="1" />
			<field name="perm_write" eval="0" />
			<field name="perm_create" eval="0" />
			<field name="perm_unlink" eval="0" />
			<field name="domain_force">[('state','in',['draft','validate', 'confirm'])]</field>
		</record>

Can you help me or explain why with this code a VALIDATOR can write in an invoice which is in state 'draft' ?