Help

4

Is it possible to make a field readonly for users under particular group in openerp 7?

Avatar
Omal Bastin

Hi, I have a field in invoice(say reference number). Only the users coming under the group 'Financial Manager' can edit the field. All other users can view these fields as readonly field. Is it possible to achieve this?

Thanks in advance.

1 Comment
Avatar
Discard
Avatar
Ray Carnes
-

@Omal Bastin  Thanks for your answer . It really helped me in my project.

4 Answers
11
Avatar
Omal Bastin
Best Answer

Another simple solution.

First create your form view. Then inherit the view also specify the groups. for example in sale order form view, i want to make the customer reference(client_order_ref) field is readonly for everyone except group group_financial.

<record id="view_order_form_cust_ref_readonly" model="ir.ui.view">
    <field name="name">sale.order.form.readonly.cust</field>
    <field name="model">sale.order</field>
    <field name="inherit_id" ref="sale.view_order_form"/>
    <field name="groups_id" eval="[(6, 0, [ref('base.group_financial') ])]"/>
    <field name="arch" type="xml">
        <field name='client_order_ref' position="attributes">
            <attribute name="readonly">0</attribute>
        </field>
    </field>
</record>
6 Comments
Avatar
Discard
Avatar
Mohammad Alhashash
-

This is a view customization which can be easily bypassed. It should be used only for useability, not access control and security.

Avatar
Mohammad Alhashash
-

Using direct json call for example.

Avatar
Omal Bastin
-

Okey then how can we make a field readonly based on group and status/state?

Avatar
Mohammad Alhashash
-

Try reading my answer to this question.

Avatar
Omal Bastin
-

function field will only execute when saving the record. i dont think create/write is a good option and also the property field.

Avatar
Alcaline
-

what if the whole view needs to readonly? Is that possible??

4
Best Answer

If you need to enforce access control to the field, you should not use view customization as it is just a cosmetic behavior and can be easily bypassed.

For a real field/column access control, you should use one of the following options:

Option 1: Use the new field level access control

Using groups='group1, group2, ...' in field definition restricts the field to the specified groups. Currently, you cannot control specific read or write, only allow or prevent access.

In this case, you may create functional field that can be displayed for restricted users. The function for that fields must use the user id openerp.SUPERUSER_ID or integer 1 to read the original field, not the current user id.

from openerp import SUPERUSER_ID
....
class MyClass(osv.Model):
...
    def _myfield_reader(self, cr, uid, ids, name, args, context=None):
        values = self.read(cr, uid, SUPERUSER_ID, ids, ['myfield'], context=context)
        return {v['id']:v['myfield'] for v in values}

Option 2: Override create() and write() methods

By overriding these methods, you can raise AccessError exception if a restricted user tried to write that field value.


Option 3: Use fields.property field

Property fields are stored as ir.property records. So, standard record access control can be used to protect it. Check for example property_account_* fields defined for res.partner in account/partner.py in the account module.

6 Comments
Avatar
Discard
Avatar
Omal Bastin
-

i want to make the invoice sequence fields in account.config.settings view in openerp 7(in Settings/Configuration/Accounting) to be readonly for every users except admin(uid=1)

Avatar
Mohammad Alhashash
-

You should use a record rule directly on the sequence object. The configuration wizard just takes the user input and applies the change to the sequence object. It is a different concept; check this answer. You can ask another question and someone may help.

Avatar
Omal Bastin
-

i didnt get a correct answer but i hope these are some options that we can do. so accepting it as answer

Avatar
Vaibhav
-

Suppose I have many2one field "demo_field" and I have two groups "demogroup1","demogroup2" then for demo1 group I want demo_field as default functoinality of many2one field and for demogroup2 demo_field is readonly then what can I do?

Avatar
Omal Bastin
-

@vaibhav please check the answer that is marked as correct answer

Avatar
dirtyHandsPHP
-

Thanks @Mohammad: Nice and meaning-full answer :)

0
Avatar
Yannick Vaucher
Best Answer

If you need it widely, what you can do is override the fields_view_get method.

If this is only for few fields, you can create a readonly related field and use groups in xml to define which one is seen.

<field name="my_field" groups="group_editors"/>
<field name="rel_my_field" groups="group_viewers"/>
5 Comments
Avatar
Discard
Avatar
Mohammad Alhashash
-

View customization using fields_view_get or groups=... XML attributes is just for usability, not a security measure. Fields can still be updated easily using simple json queries in browser console.

Avatar
Yannick Vaucher
-

Thanks Mohammad, As question was not tagged with security tag previously, I understood it only as a matter of readonly in visualization. It depends if this is a real security issue or simply a way to ease user's experience.

Avatar
Vaibhav
-

Suppose I have many2one field "demo_field" and I have two groups "demogroup1","demogroup2" then for demo1 group I want demo_field as default functionality of many2one field and for demogroup2 demo_field is readonly then what can I do?

Avatar
Omal Bastin
-

@vaibhav please check the answer that is marked as correct answer

Avatar
Vaibhav
-

but related field is not storing in DB ? So how to display that field in tree view ?

0
Avatar
Borni DHIFI
Best Answer

Basic field properties (Required,Readonly,Searchable) can not be modified by the configuration! must change the code in Python and preferably by adding a new module. but you can edit fields personalized.

Avatar
Discard