Odoo 11. Trouble with record rules/access rules

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Accounting
Inventory
PoS
Project management
MRP

Take the tour

Posts People Badges

Tags View all

odoo accounting v7 pos invoice

About this forum

Help

Odoo 11. Trouble with record rules/access rules

2 Replies

6015 Views

record_rules access_rules odoov11

FCarmo

Hi everyone,

I'm trying to add some security rules to my module, but I'm unable to do so.

I'm using multi company and trying to show only records that meet these requirements:
> Same company
> Same company and shared resource either True or False
> Different Company and shared resource must be True

The rules do exactly what I want, except when I try to enter a record it says that I need "read permissions"

P.S: Don't worry about the rule names. I'm trying to start this first.

This is what I have:

From the csv security file.

id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_neos_res_company_user,access_neos_res_company_user,base.model_res_company,neos_resource_reservation.group_neos_resource_user,1,0,0,0
access_neos_res_users_user,access_neos_res_users_user,base.model_res_users,neos_resource_reservation.group_neos_resource_user,1,1,0,0
access_neos_res_partner_user,access_neos_res_partner_user,base.model_res_partner,neos_resource_reservation.group_neos_resource_user,1,1,0,0
access_neos_resource_user,access_neos_resource_user,model_resource_reservation,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_access_right_user,access_fleet_vehicle_access_right_user,fleet.model_fleet_vehicle,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_model_access_right_user,access_fleet_vehicle_model_access_right_user,fleet.model_fleet_vehicle_model,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_tag_access_right_user,access_fleet_vehicle_tag_access_right_user,fleet.model_fleet_vehicle_tag,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_state_access_right_user,access_fleet_vehicle_state_access_right_user,fleet.model_fleet_vehicle_state,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_model_brand_access_right_user,access_fleet_vehicle_model_brand_access_right_user,fleet.model_fleet_vehicle_model_brand,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_service_type_access_right_user,access_fleet_service_type_access_right_user,fleet.model_fleet_service_type,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_access_fleet_vehicle_cost_user,access_access_fleet_vehicle_cost_user,fleet.model_fleet_vehicle_cost,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_odometer_access_right,access_fleet_vehicle_odometer_access_right,fleet.model_fleet_vehicle_odometer,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_log_services_access_right_user,access_fleet_vehicle_log_services_access_right_user,fleet.model_fleet_vehicle_log_services,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_log_contract_access_right_user,access_fleet_vehicle_log_contract_access_right_user,fleet.model_fleet_vehicle_log_contract,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_log_fuel_access_right,access_fleet_vehicle_log_fuel_access_right,fleet.model_fleet_vehicle_log_fuel,neos_resource_reservation.group_neos_resource_user,1,1,1,0

And from the xml security file:

<?xml version="1.0" encoding="utf-8"?>
<odoo>
    <data noupdate="0">
        <!--####################### GROUPS #######################-->
        <record id="module_neos_resource_reservation" model="ir.module.category">
            <field name="name">Resource Management</field>
            <field name="description">Permissions for the resource reservation module.</field>
            <field name="sequence">20</field>
        </record>

        <record id="group_neos_resource_anon_user" model="res.groups">
            <field name="name">Anonymous</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="implied_ids" eval="[(4, ref('base.group_public'))]" />
            <field name="comment">Anonymous User Group.</field>
        </record>

        <record id="group_neos_resource_user" model="res.groups">
            <field name="name">User</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="implied_ids" eval="[(4, ref('base.group_user'))]"/>
            <field name="comment">Common user</field>
        </record>

        <record id="group_neos_resource_manager" model="res.groups">
            <field name="name">Manager</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="users" eval="[(4, ref('base.user_root'))]"/>
            <field name="implied_ids" eval="[(6, 0, [
                ref('group_neos_resource_user'),
            ])]"/>
            <field name="comment">This user will have access to all records of everyone within is own company.</field>
        </record>

        <record id="group_neos_resource_sudo_manager" model="res.groups">
            <field name="name">Super Manager</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="users" eval="[(4, ref('base.user_root'))]"/>
            <field name="implied_ids" eval="[(6, 0, [
                ref('group_neos_resource_manager'),
            ])]"/>
            <field name="comment">This user will have access to everything.</field>
        </record>

        <!--####################### USER #######################-->
        <record id="rule_fleet_vehicle_owner_user" model="ir.rule">
            <field name="name">User owner vehicle</field>
            <field name="model_id" ref="fleet.model_fleet_vehicle"/>
            <field name="global" eval="True"/>
            <field name="groups" eval="[(4, ref('group_neos_resource_user'))]"/>
            <field name="domain_force">[('owner_id','=',user.company_id.id),'|',('shared_resource','=',True),('shared_resource','!=',True)]</field>
        </record>
        
        <record id="rule_fleet_vehicle_owner_user2" model="ir.rule">
            <field name="name">User owner vehicle</field>
            <field name="model_id" ref="fleet.model_fleet_vehicle"/>
            <field name="global" eval="True"/>
            <field name="groups" eval="[(4, ref('group_neos_resource_user'))]"/>
            <field name="domain_force">[('owner_id','!=',user.company_id.id),('shared_resource','=',True)]</field>
            <field name="perm_read" eval="True"/>
            <field name="perm_write" eval="False"/> <!-- eval="True" -->
            <field name="perm_create" eval="False"/>
            <field name="perm_unlink" eval="False"/>
        </record>
        
        <!--####-->
        
        <!--<record id="rule_fleet_vehicle_owner_user3" model="ir.rule">-->
        <!--    <field name="name">User owner vehicle</field>-->
        <!--    <field name="model_id" ref="fleet.model_fleet_vehicle"/>-->
        <!--    <field name="groups" eval="[(4, ref('group_neos_resource_user'))]"/>-->
        <!--    <field name="domain_force">[('owner_id','!=',user.company_id.id),('shared_resource','!=',True)]</field>-->
        <!--    <field name="perm_read" eval="True"/>-->
        <!--    <field name="perm_write" eval="True"/>-->
        <!--    <field name="perm_create" eval="False"/>-->
        <!--    <field name="perm_unlink" eval="False"/>-->
        <!--</record>-->
        <!---->
        <!--####-->

Funny thing is, if I uncomment the record rule above, and replace the record "rule_fleet_vehicle_owner_user2" perm_write with "True", it shows every record (which is not what I want) and I can do everything normally.

Any guesses on what is wrong?

Thank you and have a good day

Tiến Paul

in "rule_fleet_vehicle_owner_user2"and "rule_fleet_vehicle_owner_user3"
Not used by True or False that is 1 or 0

<field name="perm_read" eval="True"/>-->
        <!--    <field name="perm_write" eval="True"/>-->
        <!--    <field name="perm_create" eval="False"/>-->
        <!--    <field name="perm_unlink" eval="False"/>--> Must be
<field name="perm_read" eval="1"/>-->
        <!--    <field name="perm_write" eval="1"/>-->
        <!--    <field name="perm_create" eval="0"/>-->
        <!--    <field name="perm_unlink" eval="0"/>-->
Not used by True or False

Arturo Ruiz

Hi, in your csv security file line # 6 you use "fleet.model_fleet_vehicle" and the values at end of this line are "1,1,1,0".
In your xml security file, under "<record id="rule_fleet_vehicle_owner_user2" model="ir.rule"> the last 4 lines <field name> are eval as True, False, False, False.
You said "Funny thing is ...." , are you tried using True, True, True, False (1,1,1,0) ?

This question has been flagged