Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

2

Record Rule to allow a User to update their own Employee object without belonging to Officer group

v7
By
Ashley Felton
on 10/20/13, 10:09 PM 4,306 views

I am trying to define a Record Rule within OpenERP that allows a User who is not in the Officer group to change their own Employee record only, while still keeping the existing global rule allowing users in the Officer group to edit all Employee records. I've gotten as far as setting up a custom rule with the following details:

  • Object: Employee
  • Apply for Read: checked
  • Apply for Write: checked
  • Rule Definition: [('user_id', '=', user.id)]

However, all this seems to do is remove the ability of the User to read any Employee record except for their own. As far as I can tell, I need to combine something like the rule above with a logical OR operator to the Access Control rule applying to users in the "Officer" group. Can anyone give me any pointers for how to accomplish this?

Edit: My desired behaviour is thus:

  • All users (Employee group) can search and read all Employee records.
  • Users in the Employee group can edit their own Employee record, but not others.
  • Users in the Officer group can edit all Employee records (this is default behaviour for the HR module).

Tried thus far:

  • Modify the Record Rule described above (User_edit_own_employee_rule) to apply only for Write operations, not Read operations (users can see all Employee records, but not edit any records including their own).
  • Modify the hr.employee system user Access Control rule to allow Write operations (users can now edit all Employee records).

One clue I have is that, using the API to return an employee's user_id in the shell, OpenERP returns [5, 'Joe Bloggs']. I wonder whether my Record Rule is querying the foreign key relationship properly?

6
Prajul P T
On 11/5/13, 12:39 AM

Providing access rule is one part of the solution. If you look at "Access Control List" in "Settings > Technical > Security > Access Controls Lists", you can see that the group Hr Employee has only read access to the model hr.employee. So first you have to provide write access also to model hr.employee for group Employee. After you have allowed write access to the group Employee for model hr.employee,

  • Create a new record rule from Settings > Technical > Security > Record Rules named User_edit_own_employee_rule (As you wish).
  • Provide domain for this group User_edit_own_employee_rule as [('user_id', '=', user.id)]. And this domain should apply for Read and Write. ie; by check "Apply for Read" and "Apply for Write" Boolean field.
  • Create another record rule named User_edit_own_employee_rule_1
  • Provide domain for this group User_edit_own_employee_rule as [('user_id', '!=', user.id)]. And this domain should apply for Read only. ie; check "Apply for Read".

Now by creating two record rule for the group Employee, we can provide access to read and write his/her own record but only to read other employee records.

Let me summarize:

Provide write access in access control list to model hr.employee for group Employee. Create two record rule:

User_edit_own_employee_rule :

  • Name : User_edit_own_employee_rule
  • Object : Employee
  • Apply for Read : Checked
  • Apply for Write : Checked
  • Rule Definition : [('user_id', '=', user.id)]
  • Groups : Human Resources / Employee

User_edit_own_employee_rule_1 :

  • Name : User_edit_own_employee_rule_1
  • Object : Employee
  • Apply for Read : Checked
  • Apply for Write : Un Checked
  • Rule Definition : [('user_id', '!=', user.id)]
  • Groups : Human Resources / Employee

Hope This Helps....

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

3 follower(s)

Stats

Asked: 10/20/13, 10:09 PM
Seen: 4306 times
Last updated: 10/26/16, 11:40 PM