we are using Odoo version 9. In the timesheet a user can pick any user and submit timesheet as that user. This option should be only available to Administrators. Can somebody please help out with a solution.
Thanks
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Accounting
- Inventory
- PoS
- Project management
- MRP
This question has been flagged
2
Replies
2772
Views
You should change the record rule that allows "write" on a timesheet.
For example, the following rule will allow a user to create, view and update only his own timesheet.
<!-- basic users can only view their timesheets-->
<record model="ir.rule" id="timesheet_users">
<field name="name">Allow users to view only their own timesheets</field>
<field name="model_id" ref="hr_timesheet_sheet.model_hr_timesheet_sheet_sheet"/>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
<field name="domain_force">['|',('employee_id.user_id','=',user.id),('employee_id','=',False)]</field>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_unlink" eval="False"/>
<field name="perm_create" eval="True"/>
</record>
Since there is now a security rule defined for the timesheets, you should create another rule to give full access for, for example, hr managers:
<!-- HR manager can see all timesheets -->
<record model="ir.rule" id="timesheet_hr_manager">
<field name="name">Allow HR manager to see all timesheets</field>
<field name="model_id" ref="hr_timesheet_sheet.model_hr_timesheet_sheet_sheet"/>
<field name="groups" eval="[(4, ref('base.group_hr_manager'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_unlink" eval="False"/>
<field name="perm_create" eval="False"/>
</record>
Will anybody be kind enough to post a reply. We are very much stuck.
