Skip to Content
This question has been flagged
securitygroupsrecord_rulesdomain_filter
3 Replies
6130 Views
Avatar
Ragav Y

I have several groups of users and one of those groups is 'group_reporter'. And this group can create requests and report it. While they create a new request it will be in 'Draft' stage and once they report it, it will be moved to 'Report'.

They should only be able to edit the request when it is in the 'Draft' stage. In the 'Report' stage it has to be in read-only state.

So I've written these two record rules:-

</record> -->
<!--
Name: Request Reporter - Edit
Group(s): group_reporter
Records: Incidents
Condition: if (user is owner of the record AND incident is in Draft stage)
Access Rights: Read/Write/Create
   -->
<record id="rule_request_basic_reporter_edit" model="ir.rule">
    <field name="name">Request Reporter - Edit</field>
    <field name="model_id" ref="generic_request.model_request_request"/>
    <field name="domain_force">[('created_by_id', '=', user.id), ('stage_type_name', '=', 'Draft')]</field>
    <field name="groups" eval="[(4, ref('generic_request.group_reporter'))]"/>
    <field eval="0" name="perm_unlink"/>
    <field eval="1" name="perm_write"/>
    <field eval="1" name="perm_read"/>
    <field eval="1" name="perm_create"/>
</record>

<!--
Name: Request Reporter - Edit
Group(s): group_reporter
Records: Incidents
Condition: if (user is owner of the record AND (incident is in Report stage))
Access Rights: Read-only
   -->
<record id="rule_request_basic_reporter_read_only" model="ir.rule">
    <field name="name">Request Reporter - Read-only</field>
    <field name="model_id" ref="generic_request.model_request_request"/>
    <field name="domain_force">[('created_by_id', '=', user.id),('stage_type_name', '=', 'Report')]</field>
    <field name="groups" eval="[(4, ref('generic_request.group_reporter'))]"/>
    <field eval="0" name="perm_unlink"/>
    <field eval="0" name="perm_write"/>
    <field eval="1" name="perm_read"/>
    <field eval="0" name="perm_create"/>
</record>

But for some reason I am still able to edit the requests that are in 'Report' stage. I'm not sure what's wrong.

Avatar
Discard
Avatar
Hassan Ghannoum
Best Answer

record rules will work as follows:

  1. The logical operation for global record (no groups) rules is 'AND' 
  2. The logical operation for groups record rules is 'OR'


Avatar
Discard
Avatar
Chris TRINGHAM
Best Answer

It's difficult to offer advice without knowing the full setup, but is it possible that the users are members of another user access group that has access to this Model and the Record Rules (for that group) are less restrictive?

Avatar
Discard
Avatar
Pinakin Nayi (Certified V15, V16)
Best Answer

I haven't checked your code but sometimes the record rule apply only when you restart the server. The result actually stored in pre-cache and it will not apply instantly. 

Avatar
Discard
Related Posts Replies Views Activity
Security groups and record rules Solved
security record_rules
Avatar
Avatar
1
Nov 24
163
Help Needed with Record Rule in Odoo: Access Denied Error
security groups record_rules helpme odoo17
Avatar
1
Sep 24
248
Domain Filtering help: Is there any operator like 'includes' or 'contains', which will do the inverse of 'child_of' operator? Solved
record_rules domain_filter
Avatar
Avatar
2
Oct 22
9947
Add unlink = False for record rule not work
security record_rules
Avatar
0
Aug 21
1202
Restrict access by company Solved
security record_rules
Avatar
1
Jun 19
3128