Skip to Content
This question has been flagged
securityxmlrulesodoo-8
3374 Views
Avatar
Juan Formoso Vasco

MY PURPOSE

I'm trying to use security rules to achieve the following purpose:

I need to add in users model a field which will set which warehouses each user can modify. This is because I want to hide the stock moves you aren't allowed to see (stock moves of other warehouses).

WHAT I DID

I've created a Many2many field named allowed_warehouses in res.users model. From here, the administrator can select which warehouses can be used by each user.

Then, I took advantage of the existing fields of Odoo, stock.move model has a Many2one field named picking_type_id, pointing to stock.picking.type model. And stock.picking.typemodel has a Many2one field named warehouse_id, pointing to stock.warehouse.

So the rule was easy in theory:

<record model="ir.rule" id="poc_stock_move_allowed_warehouses">
    <field name="name">stock.move: interaction only allowed if warehouse matches</field>
    <field name="model_id" ref="stock.model_stock_move"/>
    <field name="domain_force">[('picking_type_id.warehouse_id', 'in', user.allowed_warehouses.mapped('id'))]</field>
    <field name="perm_read" eval="True"/>
    <field name="perm_write" eval="True"/>
    <field name="perm_create" eval="True"/>
    <field name="perm_unlink" eval="True"/>
</record>

With this rule, I expected users to see only the stock moves of their allowed warehouses.

THE RESULT

Everything was working almost OK, and I say almost because some weird things are breaking down all the development. For example, I'm allowed to use all the warehouses, and I create a new picking with one stock move, this move has the Product A. I save, and everything goes fine. But if I do exactly the same but choosing Product B instead, I got an access error just after clicking on Save button, so I can't see the moves of that picking anymore. It seems that the move is forbidden for me (despite I should be seeing it), but not! If I go to look for this move in other view (for example in the Traceability > Stock Moves menu), I can see the move in the tree view, and open its form view with no errors! And if I modify the move in PostgreSQL and replace Product B with Product A, I can see the move from the picking view... Of course, if I remove my rule and restart the service, I can see the move in the picking view it doesn't matter if the product is A or B.

MY CONCLUSION

There must be some field in Product B which is shooting my rule, but I can't understand that because my rule is not affected by product fields, and if it was, why can I see the move in some views and not in other ones?

Please, can anyone help me with at least an idea, I'm running out of them!

Avatar
Discard
Related Posts Replies Views Activity
Setting up rules' Access Right in xml,csv files
security xml rules
Avatar
1
Dec 22
23142
How to create user Group Application for your module? Solved
security xml group
Avatar
Avatar
6
Jan 21
43056
Manage Security
security modules rules
Avatar
2
Jun 20
1868
inherit some group permissions to another group Solved
security xml odoo11.0
Avatar
Avatar
1
Dec 23
9484
Enable employees to see their own attendance history
security xml odoo11.0
Avatar
Avatar
Avatar
2
Jan 20
3764