Community mailing list archives

community@mail.odoo.com

Re: Field Security in odoo v8??

by
Martin Trigaux (mat)
- 02/16/2016 04:31:53
On 16/02/16 10:18, mihir shah wrote:
> I want to give fields level security in odoo v8,
> suppose certain fields should only be editable by certain group of user
> else it should be read only for all the users.

Short answer: you can't

The only built in mechanism for field level access is the attribute 
"groups" that you can set on your field definition.
e.g: fields.char("Private Key", groups="base.group_system")
If your user is not in the appropriate group, the field will not exists 
for him. This means that you will get an error "unknown field" if you 
try to render a view with this field present.
This is a bit touchy and I wouldn't advise it in most cases.

Another solution is to check what is done for the fields password and 
password_crypt in base and auth_crypt module 
(openerp.base.res.res_users.USER_PRIVATE_FIELDS) where the "read" method 
is overridden to prevent accessing the content of these fields but to 
avoid crashing if you try to display or access it.

Martin

-- 
Martin Trigaux
Odoo
https://odoo.com
https://github.com/mart-e