Community mailing list archives

community@mail.odoo.com

Re: User manageable record level access restrictions

by
Karlis Dreizis
- 02/29/2016 05:51:33
Maybe it would have been better labeled as sharing. A user who has access to a record also being able to share the record with another users or group seems to be well within the realm of reason. Ideally sharing itself could of course also be limited with a flag. 

On Mon, Feb 29, 2016 at 12:22 PM, Dominique KON SUN TACK <dominique.k@elico-corp.com.sg> wrote:

It sounds a bit odd that end users can modifiy record access or model access in a business software environment...

Or is it to simplify the job of the admin?

On 29 Feb, 2016 6:14 pm, "Karlis Dreizis" <karlisdreizis@gmail.com> wrote:

Odoo v9 only gives the ability to restrict access to fields, the model itself or individual records. The simple way to achieve the desired result would be access rules, but you can't expect a regular user to construct the appropriate domain.

The naive way one might approach this problem is to have something similar to mail.thread extend with a list of allowed/subscribed users and a record rules. There would be 4 record rule entries for each CRUD operation respectively with a domain that checks whether the group or user qualifies for the rule. [('user.id', 'in', [shared_group_ids.users.ids])]

Then the user could add groups and or users via a custom js interface or via a odoo wizard.

Although it could be done like this. It seems a tad clunky. I would love to hear from the community. What approach would you take to solve this kind of problem? 


​Regards, Karlis

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe




--
Ar cieņu,
Kārlis