Community mailing list archives

security modification question

Arjan Duijs
- 06/07/2016 17:58:04
Hi all,

I want to add some extra security to the hr.employee model.
two rules for the timesheet_cost field.

- Visible for only self and below in hierarchy
- Only 'Human resources/Officer' can edit

I have tried it with a security rule for the Employee object with the rule "[('id', 'child_of', [ for employee in user.employee_ids])]"

 it did work,but that was a bit too rigorous. the hr officers werent able to fill in timesheets for other employees afterwards.

then i tried to edit the field directly but got a nice pop up saying i couldnt modify that and should be done through an addon.

in the "Odoo development cookbook" chapter 10:  "Limit access to fields in models" it is explained but directly in the model. 
since this is a core model i doubt this is the way to do so.

What is the proper way to implement this?