Community mailing list archives

Re: security modification question

Arjan Duijs
- 06/08/2016 09:38:25
cheers ill look into that one.
I ended up altering the view a bit. imo the HR Settings tab should only be visible for HR Managers (<page string="HR Settings" groups="base.group_hr_manager">) and not officers. (which fixes the show/hide of the timesheet cost)
And thereafter i moved the "Timesheet" (  to the oficer group access rights. (which solves the 'manager and HR assistant can add timesheets for employees).

2016-06-07 18:22 GMT-05:00 Dominique KON SUN TACK <>:


It seems that you are using global record rules. Have you tried to use record rules applied specifically on groups?

Take the example of sales see own leads, and sales see all leads.
The former can see only leads assigned to the user, the latter can see all leads. There are two records rules (one is 1 = 1), applied on two different groups.

On 8 Jun, 2016 6:03 am, "Arjan Duijs" <> wrote:
Hi all,

I want to add some extra security to the hr.employee model.
two rules for the timesheet_cost field.

- Visible for only self and below in hierarchy
- Only 'Human resources/Officer' can edit

I have tried it with a security rule for the Employee object with the rule "[('id', 'child_of', [ for employee in user.employee_ids])]"

 it did work,but that was a bit too rigorous. the hr officers werent able to fill in timesheets for other employees afterwards.

then i tried to edit the field directly but got a nice pop up saying i couldnt modify that and should be done through an addon.

in the "Odoo development cookbook" chapter 10:  "Limit access to fields in models" it is explained but directly in the model. 
since this is a core model i doubt this is the way to do so.

What is the proper way to implement this?

Post to:

Post to: