Community mailing list archives

Record Security For Groups (that are NOT groups)

Phillip Stack, Phillip
- 10/12/2016 10:38:48
I have a model which has a Many2many relationship with res.users. So 
many users can be associated with a record. I would like to restrict 
access to each record entirely to users who are a part of that Many2many 
relationship. I could create a security group for each record and add 
the users into it programatically however I could have thousands of 
records (which means thousands of groups) and so this does not seem to 
be the appropriate way to accomplish this restriction. However the 
force_domain field will no let me do the obvious thing 
[('','in','user_ids')] as 'user_ids' is the field on the record I 
am evaluating security for.

Is there a way to check if a user is a member of a many2many field on a 
record for security access?

Or should I programatically update the security rule every time the 
many2many is modified. So the force_domain would be updated with an 
explicit list of the record members which would all be 'or'd like this.


Although the many2many has no restriction on number of members in most 
cases there will only be 1 to 3 members which will not be an overly 
cumbersome sql query.

Please let me know you thoughts, I would really appreciate it.