Community mailing list archives

community@mail.odoo.com

Record Security For Groups (that are NOT groups)

by
Phillip
- 10/12/2016 10:38:48
I have a model which has a Many2many relationship with res.users. So 
many users can be associated with a record. I would like to restrict 
access to each record entirely to users who are a part of that Many2many 
relationship. I could create a security group for each record and add 
the users into it programatically however I could have thousands of 
records (which means thousands of groups) and so this does not seem to 
be the appropriate way to accomplish this restriction. However the 
force_domain field will no let me do the obvious thing 
[('user.id','in','user_ids')] as 'user_ids' is the field on the record I 
am evaluating security for.


Is there a way to check if a user is a member of a many2many field on a 
record for security access?

Or should I programatically update the security rule every time the 
many2many is modified. So the force_domain would be updated with an 
explicit list of the record members which would all be 'or'd like this.

['|',(1,'=',user.id),(2,'=',user.id)]

Although the many2many has no restriction on number of members in most 
cases there will only be 1 to 3 members which will not be an overly 
cumbersome sql query.


Please let me know you thoughts, I would really appreciate it.

Phillip