Community mailing list archives

community@mail.odoo.com

RE: Record Security For Groups (that ar NOT groups)

by
Omal Bastin
- 10/12/2016 14:13:53

If you check record rule of projects you will get clear idea. Projects have a record rule which checks for followers of the project. I believe this is exactly your case


On Oct 12, 2016 9:36 PM, "Phillip" <phillips@aimsystems.ca> wrote:
Or being that there are likely only a few members is it better to create 
10 many2one user relationships on the record which get programatically 
assigned to the members of the many2many. Each user is part of a 
security group which allows viewing a record in the model if user_id_1, 
or user_id_2, or user_id_3 or ... = user.id.

Security rules work great if you are talking about members of a security 
group. However how do you appropriately  provide access to specific 
records to specific users leaving security groups out of the mix?


I have a model which has a Many2many relationship with res.users. So 
many users can be associated with a record. I would like to restrict 
access to each record entirely to users who are a part of that Many2many 
relationship. I could create a security group for each record and add 
the users into it programatically however I could have thousands of 
records (which means thousands of groups) and so this does not seem to 
be the appropriate way to accomplish this restriction. However the 
force_domain field will no let me do the obvious thing 
[('user.id','in','user_ids')] as 'user_ids' is the field on the record I 
am evaluating security for.


Is there a way to check if a user is a member of a many2many field on a 
record for security access?

Or should I programatically update the security rule every time the 
many2many is modified. So the force_domain would be updated with an 
explicit list of the record members which would all be 'or'd like this.

['|',(1,'=',user.id),(2,'=',user.id)]

Although the many2many has no restriction on number of members in most 
cases there will only be 1 to 3 members which will not be an overly 
cumbersome sql query.


Please let me know you thoughts, I would really appreciate it.

Phillip

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe