Community mailing list archives
Re: Record Security For Groups (that ar NOT groups)by
This looks exactly like what I am looking for. Now that I look at it, I am a tad embarrassed.
If you check record rule of projects you will get clear idea. Projects have a record rule which checks for followers of the project. I believe this is exactly your case
On Oct 12, 2016 9:36 PM, "Phillip" <email@example.com> wrote:
Or being that there are likely only a few members is it better to create 10 many2one user relationships on the record which get programatically assigned to the members of the many2many. Each user is part of a security group which allows viewing a record in the model if user_id_1, or user_id_2, or user_id_3 or ... = user.id. Security rules work great if you are talking about members of a security group. However how do you appropriately provide access to specific records to specific users leaving security groups out of the mix? I have a model which has a Many2many relationship with res.users. So many users can be associated with a record. I would like to restrict access to each record entirely to users who are a part of that Many2many relationship. I could create a security group for each record and add the users into it programatically however I could have thousands of records (which means thousands of groups) and so this does not seem to be the appropriate way to accomplish this restriction. However the force_domain field will no let me do the obvious thing [('user.id','in','user_ids')] as 'user_ids' is the field on the record I am evaluating security for. Is there a way to check if a user is a member of a many2many field on a record for security access? Or should I programatically update the security rule every time the many2many is modified. So the force_domain would be updated with an explicit list of the record members which would all be 'or'd like this. ['|',(1,'=',user.id),(2,'=',us
er.id)] Although the many2many has no restriction on number of members in most cases there will only be 1 to 3 members which will not be an overly cumbersome sql query. Please let me know you thoughts, I would really appreciate it. Phillip