How can I achieve field level access restriction based on logged in user and user group?

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Akuntansi
Inventaris
PoS
Project
MRP

All apps

Semua Post Orang Lencana-Lencana

Label (Lihat semua)

odoo accounting v14 pos v15

Mengenai forum ini

Help

How can I achieve field level access restriction based on logged in user and user group?

hr attrs fields readonly restriction

2 Replies

6637 Tampilan

Namal

Hello everyone
I am currently working in “hr” module customization. The requirement is to give access rights to curtain fields based on the logged in user group (Employee and Colleague). According to the context of my requirement “Employee” access is the freedom to edit his own profile, while “Colleague” can only read other employees profile. When a employee login to system he becomes an employee in his own profile and a colleague when checking other employees profile . Below is my code Below is my code

_defaults= {

'uid': lambda obj, cr, uid, context:uid
}

<record id="my_employee_group" model="res.groups">
<field name="name">My Employee</field>
<field name="comment">My Employee Permission Group.</field>
<field name="category_id" ref="my_module.module_category_hr"/>
</record>

<record id="hr_form_employee_view" model="ir.ui.view">
<field name="name">custom_hr_employee_form</field>
<field name="model">hr.employee</field>
<field name="inherit_id" ref="my_module.view_employee_form"/>
<field name="groups_id" eval="[(6, 0, [ref('my_module.my_employee_group') ])]"/>
<field name="type">form</field>
<field name="arch" type="xml">
<field name='name' position="attributes">
<attribute name="attrs">{'readonly':[('user_id','!=','uid')]}</attribute>
</field>
</field>
</record>

The problem I am facing currently is that an employee can edit his name and his colleague’s name.
How can I achieve this requirement.
Any help is greatly appreciated.

Deepa Venkatesh

Try ORM method called "check_access_rights", in this you can control whether to give access to edit such records or not..

check_access_rights(cr, uid, 'create', raise_exception=False)

Tobi

In ir.model.access.csv:
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
my_access_hr_employee_user,hr.employee user_my_group,hr.model_hr_employee,my_group,1,1,0,0

In security.xml:

    <record model="ir.rule" id="my_group_edit_self">
        <field name="name">User can edit only themselves</field>
        <field name="model_id" search="[('model','=','hr.employee')]" model="ir.model"/>
        <field name="domain_force">[('login', '!=', user.id)]</field>
        <field name="groups" eval="[(4,ref('my_group'))]"/>
        <field name="perm_write" eval="0"/>
        <field name="perm_unlink" eval="0"/>
        <field name="perm_create" eval="0"/>
        <field name="perm_read" eval="1"/>
    </record>

Menikmati diskusi? Jangan hanya membaca, ikuti!

Buat akun sekarang untuk menikmati fitur eksklufi dan agar terlibat dengan komunitas kami!

Daftar

Post Terkait	Replies	Tampilan
readonly option in fields? Diselesaikan fields readonly	3 Des 23	90811
How can I prevent a user from editing a field after it's set? Diselesaikan fields readonly	3 Sep 21	4996
Make tag management only available for Managers fields restriction	0 Nov 16	1266
Read only field for certain user groups fields readonly	1 Sep 15	8880
readonly attrs not working in openerp7 attrs readonly	1 Mar 15	7130

Pertanyaan ini telah diberikan tanda

Menikmati diskusi? Jangan hanya membaca, ikuti!