I built a module for invoicing where project managers can approve or reject invoices.

I'm trying to create new access rights and record rules for group project manager so that when project manager logs in, the form view fields are readonly for them so that they can't edit it. They can still access the page when the invoices are in awaiting approval state and have ability to click on buttons but can't edit any fields.

record id="record_rule_project_manager_readonly" model="ir.rule"
	​field name="name">Project Manager Readonly      
	​field name="model_id" ref="model_vendor_bill"      
	​field name="groups" eval="[(4, ref('group_project_manager'))]"     
	​field name="perm_read" eval="1"       
	​field name="perm_write" eval="0"      
	​field name="perm_create" eval="0"      
	​field name="perm_unlink" eval="0"      
	​field name="domain_force">[('state', '!=', 'awaiting_approval')
 record

 

 When I go to the page logged in as project manager, I can't access the page. I get this message:

Due to security restrictions, you are not allowed to access 'Vendor Bill' (vendor.bill) records. Records: vendor.bill,2 (id=2) User: Boris Veselov (id=41) This restriction is due to the following rules: - Project Manager Readonly Contact your administrator to request access if necessary.

What can I do to change anything in the code or anyway to bypass it?