Error Access when implement custom field on inherited view res.users

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Contabilità
Magazzino
PoS
Project
MRP

All apps

Tutti gli articoli Persone Badge

Etichette (Mostra tutto)

odoo accounting v14 pos v15

Sul forum

Assistenza

Error Access when implement custom field on inherited view res.users

res.users odooV17 OdooV17

1 Rispondi

1084 Visualizzazioni

Aji Ananta

I make field custom type binary (x_signature) to model res.users, and i try to add this custom field to view. When i implement this, when user click My Profile get Access Error. Its solved if i grant user access to Employees both administrator/officer. but i don't want it. i want still implement custom field on inherited view without give grant access Employees and not access error

Inherited view: res.users.preferences.form.inherit

<data>
    <xpath expr="//field[@name='employee_type']" position="after">
        <field name="x_signature" widget="image"/>
    </xpath>
</data>

Access Error

The requested operation can not be completed due to security restrictions. Document type: User (res.users) Operation: read User: 14 Fields: - barcode (allowed for groups 'Employees / Officer: Manage all employees') - birthday (allowed for groups 'Employees / Officer: Manage all employees') - certificate (allowed for groups 'Employees / Officer: Manage all employees') - children (allowed for groups 'Employees / Officer: Manage all employees') - country_of_birth (allowed for groups 'Employees / Officer: Manage all employees') - emergency_contact (allowed for groups 'Employees / Officer: Manage all employees') - emergency_phone (allowed for groups 'Employees / Officer: Manage all employees') - employee_bank_account_id (allowed for groups 'Employees / Officer: Manage all employees')

... ...

...

Gracious Joseph

The Access Error occurs because the res.users model and its inherited fields (such as fields added by the Employees module) require specific access rights that your users do not have. When you add a custom field (x_signature) to the res.users model, any reference to that field in the res.users view triggers access checks for related fields as well. In this case, fields inherited from hr.employee (e.g., barcode, birthday) are restricted to users with specific Employee-related permissions.

Here’s how you can resolve this without granting additional access rights to the Employees module:

Solution 1: Use a Separate Model for the Custom Field

Instead of adding the custom field (x_signature) directly to res.users, create a new model and link it to res.users. This isolates your custom field from access rules defined for the Employees module.

Create a New Model: Define a new model (res.user.signature) with a Many2One relation to res.users:

pythonCopy codefrom odoo import models, fields

class ResUserSignature(models.Model):
    _name = 'res.user.signature'
    _description = 'User Signature'

    user_id = fields.Many2one('res.users', string="User", required=True, ondelete='cascade')
    signature = fields.Binary(string="Signature")

Add the Field to the View: Extend the res.users view to include the signature field from the new model:

xmlCopy code<record id="view_res_users_signature" model="ir.ui.view">
    <field name="name">res.users.signature.form.inherit</field>
    <field name="model">res.users</field>
    <field name="inherit_id" ref="base.view_users_form" />
    <field name="arch" type="xml">
        <xpath expr="//field[@name='employee_type']" position="after">
            <field name="user_signature_ids.signature" widget="image"/>
        </xpath>
    </field>
</record>

Ensure you add a computed or related field in res.users to link the signature:

pythonCopy codeclass ResUsers(models.Model):
    _inherit = 'res.users'

    user_signature_ids = fields.One2many(
        'res.user.signature', 'user_id', string="Signatures"
    )

Test Access Rights: This approach isolates the x_signature field, and users will not encounter access errors since you’re no longer inheriting restricted fields from hr.employee.

Solution 2: Adjust Field Access Control

If you need to keep the x_signature field on the res.users model, explicitly set its access rights to make it accessible for users without permissions to the Employees module.

Grant Access to the Custom Field: Add a record rule or modify field-level security for x_signature:

pythonCopy codefrom odoo import models, fields

class ResUsers(models.Model):
    _inherit = 'res.users'

    x_signature = fields.Binary(string="Signature", groups="base.group_user")

The groups="base.group_user" ensures that all regular users can access this field.

Ensure the Field is Readable by All Users:
- If the default security on res.users restricts access to fields such as barcode or birthday, ensure your custom field doesn’t trigger access checks for restricted fields. Use sudo() in your Python code if necessary when reading or writing the field.

Solution 3: Use Computed or Related Fields

If the custom field is related to hr.employee but needs to be accessible in res.users, use a computed field that respects user permissions.

Add a Computed Field: Define the x_signature field as a computed field:

pythonCopy codeclass ResUsers(models.Model):
    _inherit = 'res.users'

    x_signature = fields.Binary(string="Signature", compute="_compute_signature")

    def _compute_signature(self):
        for user in self:
            if user.employee_id:
                user.x_signature = user.employee_id.sudo().x_signature
            else:
                user.x_signature = False

Test Access: Using sudo() ensures that the computation bypasses the restrictive access rules for employee_id fields, while users can still view the field on the form.

Solution 4: Adjust the Record Rule for res.users

If you prefer to adjust access rules directly:

Relax the Record Rules: Identify the restrictive record rules for res.users (related to the Employees module) and customize them. For example, you might find rules like this:

xmlCopy code<record id="hr_employee_rule_users" model="ir.rule">
    <field name="name">Employees: User Read Access</field>
    <field name="model_id" ref="base.model_res_users" />
    <field name="groups" eval="[(4, ref('hr.group_hr_user'))]" />
    <field name="domain_force">['|', ('id', '=', user.id), ('employee_ids', '!=', False)]</field>
</record>

Modify or disable the restrictive rule, but note that this is not recommended as it might introduce unintended side effects.

Conclusion

The best solution depends on your specific use case:

Use Solution 1 if you want a clean separation of concerns (best practice).
Use Solution 2 if you want to simplify and directly expose the custom field.
Use Solution 3 if the field is related to hr.employee but should respect access rights.

Ti stai godendo la conversazione? Non leggere soltanto, partecipa anche tu!

Crea un account oggi per scoprire funzionalità esclusive ed entrare a far parte della nostra fantastica community!

Registrati

Post correlati	Risposte	Visualizzazioni
Adding a Button in POS odooV17	1 gen 25	1028
How to Restrict Default CRM Access for All Users in Odoo 17 and Assign Permissions Selectively odooV17	1 nov 24	1318
Purchase order confirmation data display without time Risolto odooV17	2 set 24	1006
Odoo apps module Risolto odooV17	4 set 24	1331
Custom Leave Accrual Calculation in Odoo v17 odooV17	0 ago 24	1375

La domanda è stata contrassegnata