How do I configure record rules to allow limited access to changing stage on project.task?
I'm having trouble setting up record rules in V11 CE, specifically to manage rights to change the stage of a project.task. The relevant rules (I think) are in the image below.
I have the Project Team module installed (which creates project_id.members) and a custom many2many field in project.task called 'facilitators' with a relationship to res_users. I also have a situation where pretty much everyone in my organisation is in the Project Manager group (as they all run their own projects at times), but they are all involved in projects where they are not the Project Manager, and need to have some restrictions placed on what they can do in those projects.
I want anyone belonging to the Project Team to be able to see all tasks in a project.
I want anyone who is assigned to a task (user_id) to be able to read & write to their own tasks, and create their own as well, but not delete any tasks, even their own. That should just by the project managers right.
I want the Project Manager for the Project to have full rights on all tasks belonging to that Project.
All of this is working fine with the exception that a user assigned to a task cannot change the task stage. Everything else about the task is editable within the constraints that I am looking for, just not the task stage. It's only the user that is assigned as Project Manager that is able to do that without getting this error
2019-05-21 02:28:26,063 8329 INFO production odoo.models: The requested operation cannot be completed due to record rules: Document type: project.task, Operation: read, Records: 6575, User: 127
I'm guessing this has something to do with the interaction of the rules below though I can't for the life of me figure out how. I also wondered about the rule for 'Task Stage' below which prevents anyone but the Administrator from creating new stages (we were getting lots of duplicate stages and the stage sequences were being disrupted too much), but I made that inactive and it didn't make any difference, plus the error above clearly states that it's a record rule on project.task that is blocking here, so I've discounted that.
Can anyone offer suggestions of things to try?