Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

ลูกค้าสัมพันธ์
e-Commerce
ระบบบัญชี
สินค้าคงคลัง
PoS
โปรเจกต์
MRP

All apps

All Posts คน เหรียญรางวัล

แท็ก (View all)

odoo accounting v14 pos v15

เกี่ยวกับฟอรั่มนี้

ช่วยเหลือ

Can I create ir.rule that lets groups have only specific permissions based on state.

security rules groups v14

2 ตอบกลับ

8675 มุมมอง

Samo Arko

I need to define ir.rule that limits the permissions read, create, write, unlink based on state for a specific security group. If I understand correctly the domain_force filters the records.

<record id="tabla_sp_access_rule" model="ir.rule">
	<field name="name">Access ule</field>
	<field name="model_id" ref="tabla_price.tabla_price_group"/>
	<field name="domain_force">[('create_uid','=',user.id)]</field>
	<field name="groups" eval="[(4, ref('tabla_price.tabla_price_group'))]"/>
</record>
<record id="tabla_sp_state_rule" model="ir.rule">
	<field name="name">States rule</field>
	<field name="model_id" ref="tabla_price.tabla_price"/>
	<field name="domain_force">[('state','in', ['done', 'confirmed', 'canceled'])]</field>
	<field name="groups" eval="[(4, ref('tabla_price.tabla_price_group'))]"/>
	<field name="perm_unlink" eval="0"/>
	<field name="perm_write" eval="0"/>
	<field name="perm_read" eval="1"/>
	<field name="perm_create" eval="0"/>
</record>

Because of the domain force now only the records that are from the user and in states will be shown to the user. I need to show user his records and only prevent write and unlink permissions on state.

I cannot just set fields readonly based on states, because different user groups can do different things based on state.

What is the correct way to do this? Can I do this with ir.rules and I just don't undestand domain_force parameter?

EDIT:

I've got 3 groups: Importer <- Validator <- Admin.

Importer can CRUD only his own records when the state is "draft", other states he can only Read them.

Validator can Read all records but he can only Update them when they are in state "update".

Admin can see all records and use CRUDE for states "draft", "update" and "cancel".

All have model rights 1,1,1,1.

Importer
<record id="tabla_sp_importer_access_rule" model="ir.rule">
	<field name="name">Importer Access Rule</field>
	<field name="model_id" ref="model_tabla"/>
	<field name="domain_force">['|', ('create_uid','=',user.id), ('partner_id', '=', user.partner_id.id)]</field>
	<field name="groups" eval="[(4, ref('tabla.tabla_sp_importer'))]"/>
</record>

<record id="tabla_sp_importer_state_rule" model="ir.rule">
	<field name="name">Importer States Rule</field>
	<field name="model_id" ref="model_tabla"/>
	<field name="domain_force">[('state','in', ['done', 'canceled'])]</field>
	<field name="groups" eval="[(4, ref('tabla.tabla_sp_importer'))]"/>
	<field name="perm_unlink" eval="0"/>
	<field name="perm_write" eval="0"/>
	<field name="perm_read" eval="1"/>
	<field name="perm_create" eval="0"/>
</record>


Validator
<record id="tabla_sp_validator_access_rule" model="ir.rule">
	<field name="name">Validator Access Rule</field>
	<field name="model_id" ref="model_tabla"/>
	<field name="domain_force">[(1, '=', 1)]</field>
	<field name="groups" eval="[(4, ref('tabla.tabla_sp_validator'))]"/>
</record>

<record id="tabla_sp_validator_state_rule" model="ir.rule">
	<field name="name">Validator States Rule</field>
	<field name="model_id" ref="model_tabla"/>
	<field name="domain_force">[('state','in', ['draft', 'done', 'canceled'])]</field>
	<field name="groups" eval="[(4, ref('tabla.tabla_sp_validator'))]"/>
	<field name="perm_unlink" eval="0"/>
	<field name="perm_write" eval="0"/>
	<field name="perm_read" eval="1"/>
	<field name="perm_create" eval="0"/>
</record>

Admin
<record id="admin_state_rule" model="ir.rule">
	<field name="name">Administrator States Rule</field>
	<field name="model_id" ref="model_tabla"/>
	<field name="domain_force">[('state','=', 'done')]</field>
	<field name="groups" eval="[(4, ref('tabla.tabla_sp_admin'))]"/>
	<field name="perm_unlink" eval="0"/>
	<field name="perm_write" eval="0"/>
	<field name="perm_read" eval="1"/>
	<field name="perm_create" eval="0"/>
</record>

Iheb Ltaief

คำตอบที่ดีที่สุด

See this example in expense:

<record id="sale_order_rule_expense_user" model="ir.rule">
 <field name="name">Expense Employee can read confirmed SO</field>
 <field ref="sale.model_sale_order" name="model_id"/>
 <field name="domain_force">[('state', '=', 'sale')]</field>
 <field name="groups" eval="[(4, ref('base.group_user'))]"/>
 <field name="perm_read" eval="True"/>
 <field name="perm_write" eval="False"/>
 <field name="perm_create" eval="False"/>
 <field name="perm_unlink" eval="False"/>
</record>

Samo Arko

ผู้เขียน

Thanks... I looked at them, but I'm still having hard time to figure them out. The problem is that I have 3 different user groups that need to have different rights. Will update my question

Iheb

Yes you can set specific rule for each group,

You have to define the group in <field name="groups" eval="[(4, ref('base.group_user'))]"/>

สนุกกับการพูดคุยนี้ใช่ไหม? เข้าร่วมเลย!

สร้างบัญชีวันนี้เพื่อเพลิดเพลินไปกับฟีเจอร์พิเศษและมีส่วนร่วมกับคอมมูนิตี้ที่ยอดเยี่ยมของเรา!

ลงชื่อ

Related Posts	ตอบกลับ	มุมมอง
How to create rule to display only subordinates leave records in openerp security rules groups	1 มี.ค. 15	8521
Is the security "section" required in a new module ? security action.rule rules groups	1 พ.ค. 18	16594
odoo[v8] rules security rules groups odooV8	1 ก.ค. 15	5021
How do I create a group and rules for Hr? security hr rules groups hr_employee	1 ส.ค. 24	2740
Odoo Security group security rules groups Community OdooV13	0 มิ.ย. 22	3074

คำถามนี้ถูกตั้งค่าสถานะ

สนุกกับการพูดคุยนี้ใช่ไหม? เข้าร่วมเลย!