İçereği Atla
Bu soru işaretlendi
record_rulesaccess_rulesodoov11
2 Cevaplar
7473 Görünümler
Avatar
FCarmo

Hi everyone,

I'm trying to add some security rules to my module, but I'm unable to do so.

I'm using multi company and trying to show only records that meet these requirements:
> Same company
> Same company and shared resource either True or False
> Different Company and shared resource must be True

The rules do exactly what I want, except when I try to enter a record it says that I need "read permissions"

P.S: Don't worry about the rule names. I'm trying to start this first.

This is what I have:

From the csv security file.

id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_neos_res_company_user,access_neos_res_company_user,base.model_res_company,neos_resource_reservation.group_neos_resource_user,1,0,0,0
access_neos_res_users_user,access_neos_res_users_user,base.model_res_users,neos_resource_reservation.group_neos_resource_user,1,1,0,0
access_neos_res_partner_user,access_neos_res_partner_user,base.model_res_partner,neos_resource_reservation.group_neos_resource_user,1,1,0,0
access_neos_resource_user,access_neos_resource_user,model_resource_reservation,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_access_right_user,access_fleet_vehicle_access_right_user,fleet.model_fleet_vehicle,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_model_access_right_user,access_fleet_vehicle_model_access_right_user,fleet.model_fleet_vehicle_model,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_tag_access_right_user,access_fleet_vehicle_tag_access_right_user,fleet.model_fleet_vehicle_tag,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_state_access_right_user,access_fleet_vehicle_state_access_right_user,fleet.model_fleet_vehicle_state,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_model_brand_access_right_user,access_fleet_vehicle_model_brand_access_right_user,fleet.model_fleet_vehicle_model_brand,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_service_type_access_right_user,access_fleet_service_type_access_right_user,fleet.model_fleet_service_type,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_access_fleet_vehicle_cost_user,access_access_fleet_vehicle_cost_user,fleet.model_fleet_vehicle_cost,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_odometer_access_right,access_fleet_vehicle_odometer_access_right,fleet.model_fleet_vehicle_odometer,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_log_services_access_right_user,access_fleet_vehicle_log_services_access_right_user,fleet.model_fleet_vehicle_log_services,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_log_contract_access_right_user,access_fleet_vehicle_log_contract_access_right_user,fleet.model_fleet_vehicle_log_contract,neos_resource_reservation.group_neos_resource_user,1,1,1,0
access_fleet_vehicle_log_fuel_access_right,access_fleet_vehicle_log_fuel_access_right,fleet.model_fleet_vehicle_log_fuel,neos_resource_reservation.group_neos_resource_user,1,1,1,0

And from the xml security file:

<?xml version="1.0" encoding="utf-8"?>
<odoo>
    <data noupdate="0">
        <!--####################### GROUPS #######################-->
        <record id="module_neos_resource_reservation" model="ir.module.category">
            <field name="name">Resource Management</field>
            <field name="description">Permissions for the resource reservation module.</field>
            <field name="sequence">20</field>
        </record>

        <record id="group_neos_resource_anon_user" model="res.groups">
            <field name="name">Anonymous</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="implied_ids" eval="[(4, ref('base.group_public'))]" />
            <field name="comment">Anonymous User Group.</field>
        </record>

        <record id="group_neos_resource_user" model="res.groups">
            <field name="name">User</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="implied_ids" eval="[(4, ref('base.group_user'))]"/>
            <field name="comment">Common user</field>
        </record>

        <record id="group_neos_resource_manager" model="res.groups">
            <field name="name">Manager</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="users" eval="[(4, ref('base.user_root'))]"/>
            <field name="implied_ids" eval="[(6, 0, [
                ref('group_neos_resource_user'),
            ])]"/>
            <field name="comment">This user will have access to all records of everyone within is own company.</field>
        </record>

        <record id="group_neos_resource_sudo_manager" model="res.groups">
            <field name="name">Super Manager</field>
            <field name="category_id" ref="module_neos_resource_reservation"/>
            <field name="users" eval="[(4, ref('base.user_root'))]"/>
            <field name="implied_ids" eval="[(6, 0, [
                ref('group_neos_resource_manager'),
            ])]"/>
            <field name="comment">This user will have access to everything.</field>
        </record>

        <!--####################### USER #######################-->
        <record id="rule_fleet_vehicle_owner_user" model="ir.rule">
            <field name="name">User owner vehicle</field>
            <field name="model_id" ref="fleet.model_fleet_vehicle"/>
            <field name="global" eval="True"/>
            <field name="groups" eval="[(4, ref('group_neos_resource_user'))]"/>
            <field name="domain_force">[('owner_id','=',user.company_id.id),'|',('shared_resource','=',True),('shared_resource','!=',True)]</field>
        </record>
        
        <record id="rule_fleet_vehicle_owner_user2" model="ir.rule">
            <field name="name">User owner vehicle</field>
            <field name="model_id" ref="fleet.model_fleet_vehicle"/>
            <field name="global" eval="True"/>
            <field name="groups" eval="[(4, ref('group_neos_resource_user'))]"/>
            <field name="domain_force">[('owner_id','!=',user.company_id.id),('shared_resource','=',True)]</field>
            <field name="perm_read" eval="True"/>
            <field name="perm_write" eval="False"/> <!-- eval="True" -->
            <field name="perm_create" eval="False"/>
            <field name="perm_unlink" eval="False"/>
        </record>
        
        <!--####-->
        
        <!--<record id="rule_fleet_vehicle_owner_user3" model="ir.rule">-->
        <!--    <field name="name">User owner vehicle</field>-->
        <!--    <field name="model_id" ref="fleet.model_fleet_vehicle"/>-->
        <!--    <field name="groups" eval="[(4, ref('group_neos_resource_user'))]"/>-->
        <!--    <field name="domain_force">[('owner_id','!=',user.company_id.id),('shared_resource','!=',True)]</field>-->
        <!--    <field name="perm_read" eval="True"/>-->
        <!--    <field name="perm_write" eval="True"/>-->
        <!--    <field name="perm_create" eval="False"/>-->
        <!--    <field name="perm_unlink" eval="False"/>-->
        <!--</record>-->
        <!---->
        <!--####-->

Funny thing is, if I uncomment the record rule above, and replace the record "rule_fleet_vehicle_owner_user2" perm_write with "True", it shows every record (which is not what I want) and I can do everything normally.


Any guesses on what is wrong?


Thank you and have a good day



Avatar
Vazgeç
Avatar
Tiến Paul
En İyi Yanıt

in "rule_fleet_vehicle_owner_user2"and "rule_fleet_vehicle_owner_user3"
Not used by True or False that is 1 or 0

<field name="perm_read" eval="True"/>-->
        <!--    <field name="perm_write" eval="True"/>-->
        <!--    <field name="perm_create" eval="False"/>-->
        <!--    <field name="perm_unlink" eval="False"/>--> Must be
<field name="perm_read" eval="1"/>-->
        <!--    <field name="perm_write" eval="1"/>-->
        <!--    <field name="perm_create" eval="0"/>-->
        <!--    <field name="perm_unlink" eval="0"/>-->
Not used by True or False
Avatar
Vazgeç
Avatar
Arturo Ruiz
En İyi Yanıt

Hi, in your csv security file line # 6 you use  "fleet.model_fleet_vehicle"  and the values at end of this line are "1,1,1,0".
In your xml security file, under "<record id="rule_fleet_vehicle_owner_user2" model="ir.rule"> the last 4 lines <field name> are eval as True, False, False, False.
You said "Funny thing is ...." , are you tried using  True, True, True, False  (1,1,1,0) ?




Avatar
Vazgeç
İlgili Gönderiler Cevaplar Görünümler Aktivite
Can you restrict User access to Bills / Payments v16
record_rules access_rules
Avatar
Avatar
Avatar
2
Oca 24
3033
what is different access right and record rules in odoo online Çözüldü
record_rules access_rules odooonline
Avatar
Avatar
Avatar
2
Eyl 25
4083
Give a Single User Access Rights to Specific Field
groups record_rules access_rules
Avatar
Avatar
Avatar
2
Ağu 23
3417
Record Rule for Contacts (A Specific Group of Users Can Only See Other Users)
res.partner record_rules access_rules
Avatar
Avatar
Avatar
Avatar
3
Ağu 23
6951
Record Rules related to current user Çözüldü
record_rules access_rules accessrights
Avatar
Avatar
1
Ara 20
8098