I have an action that prints PDF report of an employee. There's a print button at the top of form view.
I've added groups="group_x" to the button to only show it for specific users.
However, if I paste the action link on the URL bar, it still downloads the PDF report, even when logged in user isn't in the "group_x". So hiding the button isn't enough.
How can I fully restrict access for the PDF action? (And in general, for the actions not defined as models, so I can't add them to \ir.model.access.csv and easily restrict them)
I'll provide more info if necessary
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Kế toán
- Tồn kho
- PoS
- Project
- MRP
Câu hỏi này đã bị gắn cờ
1
Trả lời
4028
Lượt xem
You can use groups_id in the report action as you can see in invoice report
<record id="account_invoices" model="ir.actions.report">
<field name="name">Invoices</field>
<field name="model">account.move</field>
<field name="report_type">qweb-pdf</field>
<field name="report_name">account.report_invoice_with_payments</field>
<field name="report_file">account.report_invoice_with_payments</field>
<field name="print_report_name">(object._get_report_base_filename())</field>
<field name="attachment">(object.state == 'posted') and ((object.name or 'INV').replace('/','_')+'.pdf')</field>
<field name="binding_model_id" ref="model_account_move"/>
<field name="binding_type">report</field>
<field name="groups_id" eval="[(4, ref('account.group_account_invoice')),
(4, ref('account.group_account_readonly'))]"/>
</record>
Bạn có hứng thú với cuộc thảo luận không? Đừng chỉ đọc, hãy tham gia nhé!
Tạo tài khoản ngay hôm nay để tận hưởng các tính năng độc đáo và tham gia cộng đồng tuyệt vời của chúng tôi!
Đăng ký| Bài viết liên quan | Trả lời | Lượt xem | Hoạt động | |
|---|---|---|---|---|
|
0
thg 3 18
|
7735 | ||
|
0
thg 11 15
|
4813 | ||
|
access rights manual
Đã xử lý
|
|
1
thg 3 15
|
5026 | |
|
1
thg 3 15
|
8434 | ||
|
10
thg 12 23
|
36773 |
