Trợ giúp


How to restrict modification for some user

Dewilde Valentin

I have a module that store the publication of a group of person and i want to restrict the "write" permission for the person who create the publication.

Here is my situation :

-Publications must be creatable and readable for all user

-Publications must be editable just for the one who create it

-Publication must be manageable (read, write, create and delete) for member of a group.

I made some research and it seem that restrict on user who don't have a group is a bit difficult. Well is there a way i didn't see ?


Ảnh đại diện
Huỷ bỏ
2 Câu trả lời
Brett Lehrer
Best Answer

You can accomplish this by inheriting the write() function of the publication model.  Give everyone write access initially, then restrict it back down if they're not the creator or in the management group.  I'll assume your module is called "publication_module" and the publications model itself is named "my.publication".

First, you'll need a management group defined:

 <record id="group_publication_manager" model="res.groups">
    <field name="name">Publication Manager</field>
    <field name="users" eval="[(4, ref('base.user_root'))]"/>

By default, I'm assuming that the built-in "admin" user (uid=1) is a Publication Manager.

Your ir.model.access.csv file would include lines for model_my_publication for general users and for managers:


Finally, the inherited write() function.  If the user isn't a member of the management group, check if there are any records among the ones they're attempting to edit that were created by a different user, and raise an error if any are found:

 def write(self, cr, uid, ids, values, context=None):
    """User must be a member of the management group or the creator of the publication to edit it"""
    if context is None: context = {}
    if not self.pool['res.users'].has_group(cr, uid, 'publication_module.group_publication_manager'):
        # Find any instances of the current user not being the creator of the given ids
        cr.execute("""select 1
                from my_publication
                where id in %s and create_uid <> %s""", (tuple(ids), uid,))
        if bool(cr.fetchone()):
            raise orm.except_orm("Error", "You can only edit your own publications!")
    return super(my_publication, self).write(cr, uid, ids, values, context=context)

Ảnh đại diện
Huỷ bỏ
Dewilde Valentin
Best Answer

Sorry for the late response.

Thank you, your solution work absolutely fine. I work with the new api (v8) so i make some modification about your implementation but its exactely the same. I give your solution in the new api for people who want to know how to do this :
def write(self, vals):
	# Check if user is not member of management's group
	if not self.env['res.users'].has_group(
                'publication_module.group_publication_manager'): # Test if user is not the creator # (and if the template is in edit mode) if self.create_uid and not ( raise exceptions.ValidationError( _("You don't have the permission to edit this template")) indicator = super(Indicator, self).write(vals) return indicator

Ảnh đại diện
Huỷ bỏ