跳至内容
此问题已终结
v7
3 回复
20560 查看
形象
Ashley Felton

I am trying to define a Record Rule within OpenERP that allows a User who is not in the Officer group to change their own Employee record only, while still keeping the existing global rule allowing users in the Officer group to edit all Employee records. I've gotten as far as setting up a custom rule with the following details:

  • Object: Employee
  • Apply for Read: checked
  • Apply for Write: checked
  • Rule Definition: [('user_id', '=', user.id)]

However, all this seems to do is remove the ability of the User to read any Employee record except for their own. As far as I can tell, I need to combine something like the rule above with a logical OR operator to the Access Control rule applying to users in the "Officer" group. Can anyone give me any pointers for how to accomplish this?

Edit: My desired behaviour is thus:

  • All users (Employee group) can search and read all Employee records.
  • Users in the Employee group can edit their own Employee record, but not others.
  • Users in the Officer group can edit all Employee records (this is default behaviour for the HR module).

Tried thus far:

  • Modify the Record Rule described above (User_edit_own_employee_rule) to apply only for Write operations, not Read operations (users can see all Employee records, but not edit any records including their own).
  • Modify the hr.employee system user Access Control rule to allow Write operations (users can now edit all Employee records).

One clue I have is that, using the API to return an employee's user_id in the shell, OpenERP returns [5, 'Joe Bloggs']. I wonder whether my Record Rule is querying the foreign key relationship properly?

形象
丢弃
形象
Prajul P T
最佳答案

Providing access rule is one part of the solution. If you look at "Access Control List" in "Settings > Technical > Security > Access Controls Lists", you can see that the group Hr Employee has only read access to the model hr.employee. So first you have to provide write access also to model hr.employee for group Employee. After you have allowed write access to the group Employee for model hr.employee,

  • Create a new record rule from Settings > Technical > Security > Record Rules named User_edit_own_employee_rule (As you wish).
  • Provide domain for this group User_edit_own_employee_rule as [('user_id', '=', user.id)]. And this domain should apply for Read and Write. ie; by check "Apply for Read" and "Apply for Write" Boolean field.
  • Create another record rule named User_edit_own_employee_rule_1
  • Provide domain for this group User_edit_own_employee_rule as [('user_id', '!=', user.id)]. And this domain should apply for Read only. ie; check "Apply for Read".

Now by creating two record rule for the group Employee, we can provide access to read and write his/her own record but only to read other employee records.

Let me summarize:

Provide write access in access control list to model hr.employee for group Employee. Create two record rule:

User_edit_own_employee_rule :

  • Name : User_edit_own_employee_rule
  • Object : Employee
  • Apply for Read : Checked
  • Apply for Write : Checked
  • Rule Definition : [('user_id', '=', user.id)]
  • Groups : Human Resources / Employee

User_edit_own_employee_rule_1 :

  • Name : User_edit_own_employee_rule_1
  • Object : Employee
  • Apply for Read : Checked
  • Apply for Write : Un Checked
  • Rule Definition : [('user_id', '!=', user.id)]
  • Groups : Human Resources / Employee

Hope This Helps....

形象
丢弃
形象
Mehr
最佳答案

Has anyone found a solution to this problem? I am using Odoo community 17

形象
丢弃
形象
lamayuda
最佳答案

I have same issue with this post question, i try to make new record rules like this :

User_edit_own_employee_rule :

  • Name : User_edit_own_employee_rule
  • Object : Employee
  • Apply for Read : Checked
  • Apply for Write : Checked
  • Rule Definition : [('user_id', '=', user.id)]
  • Groups : Human Resources / Employee

User_edit_own_employee_rule_1 :

  • Name : User_edit_own_employee_rule_1
  • Object : Employee
  • Apply for Read : Checked
  • Apply for Write : Un Checked
  • Rule Definition : [('user_id', '!=', user.id)]
  • Groups : Human Resources / Employee


All user can see all records ✅ but still can edit other user records. ❌

my hope is :

All user can see all records ✅ other user cannot edit other user records. ✅


Thank you

形象
丢弃
相关帖文 回复 查看 活动
Minimum Lot Charge For Sales Order Line Items
v7
形象
0
12月 24
8660
How to activate the Technical Features? 已解决
v7
形象
形象
形象
形象
形象
5
12月 24
51458
Way to only allow a specific DB to be the default? 已解决
v7
形象
形象
形象
形象
形象
4
7月 24
9744
How to correct the decimal precision in email template? 已解决
v7
形象
形象
形象
形象
形象
7
8月 23
10027
Worried about the SorryOpenERP campaign 已解决
v7
形象
形象
形象
形象
形象
36
4月 23
37048