跳至内容
此问题已终结
record_rulesodooodoo13.0AccessControl
1 回复
2233 查看
形象
Kabeer KB

Hi All,

I found an URL /web/tests​ in Odoo default addon. Now this route is accessible to all internal users. i need to limit this access to some users who belong to a particular security group. 
I tried below steps:

  1. Created a new group
  2. Added some employees to this group
  3. Created a new Record rule for the model of ir.http
  4. In the domain field of the Record rule, i added the desired URL, /web/tests
  5. And i logged in as a user who does not belong to the above-mentioned group.
  6. But still, the user can access the URL.

I need to prevent this.

形象
丢弃
形象
Savya Sachin
最佳答案

Hi, 

You can try creating a custom decorator and use it in routes,

from odoo import http
from odoo.http import request

class TestController(http.Controller):

@http.route('/web/tests', type='http', auth='user')
@check_user_groups('your_module.your_group')
def tests(self, **kw):

​#Your controller 

Now you have to create the custom decorator,

from functools import wraps
from odoo.exceptions import AccessError

def check_user_groups(group_xml_id):
​def decorator(func):
​@wraps(func)
​def wrapper(self, *args, **kwargs):
​if not request.env.user.has_group(group_xml_id):
​raise AccessError("You do not have access rights to view this page.")
​return func(self, *args, **kwargs)
​return wrapper
​return decorator

this decorator checks if the current user is part of the specified group and manage the access at the route level.

Thanks

形象
丢弃
相关帖文 回复 查看 活动
Odoo 13 installation won't let me tick the PostgreSQL and 500 internal server error
odoo Odoo13.0 odoo13.0
形象
1
9月 20
4917
how add portal chatter odoo 13
chatter odoo odoo13.0
形象
0
7月 20
4867
How to do record rule for same object with different menu 已解决
rules record_rules odoo
形象
形象
1
7月 19
6582
Record rule error!!!
security record_rules odoo
形象
形象
8
5月 15
4890
Where is this function being called?
javascript js odoo odoo13.0
形象
0
11月 23
1992