I have an action that prints PDF report of an employee. There's a print button at the top of form view.
I've added groups="group_x" to the button to only show it for specific users.
However, if I paste the action link on the URL bar, it still downloads the PDF report, even when logged in user isn't in the "group_x". So hiding the button isn't enough.
How can I fully restrict access for the PDF action? (And in general, for the actions not defined as models, so I can't add them to \ir.model.access.csv and easily restrict them)
I'll provide more info if necessary
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- 客戶關係
- e-Commerce
- 會計
- 庫存
- PoS
- Project
- MRP
此問題已被標幟
1
回覆
4019
瀏覽次數
You can use groups_id in the report action as you can see in invoice report
<record id="account_invoices" model="ir.actions.report">
<field name="name">Invoices</field>
<field name="model">account.move</field>
<field name="report_type">qweb-pdf</field>
<field name="report_name">account.report_invoice_with_payments</field>
<field name="report_file">account.report_invoice_with_payments</field>
<field name="print_report_name">(object._get_report_base_filename())</field>
<field name="attachment">(object.state == 'posted') and ((object.name or 'INV').replace('/','_')+'.pdf')</field>
<field name="binding_model_id" ref="model_account_move"/>
<field name="binding_type">report</field>
<field name="groups_id" eval="[(4, ref('account.group_account_invoice')),
(4, ref('account.group_account_readonly'))]"/>
</record>
| 相關帖文 | 回覆 | 瀏覽次數 | 活動 | |
|---|---|---|---|---|
|
0
3月 18
|
7731 | ||
|
0
11月 15
|
4811 | ||
|
1
3月 15
|
5025 | ||
|
1
3月 15
|
8432 | ||
|
10
12月 23
|
36768 |
