Reputation: 10189
How to manage related fields and permissions in Odoo 8?
This question started here: How to manage security with One2many fields in Odoo?. But now, I have simplified the problem and the question is not the same one.
The environment and the problem are the same:
class mother(models.Model):
_name = 'mother'
name = fields.Char(string='Name', size=64, required=True)
is_a_good_mother = fields.Boolean(string='Is a good mother?')
@api.multi
def write(self, vals):
_logger.info('I DO NOT KNOW WHY WHEN CREATING A CHILD THIS ORM '
'METHOD IS BEING EXECUTED, RECEIVING THE KEY '
'is_a_good_mother')
return super(mother, self).write(vals)
class child(models.Model):
_name = 'child'
mother_id = fields.Many2one(comodel_name='mother',
string='Mother', ondelete='cascade')
has_a_good_mother = fields.Boolean(
string='Does the child have a good mother?',
related='mother_id.is_a_good_mother',
related_sudo=True)
I have a menu option which opens a form of Child. This form is auto-generated by Odoo.
The problem
I have an user who can create and modify children, but not mothers. When this user creates the child, a security error raises telling that the user belongs to a group which cannot modify the Mother model. This is due to the line related='mother_id.is_a_good_mother', if I remove it, and the I create a new child, the ORM write method of Mother is not called.
So if B has a related child pointing to any field of A, and you create a new record of B, ORM write method of A is called.
I have a security group my_group, with read 1 create 1 write 1 unlink 1 in B and read 1 create 0 write 0 unlink 0 in A. As an user of this group cannot write A, he gets an error when creating a B record.
How can I avoid this error? I have tried with related_sudo=True, but it did not work, may be I did not use it well.
Can anyone help me?
Upvotes: 0
Views: 1181
Answers (1)
Reputation: 25052
A related field value is stored in the original field of the "mother" object. So when you try to change it on the "child" object, that's where Odoo updates it behind the scenes. If the user making the change doesn't have a permission to change the "mother" object, an exception will be raised.
You need to make sure that users who don't have permissions to change the target object can't set/change the value of related fields pointing to the object. You can do this for example by making it readonly (readonly=True).
Upvotes: 2
Related Questions
- How to pass value from field to a wizard in Odoo 13?
- How to Create a Related User in Odoo 15 with Python Code
- How to create groups in odoo 8?
- How to unlink One2many Field values on onchange in Odoo
- How to make a field computed only if some condition is fulfilled in Odoo 8?
- How rules work on Odoo v8?
- ODOO, calendar.event : bool have no attribute replace
- Error when try to convert order in invoice