Odoo 9 Is there a way to handle authorization with different groups on a certain field in form view?

Question

I'm trying to create a form view.

<field name="is_positive" attrs="{'readonly':[('state','==','final')]}"/>

However there is many attributes like groups and invisible related to authorization so that certain group of people can see the field.

groups="base.group_hr_user"

But Is there a way for certain group can edit the field and the other group cannot?

Answer 1

First of all, you cannot use a domain like this one

<field name="is_positive" attrs="{'readonly':[('state','==','final')]}"/>

There is not a '==' operator, use = instead.

Now, to answer your question, if you want to create a special view for another group in which some elements are readonly for one group, and editable in the other, you have to it this way.

For the default view :

<record id="some_model_view" model="ir.ui.view">
    <field name="name">some.model.form</field>
    <field name="model">some.model</field>
    <field name="arch" type="xml">
        <form>
             <field name="some_field" readonly="1"/>
        </form>
    <field/>
</record>

For a certain group :

<record id="some_model_view_for_other_group" model="ir.ui.view">
    <field name="name">some.model.form</field>
    <field name="model">some.model</field>
    <field name="inherit_id" ref="my_module.some_model_view"
    <field name="groups_id" eval="[(6, 0, [ref('some.first_group')])]" />
    <field name="arch" type="xml">
        <field name="some_field" position="attributes">
            <attribute name="readonly">0</attribute>
        </field>
    <field/>
</record>

Answer 2

add a new field to check whether the user is manager or user.

New Api Method

check_user = fields.Boolean(string='user',compute='_compute_user_check')

@api.multi
def _compute_user_check(self):
    if self.user_has_groups('purchase.group_purchase_manager'):
        self.check_user =True

In view

<field name="is_positive" attrs="{'readonly':[('check_user','=','True')]}"/>

Answer 3

I will show one example to how this functionality works in sale group.

I make the unit price field in the sale order line makes readonly we select the user group user:own documents only The field is editable for other 2 groups user:All documets and manager

Firstly I create a boolean field for checking the user belongs to which group

is_own_user = fields.Boolean(string="Own user", compute='compute_own_user')

Then assigns the boolean field is True when the user belongs the group user:own documents only otherwise assigns to False

@api.depends('product_id')
def compute_own_user(self):
    res_user_id = self.env['res.users'].search([('id', '=', self._uid)])
    for rec in self:
        if res_user_id.has_group('sales_team.group_sale_salesman') and not res_user_id.has_group('sales_team.group_sale_salesman_all_leads'):
            rec.is_own_user = True
        else:
            rec.is_own_user = False

in xml make is_own_user invisible and replaces the unit price field

<xpath expr="//notebook/page/field[@name='order_line']/tree/field[@name='price_unit']" position="replace">
    <field name="price_unit" attrs="{'readonly': [('isown_user', '=', True)]}" />
</xpath>