Reputation: 192
How to manage implicit groups in record rules?
I am currently learning how to use Odoo. I am doing the following tutorial and i am at the advanced topic ACL And Records rules at the Record Rules part.
I produced the following .xml file by doing the tutorial from the beginning
<?xml version="1.0" encoding="utf-8"?>
<odoo>
<record id="estate_group_user" model="res.groups">
<field name="name">Agent</field>
<field name="category_id" ref="base.module_category_real_estate_brokerage"/>
</record>
<record id="estate_group_manager" model="res.groups">
<field name="name">Manager</field>
<field name="category_id" ref="base.module_category_real_estate_brokerage"/>
<field name="implied_ids" eval="[(4, ref('estate_group_user'))]"/>
</record>
<record id="estate_user_rule" model="ir.rule">
<field name="name">Agent rule</field>
<field name="model_id" ref="model_estate_property"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
<field name="groups" eval="[Command.link(ref('estate.estate_group_user'))]"/>
<field name="domain_force">[
'|',
('salesman_id','=', user.id),
('salesman_id', '=', None)]</field>
</record>
</odoo>
The idea is to create user groups in an application that manages real estate properties, an "Agent" group and a "Manager" group.
The instruction is to create a rule that allows agents to see or modify only properties for which they are the sellers or that do not have sellers.
What I don't understand is that previously in the tutorial it says : The estate_group_manager group needs to imply estate_group_user
which led me to add the following line in the group manager: <field name="implied_ids" eval="[(4, ref('estate_group_user'))]"/>
The consequence of this is that a user who is in the Manager group is also in the Agent group. The rule will therefore also apply to managers.I guess this problem is expected, as it is written in the tutorial:
Verify that your real estate manager(s) can still see all properties. If not, why not? Remember: The estate_group_manager group needs to imply estate_group_user.
This is exactly my problem.
I don't understand what is the solution expected by the tutorial. It works by deleting <field name="implieds_ids"... but I have the impression that this is not the right thing to do.
Thank you in advance for your answers.
Upvotes: 1
Views: 282
Answers (1)
Reputation: 501
As odoo's tutorial says, a good practice while creating group roles hierarchy is to let powerful roles inherit minor roles.
This means your manager group will also inherit agent visibility rules. To avoid this, you need to override that visibility role only for manager group.
<record id="estate_user_rule" model="ir.rule">
<field name="name">Agent rule</field>
<field name="model_id" ref="model_estate_property"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
<field name="groups" eval="[Command.link(ref('estate.estate_group_user'))]"/>
<field name="domain_force">[
'|',
('salesman_id','=', user.id),
('salesman_id', '=', None)]</field>
</record>
<record id="estate_manager_rule" model="ir.rule">
<field name="name">Manager rule</field>
<field name="model_id" ref="model_estate_property"/>
<field name="perm_create" eval="True"/>
<field name="perm_unlink" eval="True"/>
<field name="groups" eval="[Command.link(ref('estate.estate_group_manager'))]"/>
<field name="domain_force">[]</field>
</record>
Upvotes: 2
Related Questions
- How to Print username after user fills the "username" filed? why it disappears?
- Why do I have problems to fetch users name in javascript?
- Unique username with parsley js
- Cannot create property 'guid' on string 'loading'
- Populating users dynamically
- jQuery Username Availability - Both Return "Not Available"
- Jquery username check
- why doesnt my ajax jquery check for username?
- jQuery check username ability
- Check username availability on fly?