xml - How rules work on Odoo v8? -
i made module in odoo v8. 1 of things module adding boolean field named is_important model res.partner.
as know, users groups in sales are, less privileges first, more privileges last: group_sale_salesman, group_sale_salesman_all_leads, group_sale_manager. then, had add rules module:
- users belong group group_sale_salesman didn't have see partners field is_important true, nor partners different state.
- users belong group group_sale_salesman_all_leads didn't have see partners field is_important true.
so implemented following xml code:
<record model="ir.rule" id="res_partner_same_state_no_important_rule"> <field name="name">res_partner: read no important partners state</field> <field name="model_id" ref="base.model_res_partner"/> <field name="domain_force">[('state_id.id', '=', user.state_id.id), ('is_important', '=', false)]</field> <field name="groups" eval="[(4, ref('base.group_sale_salesman'))]"/> <field name="perm_read" eval="true"/> <field name="perm_write" eval="true"/> <field name="perm_create" eval="true"/> <field name="perm_unlink" eval="false"/> </record> <record model="ir.rule" id="res_partner_no_important_rule"> <field name="name">res_partner: read no important partners</field> <field name="model_id" ref="base.model_res_partner"/> <field name="domain_force">[('is_important', '=', false)]</field> <field name="groups" eval="[(4, ref('base.group_sale_salesman_all_leads'))]"/> <field name="perm_read" eval="true"/> <field name="perm_write" eval="true"/> <field name="perm_create" eval="true"/> <field name="perm_unlink" eval="false"/> </record> it seemed work great, then, logged in user belonged group group_sale_manager, , rule named res_partner_no_important_rule affecting (despite not declaring rule group).
it's group inheriting least restrictive rules of groups less privileges. true? right?
finally, had add nonsense rule fix , allow users belong group_sale_manager keep privileges had before implemented other rules (read, write, create , unlink true):
<record model="ir.rule" id="res_partner_see_all"> <field name="name">res_partner: read all</field> <field name="model_id" ref="base.model_res_partner"/> <field name="domain_force">['|', ('is_important', '=', true), ('is_important', '=', false)]</field> <field name="groups" eval="[(4, ref('base.group_sale_manager'))]"/> <field name="perm_read" eval="true"/> <field name="perm_write" eval="true"/> <field name="perm_create" eval="true"/> <field name="perm_unlink" eval="true"/> </record> after implementing last rule, started work. but, there better way achieve wanted?
thank you!
group_sale_manager has group_sale_salesman_all_leads in implied groups, member of group_sale_manager automatically added group_sale_salesman_all_leads , rule applies him. if no other rule give him access partners, won't have access them.
you can replace domain_force of last rule [(1, '=', 1)]. think there no better way.
Comments
Post a Comment