Record rules : only a specific user (creator) could modify his record ?
138 views
Skip to first unread message
Maxime Richez
Jun 9, 2016, 8:16:49 AM6/9/16
to tryton
Hi everybody,
In my new module, i would like everyone can add a record and see records from other people but only the creator of a record could modify his record. Is it possible ?
Here's is my rule, but it's not working :
In my new module, i would like everyone can add a record and see records from other people but only the creator of a record could modify his record. Is it possible ?
Here's is my rule, but it's not working :
<record model="ir.model.access" id="access_mymodule">
<field name="model" search="[('model', '=', 'mymodule')]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="True"/>
<field name="perm_delete" eval="False"/>
</record>
<record model="ir.rule.group" id="rule_group_creator_mymodule">
<field name="model" search="[('model', '=', 'mymodule')]"/>
<field name="global_p" eval="False"/>
<field name="default_p" eval="False"/>
<field name="perm_write" eval="True"/>
<field name="perm_delete" eval="True"/>
</record>
<record model="ir.rule" id="rule_creator_mymodule">
<field name="domain"
eval="[('create_uid', '=', Eval('user', {}).get('id', -1))]"
pyson="1"/>
<field name="rule_group" ref="rule_group_creator_mymodule"/>
</record>
Cédric Krier
Jun 9, 2016, 8:40:04 AM6/9/16
to tryton
On 2016-06-09 05:16, Maxime Richez wrote:
> Hi everybody,
>
> In my new module, i would like everyone can add a record and see records
> from other people but only the creator of a record could modify his record.
> Is it possible ?
> Here's is my rule, but it's not working :
>
> <record model="ir.model.access" id="access_mymodule">
> <field name="model" search="[('model', '=', 'mymodule')]"/>
> <field name="perm_read" eval="True"/>
> <field name="perm_write" eval="False"/>
> <field name="perm_create" eval="True"/>
> <field name="perm_delete" eval="False"/>
> </record>
>
> <record model="ir.rule.group" id="rule_group_creator_mymodule">
> <field name="model" search="[('model', '=', 'mymodule')]"/>
> <field name="global_p" eval="False"/>
> <field name="default_p" eval="False"/>
As it is neither global nor default, are you sure you have added the
> Hi everybody,
>
> In my new module, i would like everyone can add a record and see records
> from other people but only the creator of a record could modify his record.
> Is it possible ?
> Here's is my rule, but it's not working :
>
> <record model="ir.model.access" id="access_mymodule">
> <field name="model" search="[('model', '=', 'mymodule')]"/>
> <field name="perm_read" eval="True"/>
> <field name="perm_write" eval="False"/>
> <field name="perm_create" eval="True"/>
> <field name="perm_delete" eval="False"/>
> </record>
>
> <record model="ir.rule.group" id="rule_group_creator_mymodule">
> <field name="model" search="[('model', '=', 'mymodule')]"/>
> <field name="global_p" eval="False"/>
> <field name="default_p" eval="False"/>
rule to a user when testing?
> <field name="perm_write" eval="True"/>
> <field name="perm_delete" eval="True"/>
> </record>
> <record model="ir.rule" id="rule_creator_mymodule">
> <field name="domain"
> eval="[('create_uid', '=', Eval('user', {}).get('id', -1))]"
> pyson="1"/>
> <field name="rule_group" ref="rule_group_creator_mymodule"/>
> </record>
Cédric Krier - B2CK SPRL
Email/Jabber: cedric...@b2ck.com
Tel: +32 472 54 46 59
Website: http://www.b2ck.com/
Maxime Richez
Jun 9, 2016, 9:21:58 AM6/9/16
to tryton
As it is neither global nor default, are you sure you have added the
rule to a user when testing?
Effectively, my rule is not added for a user, i'll set rule default.
And how to add a rule to a specific user in the xml file ? <field name="user" ref ??? >
How can i apply my domain only when user try to modify a record ? Because if i apply the domain, i only see user's records and not all records..
Cédric Krier
Jun 9, 2016, 9:45:04 AM6/9/16
to tryton
On 2016-06-09 06:21, Maxime Richez wrote:
>
> > As it is neither global nor default, are you sure you have added the
> > rule to a user when testing?
> >
> Effectively, my rule is not added for a user, i'll set rule default.
> And how to add a rule to a specific user in the xml file ? <field
> name="user" ref ??? >
You must create a record of type: ir.rule.group-res.user
>
> > As it is neither global nor default, are you sure you have added the
> > rule to a user when testing?
> >
> Effectively, my rule is not added for a user, i'll set rule default.
> And how to add a rule to a specific user in the xml file ? <field
> name="user" ref ??? >
But I think we should remove this per user basis to work only with
group: ir.rule.group-res.group
> How can i apply my domain only when user try to modify a record ? Because
> if i apply the domain, i only see user's records and not all records..
Maxime Richez
Jun 10, 2016, 3:24:39 AM6/10/16
to tryton
You have to create a global rule with perm_read for all (empty domain).
Oki thanks Cédric. It's working now :-)
Is there a way to change/personalize "Error Message : You try to bypass an access rule (Document type: mymodel)" ?
Here's my new rules :
<record model="ir.rule.group" id="rule_group_mymodel">
<field name="model" search="[('model', '=', 'mymodel')]"/>
<field name="global_p" eval="False"/>
<field name="default_p" eval="True"/>
<field name="perm_read" eval="True"/>
<field name="perm_create" eval="True"/>
</record>
<record model="ir.rule" id="rule_group_mymodel_line1">
<field name="domain" eval="[]" pyson="1"/>
<field name="rule_group" ref="rule_group_mymodel"/>
</record>
<record model="ir.rule.group" id="rule_group_creator_mymodel">
<field name="model" search="[('model', '=', 'mymodel')]"/>
<field name="global_p" eval="False"/>
<field name="default_p" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_delete" eval="True"/>
</record>
<record model="ir.rule" id="rule_creator_mymodel">
<field name="domain"
eval="[('create_uid', '=', Eval('user', {}).get('id', -1))]"
pyson="1"/>
<field name="rule_group" ref="rule_group_creator_mymodel"/>
</record>Cédric Krier
Jun 10, 2016, 6:00:03 AM6/10/16
to tryton
On 2016-06-10 00:24, Maxime Richez wrote:
>
>
> >
> > You have to create a global rule with perm_read for all (empty domain).
> >
> >
> Oki thanks Cédric. It's working now :-)
> Is there a way to change/personalize "Error Message : You try to bypass an
> access rule (Document type: mymodel)" ?
No but maybe it could be improved for future version like saying which
>
>
> >
> > You have to create a global rule with perm_read for all (empty domain).
> >
> >
> Oki thanks Cédric. It's working now :-)
> Is there a way to change/personalize "Error Message : You try to bypass an
> access rule (Document type: mymodel)" ?
kind of access etc.
Otherwise you could try to prevent to have such error message by making
readonly (with states) record fields for which the user has no access write.
It is a little bit more work but the experience for the user will be
better.
Maxime Richez
Jun 13, 2016, 4:49:00 AM6/13/16
to tryton
Otherwise you could try to prevent to have such error message by making
readonly (with states) record fields for which the user has no access write.
It is a little bit more work but the experience for the user will be
better
Thanks !
Done with this code and applied to all my fields:
_STATES = {
'readonly': ((Eval('state') != 'draft') | (Eval('_user') != Eval('create_uid'))),
}
Ryan
Oct 5, 2016, 3:30:06 AM10/5/16
to tryton
Can these apply also for a set of groups?
Cédric Krier
Oct 5, 2016, 3:55:06 AM10/5/16
to tryton
On 2016-10-04 23:38, Ryan wrote:
> Can these apply also for a set of groups?
I do not recommend to add rules in the code indeed you could do it by
> Can these apply also for a set of groups?
create record or field access.
http://doc.tryton.org/4.0/trytond/doc/topics/access_rights.html#topics-access-rights
Reply all
Reply to author
Forward
0 new messages