Skip to Content
This question has been flagged
S'ha tancat la pregunta per raó: duplicar publicació
per Ray Carnes (ray) en 22/12/2024 14:51:35
security.xmlodoo17securityGroups
2429 Vistes
Avatar
Jugert Mucoimaj

I have tried almost everything and I need to limit users to see other models but just one. How can I do it using security rules in xml?


<odoo>
    <data noupdate="1">
        <!-- Payroll Admin Group -->
        <record id="group_payroll_admin" model="res.groups">
            <field name="name">Payroll Admin</field>
            <field name="category_id" ref="base.module_category_human_resources"/>
        </record>

        <!-- Payroll User Group -->
        <record id="group_payroll_user" model="res.groups">
            <field name="name">Payroll User</field>
            <field name="category_id" ref="base.module_category_human_resources"/>
        </record>

        <record id="group_attendance_user" model="res.groups">
            <field name="name">Attendance User</field>
            <field name="category_id" ref="base.module_category_human_resources"/>
        </record>

         <!-- Attendance User Group -->
        <record id="group_attendance_user" model="res.groups">
            <field name="name">Attendance User</field>
            <field name="category_id" ref="base.module_category_human_resources"/>
        </record>

        <!-- Attendance Admin Group -->
        <record id="group_attendance_admin" model="res.groups">
            <field name="name">Attendance Admin</field>
            <field name="category_id" ref="base.module_category_human_resources"/>
        </record>

        <!-- Record Rules -->
        <!-- Admins have full access to payroll -->
        <record id="payroll_admin_rule" model="ir.rule">
            <field name="name">Payroll Admin Full Access</field>
            <field name="model_id" ref="model_payroll_calculator"/>
            <field name="groups" eval="[(4, ref('automatic_payroll.group_payroll_admin'))]"/>
            <field name="domain_force">[]</field>
            <field name="perm_read" eval="1"/>
            <field name="perm_write" eval="1"/>
            <field name="perm_create" eval="1"/>
            <field name="perm_unlink" eval="1"/>
        </record>

        <!-- Users can only manage their payroll -->
        <record id="payroll_user_rule" model="ir.rule">
            <field name="name">Payroll User Limited Access</field>
            <field name="model_id" ref="model_payroll_calculator"/>
            <field name="groups" eval="[(4, ref('automatic_payroll.group_payroll_user'))]"/>
            <field name="domain_force">[('create_uid', '=', user.id)]</field>
            <field name="perm_read" eval="1"/>
            <field name="perm_write" eval="1"/>
            <field name="perm_create" eval="1"/>
            <field name="perm_unlink" eval="0"/>
        </record>

        <!-- Admins have full access to payroll lines -->
        <record id="payroll_line_admin_rule" model="ir.rule">
            <field name="name">Payroll Line Admin Full Access</field>
            <field name="model_id" ref="model_payroll_calculator_line"/>
            <field name="groups" eval="[(4, ref('automatic_payroll.group_payroll_admin'))]"/>
            <field name="domain_force">[]</field>
            <field name="perm_read" eval="1"/>
            <field name="perm_write" eval="1"/>
            <field name="perm_create" eval="1"/>
            <field name="perm_unlink" eval="1"/>
        </record>

        <!-- Users can only view payroll lines they own -->
        <record id="payroll_line_user_rule" model="ir.rule">
            <field name="name">Payroll Line User Limited Access</field>
            <field name="model_id" ref="model_payroll_calculator_line"/>
            <field name="groups" eval="[(4, ref('automatic_payroll.group_payroll_user'))]"/>
            <field name="domain_force">[('create_uid', '=', user.id)]</field>
            <field name="perm_read" eval="1"/>
            <field name="perm_write" eval="1"/>
            <field name="perm_create" eval="1"/>
            <field name="perm_unlink" eval="0"/>
        </record>

        <!-- Admins have full access to contract templates -->
        <record id="contract_template_admin_rule" model="ir.rule">
            <field name="name">Contract Template Admin Full Access</field>
            <field name="model_id" ref="model_contract_template"/>
            <field name="groups" eval="[(4, ref('automatic_payroll.group_payroll_admin'))]"/>
            <field name="domain_force">[]</field>
            <field name="perm_read" eval="1"/>
            <field name="perm_write" eval="1"/>
            <field name="perm_create" eval="1"/>
            <field name="perm_unlink" eval="1"/>
        </record>

        <!-- Users can only view contract templates they own -->
        <record id="contract_template_user_rule" model="ir.rule">
            <field name="name">Contract Template User Limited Access</field>
            <field name="model_id" ref="model_contract_template"/>
            <field name="groups" eval="[(4, ref('automatic_payroll.group_payroll_user'))]"/>
            <field name="domain_force">[]</field>
            <field name="perm_read" eval="1"/>
            <field name="perm_write" eval="1"/>
            <field name="perm_create" eval="1"/>
            <field name="perm_unlink" eval="0"/>
        </record>

         <!-- Restrict Payroll User Group from accessing other modules -->
        <record id="rule_payroll_user_restrict" model="ir.rule">
            <field name="name">Restrict Payroll User Access</field>
            <field name="model_id" ref="base.model_res_users"/>
            <field name="groups" eval="[(4, ref('automatic_payroll.group_payroll_user'))]"/>
            <field name="domain_force">[('id', '=', False)]</field>
            <field name="perm_read" eval="1"/>
            <field name="perm_write" eval="0"/>
            <field name="perm_create" eval="0"/>
            <field name="perm_unlink" eval="0"/>
        </record>

        <!-- Model Access Rights -->
        <!-- Attendance User Access -->
        <record id="access_attendance_user" model="ir.model.access">
            <field name="name">Access Attendance User</field>
            <field name="model_id" ref="hr_attendance.model_hr_attendance"/>
            <field name="group_id" ref="group_attendance_user"/>
            <field name="perm_read" eval="1"/>
            <field name="perm_write" eval="1"/>
            <field name="perm_create" eval="1"/>
            <field name="perm_unlink" eval="0"/>
        </record>

        <!-- Attendance Admin Access -->
        <record id="access_attendance_admin" model="ir.model.access">
            <field name="name">Access Attendance Admin</field>
            <field name="model_id" ref="hr_attendance.model_hr_attendance"/>
            <field name="group_id" ref="group_attendance_admin"/>
            <field name="perm_read" eval="1"/>
            <field name="perm_write" eval="1"/>
            <field name="perm_create" eval="1"/>
            <field name="perm_unlink" eval="1"/>
        </record>

        <!-- Record Rules -->
        <!-- Restrict Attendance User to Attendance Module -->
        <record id="rule_attendance_user_access" model="ir.rule">
            <field name="name">Attendance User Restricted Access</field>
            <field name="model_id" ref="base.model_ir_ui_menu"/>
            <field name="groups" eval="[(4, ref('group_attendance_user'))]"/>
            <field name="domain_force" eval="[('id', '=', ref('hr_attendance.menu_hr_attendance_kiosk_mode'))]"/>
            <field name="perm_read" eval="1"/>
            <field name="perm_write" eval="0"/>
            <field name="perm_create" eval="0"/>
            <field name="perm_unlink" eval="0"/>
        </record>

        <!-- Restrict Attendance User to Attendance Models -->
        <record id="rule_attendance_user_model_access" model="ir.rule">
            <field name="name">Attendance User Model Restriction</field>
            <field name="model_id" ref="base.model_ir_model_access"/>
            <field name="groups" eval="[(4, ref('group_attendance_user'))]"/>
            <field name="domain_force">[('model_id.model', 'in', ['hr.attendance'])]</field>
        </record>

        <!-- Allow Attendance User to Read Their Own User Record -->
        <record id="rule_attendance_user_read_own_user" model="ir.rule">
            <field name="name">Allow Attendance User to Read Own User</field>
            <field name="model_id" ref="base.model_res_users"/>
            <field name="groups" eval="[(4, ref('group_attendance_user'))]"/>
            <field name="domain_force">[('id', '=', user.id)]</field>
            <field name="perm_read" eval="1"/>
            <field name="perm_write" eval="0"/>
            <field name="perm_create" eval="0"/>
            <field name="perm_unlink" eval="0"/>
        </record>

    </data>
</odoo>
Avatar
Descartar
Related Posts Respostes Vistes Activitat
Adding a new security group to an existing module Solved
security.xml odoo18 securityGroups Odoov18
Avatar
Avatar
Avatar
2
de des. 25
1689
Receipt Printing in Odoo 17 Kiosk
odoo17
Avatar
0
d’abr. 26
8
Autoatendimento0013 Contact Center ¿Qual o telefone da LATAM no Brasil?
odoo17
Avatar
0
d’abr. 26
20
Error while posting invoice to ZATCA odoo sh Solved
odoo17
Avatar
Avatar
Avatar
Avatar
3
de jul. 25
4909
How to send a real-time notification to POS UI using bus.bus in Odoo 17?
odoo17
Avatar
Avatar
1
de juny 25
8059