I have an action that prints PDF report of an employee. There's a print button at the top of form view.
I've added groups="group_x" to the button to only show it for specific users.
However, if I paste the action link on the URL bar, it still downloads the PDF report, even when logged in user isn't in the "group_x". So hiding the button isn't enough.
How can I fully restrict access for the PDF action? (And in general, for the actions not defined as models, so I can't add them to \ir.model.access.csv and easily restrict them)
I'll provide more info if necessary
Această întrebare a fost marcată
1
Răspunde
5710
Vizualizări
You can use groups_id in the report action as you can see in invoice report
<record id="account_invoices" model="ir.actions.report">
<field name="name">Invoices</field>
<field name="model">account.move</field>
<field name="report_type">qweb-pdf</field>
<field name="report_name">account.report_invoice_with_payments</field>
<field name="report_file">account.report_invoice_with_payments</field>
<field name="print_report_name">(object._get_report_base_filename())</field>
<field name="attachment">(object.state == 'posted') and ((object.name or 'INV').replace('/','_')+'.pdf')</field>
<field name="binding_model_id" ref="model_account_move"/>
<field name="binding_type">report</field>
<field name="groups_id" eval="[(4, ref('account.group_account_invoice')),
(4, ref('account.group_account_readonly'))]"/>
</record>
Îți place discuția? Nu doar citi, alătură-te!
Creează-ți un cont astăzi pentru a beneficia de funcții exclusive și a interacționa cu minunata noastră comunitate!
Înscrie-te| Postări similare | Răspunsuri | Vizualizări | Activitate | |
|---|---|---|---|---|
|
0
mar. 18
|
9334 | ||
|
0
ian. 26
|
5893 | ||
|
access rights manual
Rezolvat
|
|
1
mar. 15
|
7072 | |
|
1
mar. 15
|
10367 | ||
|
Access Rights, Rules and Security
Rezolvat
|
|
1
iun. 26
|
1181 |
