everyone! First of all, thanks in advance.
I've searched everywhere for a solution for my problem. Even when copying from the source code, it doesn't solve it.
I'm doing the Advanced B: ACL and Record Rules tutorial
When completing the sub-chapter on multi-company security, I can't do it.
My user can't get access to my new company
The problems I've encountered so far are:
The new company isn't in company_ids
When changing the Default Company and allowed companies, if:
The company is the new company
The only allowed company is the new company
Then, I get the error: Access Error: Access to unauthorized or invalid companies.
I don't know why my new company is invalid
I'm trying to access another company's records
This is my rule:
<record id="estate_private_companies_properties" model="ir.rule">
<field name="name">Privacy Plan Multi-Company</field>
<field name="model_id" ref="model_estate_property"/>
<field name="global" eval="True"/>
<field name="domain_force">[
('company_id', 'in', company_ids)
]</field>
</record>
EDIT:
Sorry for the confusion. I know the xml is not the problem
The problem is that my company is unauthorized or invalid and it doesn't show up in my company_ids
What the xml does is filter so you can only access the estate properties that are assigned to the currently active company (or companies). So it hasn't any effect on creating a company or making a company accessible.
If this is not the problem, please rephrase your question.
Make sure the user you test with has access to the company.
Login as the admin user
go to settings
Users & companies -> Users
select your user
in the user form you see a new field "Allowed Companies" which is only visible once you added a new company.
Make sure the new company is in this many2many list
login as your user
Related
I want to display PO based on allowed branch in odoo. So if you log in as user Ana with allowed branch = Singapore, then the PO that appear are only PO with the Singapore branch. Maybe someone knows and can give advice?
Thanks
Best Regards
you can use the domain field on a model to filter records based on certain criteria. This can be useful for restricting which records are visible to a user based on their allowed.
Another alterative to make a custom domain (maybe dificult because you need to access the current user)
I think you can define a new security rule, to discard PO with no match in the branch. but not sure if you can do user.branch_id or some other field distinct od id.
<record id="branch_po_rule" model="ir.rule">
<field name="name">PO own branch</field>
<field name="model_id" ref="model_purchase_order"/>
<field eval="True" name="global"/>
<field name="domain_force">('branch_id','=',user.branch_id))]</field>
</record>
But security rules are meant to do this kind of discriminations
Please I need help with some custom rules configurations in Odoo 11.
Currently I'm doing a rule that allow an user only access to a certains product categories, for that I have a Many2many field which specify those categories:
product_category_ids = fields.Many2many('product.category')
Here is the rule that only allows access to that categories:
<record model="ir.rule" id="product_template_category_users">
<field name="name">product.template.category.users</field>
<field name="model_id" ref="product.model_product_template"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_unlink" eval="True"/>
<field name="perm_create" eval="True"/>
<field name="domain_force">[('categ_id', 'child_of', user.product_category_ids.ids)]</field>
</record>
The rule works fine, but I have this problem:
Login with user "A" who has that rule
Login in another sesion with user "B" and update user "A"
adding a new category to categories field
Return with user "A" and the rule doesn't show the new category added, also reload page doesn't work.
The changes only apply in "A" user when I change the current company or reload the Odoo Service.
I think that it has to be something with the user storing data when the user login, maybe is some way to update that data and allow the rule to read it from "user". I need that the changes doing to users apply in real time to that connected users without have to change the current company or reload the Odoo service.
Thanks for helping.
This is strange that it should work, but only after changing current company or restarting the Odoo server.
Can you try your modifications on a blank database and/or a new database with demo data loaded? If possible, it would be good to test this on an entirely different server to see if the problem might lay there.
Perhaps you can also try modifying your force_domain like this:
['|', ('categ_id', 'in', user.product_category_ids.ids), ('categ_id', 'child_of', user.product_category_ids.ids)]
If anyone has the same problem, I solve it using this funcion every time i made a change in the product categories field of user
self.env['ir.rule'].clear_cache()
That code clear the cache of rules so the rules apply the new domain.
Add self.env['ir.rule'].clear_cache() into create() and write() method of your model.
How to filter records for tree view based on logged in user. For Admin, Manager i want show every record , for normal user I want show records created by that particular user only.
Below code sample I tried
For manager uid=12
For admin uid=1
<field name="domain">[('|',('create_uid','=',uid),('|',(uid,'=','1'),(uid,'=','12')))]</field>
Above code sample is throwing error
"ValueError: Invalid leaf ['|', ['create_uid', '=', 1], ['|', [1, '=',
'1'], [1, '=', '12']]]"
Row-level access rules are defined in the ir.rule model and can be created by adding a corresponding xml file to the module. The file is usually stored under security/ folder in your module directory.
For example I've taken user.purchase.records as the model
<?xml version="1.0" encoding="utf-8"?>
<odoo>
<data>
<record id="user_purchase_record_rule" model="ir.rule">
<field name="name">Records created by current user only</field>
<field name="model_id" ref="model_user_purchase_records"/>
<field name="domain_force">[('create_uid','=',user.id)]</field>
<field name="groups" eval="[(4,ref('base.group_user'))]"/>
</record>
</data>
</odoo>
Finally add this file path in your manifest.py file.
A domain it's composed by 3 elements, (field_in_your_model, operator, value), I don't know if you are working with a known model or it's your definition, but you got that error because uid it's a reserved word for odoo, not a field in a model.
And the best approach for your requirement its make rules, for your groups of users, something like sale groups:
Rule for Sale / User: Own Documents Only:
['|',('user_id','=',user.id),('user_id','=',False)]
I hop this answer can be helpful you.
I have developed new module but facing problem.
Installing custom module on server, without access rights on menus and views, my module works properly.
But when i install module with access rights , just blank page appear instead of list of installed module.
Actual screen:
Blank screen:
Access right:
Security:
One of the thing that i learned when i was learning security in odoo:
if you are getting a blank page that's mean that you did not give you user the needed groups is base.group_user Witch is employee group. because backend is for employee of the company you need to give the user this group in order to see the backend. here is a picture of my screen when i logged ing using the administrator but i removed manually the base.group_user :
so if you are creating a new groups for your new user you need to give it at least base.roup_user
in code example stock_security model :
<record id="group_stock_user" model="res.groups">
<field name="name">User</field>
<field name="category_id" ref="base.module_category_warehouse_management"/>
<field name="implied_ids" eval="[(4, ref('base.group_user')), (4, ref('stock.group_locations'))]"/>
</record>
Here they are defining a new group Named user that include base.group_user
so my question is are you connecting with administrator or a new user
now i have two question :
are you connecting using Administrator or a new user with new groups?
if you are using administrator is the screen i blank page like the one in the picture or you have the menu apps and setting but you don't have your costum menus?
EDITS :
if the menu is not shown to user then the user don't have acces
rights to the model you need to gave the read acces to the group
ir.model.access.csv
"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
// in this example all user can read record of model : model.name because you didn't specify the group
"unic_xml_id_for_every_record","name what ever you want","model_model_name",,1,0,0,0
// in this example only user belong to group some_group_xmlid can read record of model.name
"unic_xml_id_for_every_record","name what ever you want","model_model_name","some_group_xmlid",1,0,0,0
// user belong to group some_group_xmlid can read and create records of model.name
"unic_xml_id_for_every_record","name what ever you want","model_model_name","some_group_xmlid",1,0,1,0
exmple
ir.model.access.csv
"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
"mode_name_id_1","model_name all","model_model_name",,1,0,0,0
"mode_name_id_2","model_name create_acces","model_model_name","some_group_xmlid",1,0,1,0
Could you just show our what you JS console showing?
if you want your user to see a menu that show view of model.test and let us suppose that your used_id is test_user
and your group xml group_xml_id:
add the group to your user :
<!--
this will add the group to the existing groups if you want
to replace them [(6,0,[ref('group_xml_id'),]]
-->
<record id="test_user" model="res.users">
...
...
<field name="groups" eval="[(4, ref('group_xml_id')]"/>
</record>
add access role to users of group_xml_id:
"user_test_full_acces","USER TEST FULL ACCES","model_model_test","group_xml_id",1,1,1,1
if you want the menu to be seen only by the user belong to group group_xml_id:
<menu ....... groups="module_name.group_xml_id"/>
thouse are the roles that you need to respect in order to see the menu.
this query will show if your user have the wanted groups if you don't find the group
then you are doing something wrong you should check __manifest__ may be you forget to
put the xml file.
select p.name, g.name from res_users u
INNER JOIN res_partner p on u.partner_id = p.id
inner join res_groups_users_rel r on u.id = r.uid
INNER JOIN res_groups g on r.gid = g.id
order by p.name
Im having problems with creating a filter on stock.picking object. Just recently i build a simple "privilege relay" - in each stock location you can define "Assigned User Group", thanks to that users that are in particular group can or cannot confirm moves for or out of the location.
Stock.picking:location_id -> assigned_user_group -> users
Now I would like to create a filter (later to be set default) on stock picking tree view that will show only the moves which locations (source location and destination location; i use them in stock.picking object) can be managed by a viewing user.
By far I wrote a filter that looks like that:
<record id="view_picking_internal_search_pl" model="ir.ui.view">
<field name="model">stock.picking</field>
<field name="inherit_id" ref="stock.view_picking_internal_search"/>
<field name="arch" type="xml">
<filter icon="terp-dialog-close" name="done" string="Done" domain="[('state','=','done')]" help="Pickings already processed" position="after">
<filter icon="terp-check" name="locgroup" string="Location Group" domain="[('user_id','in',[user.id for user in location_id.user_group.users])]" context="{'group_by':'date'}"/>
</filter>
</field>
</record>
I also added field location_id to the tree view.
But Im still getting an error (after choosing the filter) that even google doesnt know anything about:
TypeError: results.group_by is undefined
My questions are:
By looking on domain in filter field - what am i doing wrong?
Is something like that even possible?
I will gladly welcome any help.
Firstly, i think your domain is not correct, it could have been :
[('user_group.users.id', '=', uid)]
(because the first element of the tuple is a field on the model; and uid is a special value supplied in search views)
Next, This error :
TypeError: results.group_by is undefined
Seems to be a Javascript Error (coming from openerp-web interface), it often throws error like that when it receives unexpected values (when we make a mistake defining a view for example).
can you tell us if using the domain above solved your problem ?
NB: does your field user_group is a required field ? If not, i think the domain above won't display picking where user_group is not set, if you want to display picking where user_group is not set too, you can set a domain like that:
['|',('user_group.users.id', '=', uid), ('user_group','=',False)]
Regards