project.project Odoo11 上的访问规则
[英]Access Rules on project.project Odoo11
问题描述
I have a new group (Project Lead).
我有一个新小组(项目负责人)。 This group needs to read other projects, and write his own project.这个小组需要阅读其他项目,并编写自己的项目。 Example: user1 is a manager in project001 and user2 is a manager in project002.示例:user1 是 project001 的经理,user2 是 project002 的经理。 We need for user1: edit only project001 and he needs to read project002.我们需要user1:只编辑project001,他需要阅读project002。
I have tried the code below, but it did not work.我已经尝试了下面的代码,但它没有工作。
In XML在 XML
<record id="group_project_lead" model="res.groups">
<field name="name">Lead</field>
<field name="category_id" ref="base.module_category_project_management"/>
</record>
<record id="project_project_lead_rule1" model="ir.rule">
<field name="name">Project: Lead to view only others document</field>
<field name="model_id" ref="project.model_project_project"/>
<field name="groups" eval="[(4, ref('project_user_access.group_project_lead'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
<field name="domain_force">[('user_id','!=',user.id)]</field>
</record>
<record id="project_project_lead_rule2" model="ir.rule">
<field name="name">Project: Lead to write own document</field>
<field name="model_id" ref="project.model_project_project"/>
<field name="groups" eval="[(4, ref('project_user_access.group_project_lead'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
<field name="domain_force">[('user_id','=',user.id)]</field>
</record>
In CSV(Tried with CSV and also Without CSV)在 CSV 中(尝试使用 CSV 并且也没有 CSV)
access_project_project_group_lead,project_project_group_lead,project.model_project_project,project_user_access.group_project_lead,1,1,1,1
2 个解决方案
解决方案1
0 2019-10-18 16:16:41
Have you tried using two different groups for each record rule and assign users accordingly您是否尝试过为每个记录规则使用两个不同的组并相应地分配用户
<record id="group_project_lead_others" model="res.groups">
<field name="name">Lead can view others</field>
<field name="category_id" ref="base.module_category_project_management"/>
</record>
<record id="group_project_lead_own" model="res.groups">
<field name="name">Lead can edit own</field>
<field name="category_id" ref="base.module_category_project_management"/>
</record>
<record id="project_project_lead_rule1" model="ir.rule">
<field name="name">Project: Lead to view only others document</field>
<field name="model_id" ref="project.model_project_project"/>
<field name="groups" eval="[(4, ref('project_user_access.group_project_lead_others'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
<field name="domain_force">[('user_id','!=',user.id)]</field>
</record>
<record id="project_project_lead_rule2" model="ir.rule">
<field name="name">Project: Lead to write own document</field>
<field name="model_id" ref="project.model_project_project"/>
<field name="groups" eval="[(4, ref('project_user_access.group_project_lead_own'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
<field name="domain_force">[('user_id','=',user.id)]</field>
</record>
解决方案2
0 2019-10-18 17:31:10
Because they have read access on every record use this:因为他们对每条记录都有读取权限,所以使用这个:
<record id="project_project_lead_rule1" model="ir.rule">
<field name="name">Project: Lead to view only others document</field>
<field name="model_id" ref="project.model_project_project"/>
<field name="groups" eval="[(4, ref('project_user_access.group_project_lead'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
<field name="domain_force">[(1,'=', 1)]</field>
</record>
When you do this [('user_id',',='.user.id)] you are saying that this group is allwode to read only project of other users not there owns, instead you could do this ['|', ('user_id',',='.user,id), ('user_id','='.user.id)] but the convention is to use this [(1,'=', 1)] when there is no condition to prevent them from reading any record.当你这样做时[('user_id',',='.user.id)]你是说这个组是allwode只读其他用户不拥有的项目,而不是你可以这样做['|', ('user_id',',='.user,id), ('user_id','='.user.id)]但约定是在没有时使用这个[(1,'=', 1)]条件以防止他们读取任何记录。
Now because They are allowed to modify there own projects only:现在因为他们只允许修改自己的项目:
<record id="project_project_lead_rule2" model="ir.rule">
<field name="name">Project: Lead to write own document</field>
<field name="model_id" ref="project.model_project_project"/>
<field name="groups" eval="[(4, ref('project_user_access.group_project_lead'))]"/>
<!-- apply this domain only in [write, create, unlink] permissions don't forget they are allowed to see other project-->
<field name="perm_read" eval="False"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="True"/>
<field name="perm_unlink" eval="True"/>
<field name="domain_force">[('user_id','=',user.id)]</field>
</record>
In you access write file you give them all permission so make sure that they are only allowed to touch there projects (write, create, delete) .在您访问写入文件时,您授予他们所有权限,因此请确保他们只被允许触摸那里的项目(write, create, delete) 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.