How to manage security with One2many fields in Odoo?

匿名 (未验证) 提交于 2019-12-03 01:03:01

问题:

I have a doubt about security groups in Odoo 8, I will show a simple example to make it more understandable:

I have created two new models, Mother and Child. The relationship between them is that a mother can have several children, but a child will only have one mother. Therefore, we have an One2many field pointing to Child (named child_ids) in Mother, and a Many2one pointing to Mother (named mother_id) in Child.

Now, I have an user who can create some children, but not mothers. When he creates a child, he will only be able to select between a mother already created by other users with more privileges.

The problem

When this user creates the child, a security error raises telling that the user belongs to a group which cannot modify the Mother model. I think this is due to that when a child is created, the field child_ids of Mother is automatically modified.

Temporal solution

For the moment I have solved this giving writing permissions in Mother model to the group of the mentioned user. Because of this, when the user opens the form to create a child and selects a mother in mother_id, the open and edit icon is shown beside it. If the user clicks on it, he can modify the mother freely, which I do not want. I have hidden that icon, but due to this nobody can modify the mother from here, which I do not want neither. In addition to this, if the field mother_id appeared in other part which I did not know, the open and edit icon would not even be hidden.

Note

In the real case, I have not even created the field child_ids in Mother, I mean, I have only declared the Many2one mother_id in Child, but it seems that the program knows that an One2many field should exist in Mother, so I get the error mentioned above if I do not modify the writing permissions.

I have simplified my code and the problem is still there. Below you can read the whole code, I do not have anymore. If I remove the line related='mother_id.is_a_good_mother', from the field has_a_good_mother of Child, the ORM method write of Mother is not called (which is what I need).

Can anyone help me? Do you know how to achieve my purpose?

Python code

class mother(models.Model):     _name = 'mother'      name = fields.Char(string='Name', size=64, required=True)     is_a_good_mother = fields.Boolean(string='Is a good mother?')      @api.multi     def write(self, vals):         _logger.info('I DO NOT KNOW WHY WHEN CREATING A CHILD THIS ORM '                      'METHOD IS BEING EXECUTED, RECEIVING THE KEY '                      'is_a_good_mother')         return super(mother, self).write(vals)   class child(models.Model):     _name = 'child'      mother_id = fields.Many2one(comodel_name='mother',                                 string='Mother', ondelete='cascade')     has_a_good_mother = fields.Boolean(         string='Does the child have a good mother?',         related='mother_id.is_a_good_mother',         related_sudo=True)      @api.one     def create_child(self):         return {             'type': 'ir.actions.act_window_close',         } 

XML code

<?xml version="1.0" encoding="utf-8"?> <openerp>     <data>         <record id="child_create_form_view" model="ir.ui.view">             <field name="name">child.create.form</field>             <field name="model">child</field>             <field name="type">form</field>             <field name="arch" type="xml">                 <form string="A child">                     <group>                         <group col="2">                             <field name="id" invisible="1" />                             <field name="mother_id" required="1" options="{'no_open': True}" />                         </group>                         <group col="2">                             <field name="has_a_good_mother" invisible="1"/>                         </group>                     </group>                     <footer attrs="{'invisible': [('id','!=',False)]}">                         <button name="create_child" string="Create" type="object"                             class="oe_highlight" />                         or                         <button string="Discard" class="oe_link" special="cancel" />                     </footer>                 </form>             </field>         </record>         <record id="action_child_create_form" model="ir.actions.act_window">             <field name="name">Create child</field>             <field name="type">ir.actions.act_window</field>             <field name="res_model">child</field>             <field name="view_type">form</field>             <field name="view_mode">form</field>             <field name="view_id" ref="child_create_form_view" />             <field name="target">new</field>         </record>         <record id="res_partner_test_view" model="ir.ui.view">             <field name="name">res.partner.test.form</field>             <field name="model">res.partner</field>             <field name="inherit_id" ref="base_location.view_partner_form" />             <field name="type">form</field>             <field name="arch" type="xml">                 <xpath expr="//field[@name='website']" position="after">                     <button name="%(test.action_child_create_form)d"                         string="Create child" type="action"                         class="oe_highlight oe_edit_only" />                 </xpath>             </field>         </record>     </data> </openerp> 
标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!