0

I am modifying leave management module in Odoo 9.0 and in that when i am creating the employee user i am unable to restrict the user to see the other employees leave . so in my case they are able to see every employees leave so what kind of restriction should i give so that they cannot see other persons leave request and be just see their own. I have already tried giving the permission to the user but it doesn't worked for me Is there any kind of changes to be made in file or permissions or any other solutions for the same .

i want to restrict employee to view others leave

as shown in the image i am able to see each an every employees leave request when i am removing the filters. I want to restrict this from employee perspectives so how can i do it

saumil thaker
  • 1
  • 2
  • 1
    put your code in your question..... – Jainik Patel Jan 08 '16 at 13:06
  • http://stackoverflow.com/questions/10945270/tasks-should-show-up-only-if-the-user-has-been-assigned-it see this link – Jainik Patel Jan 08 '16 at 13:09
  • @JainikPatel i want to restrict the employee user for seeing only his own leave request and not of all. when i am removing the filters the employee user is able to see all the leave request so please help me for that – saumil thaker Jan 09 '16 at 13:02

2 Answers2

0

OpenERP has two kinds of security restrictions that can be assigned to a user group:

  • Access Rights are CRUD yes/no flags (similar to Unix FS permissions), and allow per-model access control. They state whether members of this group may perform a Create, Read, Update, and Delete operation on any document of a certain document model (e.g. a project task). The default policy is DENY, so by default any operation will be refused if the user does not explicitly have the right to perform it via one of her groups' access rights.
  • Record Rules are filters applied on CRUD operations, and allow per-document access-control, once access right are already granted. Users will only be able to perform an operation on a given document if the document matches at least one of the record rules. The default policy is ALLOW, so if no rule exists for a given model, all documents of that model may be accessed by users who have the necessary access rights.

Both Access Rights and Record Rules may also be defined globally without assigning them to a specific group, in which case they apply to everyone. There is one pitfall for Record Rules: global rules may NOT be relaxed by other rules (on purpose!), so use with care.

In your case it looks like you should define one extra Record Rule on the Project User group that explicitly restricts access on Project Tasks to your own tasks (and presumably those that are not assigned yet). You need to create a new entry in the Security Rules menu with these parameters:

  • object/model:project.task
  • domain: ['|',('user_id','=',False),('user_id','=',user.id)]
    • (means: your own tasks and unassigned ones)
  • apply for read: [x]
  • apply for write: [x]
  • apply for create: [x]
  • apply for delete: [x]
  • groups: Project / User

The domain of a record rule is a standard OpenERP domain that is evaluated on the records on which you are trying to perform the operation, and can refer to a user variable that contains the current user's data (technically, a browse_record on the current user). Look for search() in the list of ORM methods for a full description of domain.

If you want to allow special users (e.g. Project Managers) to view all tasks in the system, you can relax this rule for them by adding another rule to the Project Manager group which allows access to all tasks. There is a special "domain filter" that means "ALLOW ALL" and is useful to relax another stricter rule: [(1,'=',1)].

Note: Have a look at the existing Record Rules to see what they're doing first, and be sure to read the explanations on the Record Rule form when you are adding yours. And remember that if you do something wrong with Access Rights and Record Rules, you can always fix the mess with the admin account, as these security restrictions do not apply to the admin (similarly to the root user on Unix).

OthmaneFARAJ
  • 36
  • 3
  • thanks for you reply . please find the post again i have made some specifications and edited my post, also find the attachments . – saumil thaker Jan 09 '16 at 08:50
0

In your case we will add a new security record rule for the hr.holidays model

<record model="ir.rule" id="per_employee_user_rule">
    <field name="name">Employee: see the individual Record</field>
    <field name="model_id" ref="hr_holidays.model_hr_holidays"/>
    <field name="domain_force">['|',('employee_id.user_id','=',False),('employee_id.user_id','=',user.id)]</field>
    <field name="groups" eval="[(4,ref('base.group_user'))]"/>
</record>

Hear we are getting user_id based on employee form. Its totally part of related user_id field in Odoo Employee form view which is useful only when We are assign Employee login to the particular users.

I hope my answer may helpful for you :)

DASADIYA CHAITANYA
  • 2,850
  • 3
  • 18
  • 41