Access Rules on project.project Odoo11

Question

I have a new group (Project Lead). This group needs to read other projects, and write his own project. Example: user1 is a manager in project001 and user2 is a manager in project002. We need for user1: edit only project001 and he needs to read project002.

I have tried the code below, but it did not work.

In XML

<record id="group_project_lead" model="res.groups">
    <field name="name">Lead</field>
    <field name="category_id" ref="base.module_category_project_management"/>
</record>

<record id="project_project_lead_rule1" model="ir.rule">
    <field name="name">Project: Lead to view only others document</field>
    <field name="model_id" ref="project.model_project_project"/>
    <field name="groups" eval="[(4, ref('project_user_access.group_project_lead'))]"/>
    <field name="perm_read" eval="True"/>
    <field name="perm_write" eval="False"/>
    <field name="perm_create" eval="False"/>
    <field name="perm_unlink" eval="False"/>
    <field name="domain_force">[('user_id','!=',user.id)]</field>
</record>
<record id="project_project_lead_rule2" model="ir.rule">
    <field name="name">Project: Lead to write own document</field>
    <field name="model_id" ref="project.model_project_project"/>
    <field name="groups" eval="[(4, ref('project_user_access.group_project_lead'))]"/>
    <field name="perm_read" eval="True"/>
    <field name="perm_write" eval="True"/>
    <field name="perm_create" eval="False"/>
    <field name="perm_unlink" eval="False"/>
    <field name="domain_force">[('user_id','=',user.id)]</field>
</record>

In CSV(Tried with CSV and also Without CSV)

access_project_project_group_lead,project_project_group_lead,project.model_project_project,project_user_access.group_project_lead,1,1,1,1

score 0 · Answer 1 · answered Oct 18 '19 at 16:16

Have you tried using two different groups for each record rule and assign users accordingly

<record id="group_project_lead_others" model="res.groups">
    <field name="name">Lead can view others</field>
    <field name="category_id" ref="base.module_category_project_management"/>
</record>

  <record id="group_project_lead_own" model="res.groups">
        <field name="name">Lead can edit own</field>
        <field name="category_id" ref="base.module_category_project_management"/>
    </record>

<record id="project_project_lead_rule1" model="ir.rule">
    <field name="name">Project: Lead to view only others document</field>
    <field name="model_id" ref="project.model_project_project"/>
    <field name="groups" eval="[(4, ref('project_user_access.group_project_lead_others'))]"/>
    <field name="perm_read" eval="True"/>
    <field name="perm_write" eval="False"/>
    <field name="perm_create" eval="False"/>
    <field name="perm_unlink" eval="False"/>
    <field name="domain_force">[('user_id','!=',user.id)]</field>
</record>
<record id="project_project_lead_rule2" model="ir.rule">
    <field name="name">Project: Lead to write own document</field>
    <field name="model_id" ref="project.model_project_project"/>
    <field name="groups" eval="[(4, ref('project_user_access.group_project_lead_own'))]"/>
    <field name="perm_read" eval="True"/>
    <field name="perm_write" eval="True"/>
    <field name="perm_create" eval="False"/>
    <field name="perm_unlink" eval="False"/>
    <field name="domain_force">[('user_id','=',user.id)]</field>
</record>

i can't get the result. and also we need only one group to map all managers. — Prabakaran R, Oct 19 '19 at 05:25

score 0 · Answer 2 · answered Oct 18 '19 at 17:31

Because they have read access on every record use this :

<record id="project_project_lead_rule1" model="ir.rule">
    <field name="name">Project: Lead to view only others document</field>
    <field name="model_id" ref="project.model_project_project"/>
    <field name="groups" eval="[(4, ref('project_user_access.group_project_lead'))]"/>
    <field name="perm_read" eval="True"/>
    <field name="perm_write" eval="False"/>
    <field name="perm_create" eval="False"/>
    <field name="perm_unlink" eval="False"/>
    <field name="domain_force">[(1,'=', 1)]</field>
</record>

When you do this [('user_id','!=',user.id)] you are saying that this group is allwode to read only project of other users not there owns, instead you could do this ['|', ('user_id','!=',user.id), ('user_id','=',user.id)] but the convention is to use this [(1,'=', 1)] when there is no condition to prevent them from reading any record.

Now because They are allowed to modify there own projects only:

<record id="project_project_lead_rule2" model="ir.rule">
    <field name="name">Project: Lead to write own document</field>
    <field name="model_id" ref="project.model_project_project"/>
    <field name="groups" eval="[(4, ref('project_user_access.group_project_lead'))]"/>
    <!-- apply this domain only in [write, create, unlink] permissions don't forget they are allowed to see other project-->
    <field name="perm_read" eval="False"/>
    <field name="perm_write" eval="True"/>
    <field name="perm_create" eval="True"/>
    <field name="perm_unlink" eval="True"/>
    <field name="domain_force">[('user_id','=',user.id)]</field>
</record>

In you access write file you give them all permission so make sure that they are only allowed to touch there projects (write, create, delete).

I have tried your technique still rules did not affect. can you give me any reference. — Prabakaran R, Oct 19 '19 at 05:22
Did you use noupdate ? And what is wrong in your access rights now ? Does the group see other records ? Or only there own projects — Charif DZ, Oct 19 '19 at 06:11
no i don't use no update. and also i have editted in technical settings. if i use the csv all document had full access if i remove csv all document had edit only mode to all managers. — Prabakaran R, Oct 20 '19 at 07:09

Access Rules on project.project Odoo11

2 Answers2