1

I have extended product.template form view with new notebook page. My intention was to hide the new page with groups attribute in order to not block other users (only to hide the elements). Unfortunately this does not work and when user who isnt part of security group used in groups attr opens product form, he gets blocked. Page is indeed hidden but I still get Access Error

enter image description here

I have traced the problem to one field element in new form view. When I comment it out everything works fine

<field name="vendor_connector_ids"
       widget="many2many_checkboxes"
       attrs="{'required' : [('can_be_tracked', '=', True)]}"
/>

vendor_connector_ids = fields.Many2many(comodel_name="vendor.connector", string="Vendor Connectors")

Also the can_be_tracked field is simple bool.

can_be_tracked = fields.Boolean(string="Can be Tracked")

New product form view (View was simplified):

<record id="product_template_form_view" model="ir.ui.view">
    <field name="name">product.template.form.view.inherit.substitutes</field>
    <field name="model">product.template</field>
    <field name="inherit_id" ref="product.product_template_only_form_view"/>
    <field name="arch" type="xml">

        <div name="options" position="inside">
            <div groups="vendor_eshop_connector.vendor_connector_group_user">
                <field name="can_be_tracked"/>
                <label for="can_be_tracked" string="Has Substitutes"/>
            </div>
        </div>
        
        <!-- Other elements here -->

        <notebook position="inside">
            <page name="vendor_tracking"
                  string="Substitutes and Suppliers"
                  groups="vendor_eshop_connector.vendor_connector_group_user"
                  attrs="{'invisible' : [('can_be_tracked', '=', False)]}">

                <group name="tracking" >
                    
                    <group string="Suppliers" name="vendor_connectors">
                        <!-- THIS FIELD HERE IS THE PROBLEM -->
                        <field name="vendor_connector_ids"
                               widget="many2many_checkboxes"
                               attrs="{'required' : [('can_be_tracked', '=', True)]}"
                        />
                    </group>
                        <!-- Other elements here -->
                    <group>
                        <!-- Other elements here -->                           
                    </group>
                </group>
            </page>
        </notebook>
    </field>
</record>

How can I hide the page for non members of group vendor_eshop_connector.vendor_connector_group_user without blocking them entirely?

xixo222
  • 157
  • 2
  • 9

1 Answers1

1

When you don't put the groups attribute directly on the field, Odoo might still try to read its value when you open any kind of view, and lead to that error. The error will also happen when you call read somewhere in your python code, but the current user does not have the required groups, for example:

product_template = self.env['product_template'].browse(1)
product_template.read()

So if you want to restrict a field to some specific groups, always consider putting the groups attribute directly on the definition of that field in python:

vendor_connector_ids = fields.Many2many(comodel_name="vendor.connector", string="Vendor Connectors", groups="vendor_eshop_connector.vendor_connector_group_user")
Giang Phạm
  • 13
  • 4