权限细分

odoo原生权限编写方式: 

根据用户组分配权限



 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink

access_sale_order,sale.order,model_sale_order,sales_team.group_sale_salesman,1,1,1,0

access_sale_order_manager,sale.order.manager,model_sale_order,sales_team.group_sale_manager,1,1,1,1


<record id="group_sale_salesman" model="res.groups">

<field name="name">User: Own Documents Only</field>

    <field name="category_id" ref="base.module_category_sales_sales"/>

    <field name="implied_ids" eval="[(4, ref('base.group_user'))]"/>

    <field name="comment">the user will have access to his own data in the sales application.</field>

</record>


<record id="group_sale_salesman_all_leads" model="res.groups">

    <field name="name">User: All Documents</field>

    <field name="category_id" ref="base.module_category_sales_sales"/>

    <field name="implied_ids" eval="[(4, ref('group_sale_salesman'))]"/>

    <field name="comment">the user will have access to all records of everyone in the sales application.</field>

</record>


<record id="group_sale_manager" model="res.groups">

    <field name="name">Administrator</field>

    <field name="comment">the user will have an access to the sales configuration as well as statistic reports.</field>

    <field name="category_id" ref="base.module_category_sales_sales"/>

    <field name="implied_ids" eval="[(4, ref('group_sale_salesman_all_leads'))]"/>

    <field name="users" eval="[(4, ref('base.user_root')), (4,ref('base.user_admin'))]"/>

</record>

在menu、button等的groups中设置权限 

<menuitem id="menu_sale_quotations" action="action_quotations_with_onboarding"

          groups="sales_team.group_sale_salesman" sequence="10"/>

细分权限


官方的权限分得不是很细,按照业务的需求,我们可以把权限细分。比如按照增删改查去划分权限,甚至是页面上的按钮、page页: 

id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink

access_121,mes.production.line.change,model_mes_production_line_change,mes_production_line_change_read,1,0,0,0

access_122,mes.production.line.change,model_mes_production_line_change,mes_production_line_change_write,0,1,0,0

access_123,mes.production.line.change,model_mes_production_line_change,mes_production_line_change_create,0,0,1,0

access_124,mes.production.line.change,model_mes_production_line_change,mes_production_line_change_unlink,0,0,0,1

<!--增删改查-->

<record model="res.groups" id="mes_production_line_change_read">

    <field name="name">Production Line Change Read</field>

    <field name="category_id" ref="mes_base.module_category_HHY_MES"/>

    <field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>

</record>

<record model="res.groups" id="mes_production_line_change_write">

    <field name="name">Production Line Change Write</field>

    <field name="category_id" ref="mes_base.module_category_HHY_MES"/>

    <field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>

</record>

<record model="res.groups" id="mes_production_line_change_create">

    <field name="name">Production Line Change Create</field>

    <field name="category_id" ref="mes_base.module_category_HHY_MES"/>

    <field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>

</record>

<record model="res.groups" id="mes_production_line_change_unlink">

    <field name="name">Production Line Change Unlink</field>

    <field name="category_id" ref="mes_base.module_category_HHY_MES"/>

    <field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>

</record>


<!--按钮-->

<record model="res.groups" id="mes_production_line_btn_action_submit">

    <field name="name">Production Line Change btn Submit</field>

    <field name="category_id" ref="mes_base.module_category_HHY_MES"/>

    <field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>

</record>


...


<record model="res.groups" id="mes_production_line_btn_action_cancel">

    <field name="name">Production Line Change btn Cancel</field>

    <field name="category_id" ref="mes_base.module_category_HHY_MES"/>

    <field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>

</record>


<button name="action_submit" string="Submit Application" states="draft"

        class="oe_highlight" confirm="Are you sure you want to submit?" type="object"

        groups="mes_base.mes_production_line_btn_action_submit" />


<!--page-->

<record model="res.groups" id="mes_production_ready_page_order_dispatch">

    <field name="name">Production Ready Page Work Order Dispatch</field>

    <field name="category_id" ref="mes_base.module_category_HHY_MES"/>

    <field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>

</record>


...


<record model="res.groups" id="mes_production_ready_page_worksite_record">

    <field name="name">Production Ready Page Worksite Record</field>

    <field name="category_id" ref="mes_base.module_category_HHY_MES"/>

    <field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>

</record>


<page name="order_dispatch_ids" string="Work Order Dispatch"

      groups="mes_base.mes_production_ready_page_order_dispatch">

</page>

这样,我们就可以单独分配增删改查等权限


王柏茗 2024年5月20日
分析这篇文章

我们的博客
存档
登录 留下评论
tree视图勾选批量修改