This question has been flagged
23 Replies
45606 Views

Hi, I have a field in invoice(say reference number). Only the users coming under the group 'Financial Manager' can edit the field. All other users can view these fields as readonly field. Is it possible to achieve this?

Thanks in advance.

Avatar
Discard

@Omal Bastin  Thanks for your answer . It really helped me in my project.

Idea:

Create a boolean field, make that field True for those group of users, for which you want to make field readonly. And on the basis of that boolean field, make desired field readonly.

Author Best Answer

Another simple solution.

First create your form view. Then inherit the view also specify the groups. for example in sale order form view, i want to make the customer reference(client_order_ref) field is readonly for everyone except group group_financial.

<record id="view_order_form_cust_ref_readonly" model="ir.ui.view">
    <field name="name">sale.order.form.readonly.cust</field>
    <field name="model">sale.order</field>
    <field name="inherit_id" ref="sale.view_order_form"/>
    <field name="groups_id" eval="[(6, 0, [ref('base.group_financial') ])]"/>
    <field name="arch" type="xml">
        <field name='client_order_ref' position="attributes">
            <attribute name="readonly">0</attribute>
        </field>
    </field>
</record>
Avatar
Discard

This is a view customization which can be easily bypassed. It should be used only for useability, not access control and security.

Using direct json call for example.

Author

Okey then how can we make a field readonly based on group and status/state?

Try reading my answer to this question.

Author

function field will only execute when saving the record. i dont think create/write is a good option and also the property field.

what if the whole view needs to readonly? Is that possible??

Best Answer

If you need to enforce access control to the field, you should not use view customization as it is just a cosmetic behavior and can be easily bypassed.

For a real field/column access control, you should use one of the following options:

Option 1: Use the new field level access control

Using groups='group1, group2, ...' in field definition restricts the field to the specified groups. Currently, you cannot control specific read or write, only allow or prevent access.

In this case, you may create functional field that can be displayed for restricted users. The function for that fields must use the user id openerp.SUPERUSER_ID or integer 1 to read the original field, not the current user id.

from openerp import SUPERUSER_ID
....
class MyClass(osv.Model):
...
    def _myfield_reader(self, cr, uid, ids, name, args, context=None):
        values = self.read(cr, uid, SUPERUSER_ID, ids, ['myfield'], context=context)
        return {v['id']:v['myfield'] for v in values}

Option 2: Override create() and write() methods

By overriding these methods, you can raise AccessError exception if a restricted user tried to write that field value.


Option 3: Use fields.property field

Property fields are stored as ir.property records. So, standard record access control can be used to protect it. Check for example property_account_* fields defined for res.partner in account/partner.py in the account module.

Avatar
Discard
Author

i want to make the invoice sequence fields in account.config.settings view in openerp 7(in Settings/Configuration/Accounting) to be readonly for every users except admin(uid=1)

You should use a record rule directly on the sequence object. The configuration wizard just takes the user input and applies the change to the sequence object. It is a different concept; check this answer. You can ask another question and someone may help.

Author

i didnt get a correct answer but i hope these are some options that we can do. so accepting it as answer

Suppose I have many2one field "demo_field" and I have two groups "demogroup1","demogroup2" then for demo1 group I want demo_field as default functoinality of many2one field and for demogroup2 demo_field is readonly then what can I do?

Author

@vaibhav please check the answer that is marked as correct answer

Thanks @Mohammad: Nice and meaning-full answer :)

hi there! is this possible to achieve in Odoo online ?

The Best Answer

Best Answer

If you need it widely, what you can do is override the fields_view_get method.

If this is only for few fields, you can create a readonly related field and use groups in xml to define which one is seen.

<field name="my_field" groups="group_editors"/>
<field name="rel_my_field" groups="group_viewers"/>
Avatar
Discard

View customization using fields_view_get or groups=... XML attributes is just for usability, not a security measure. Fields can still be updated easily using simple json queries in browser console.

Thanks Mohammad, As question was not tagged with security tag previously, I understood it only as a matter of readonly in visualization. It depends if this is a real security issue or simply a way to ease user's experience.

Suppose I have many2one field "demo_field" and I have two groups "demogroup1","demogroup2" then for demo1 group I want demo_field as default functionality of many2one field and for demogroup2 demo_field is readonly then what can I do?

Author

@vaibhav please check the answer that is marked as correct answer

but related field is not storing in DB ? So how to display that field in tree view ?

Best Answer

Basic field properties (Required,Readonly,Searchable) can not be modified by the configuration! must change the code in Python and preferably by adding a new module. but you can edit fields personalized.

Avatar
Discard