Hi, I think point 2 is actually solved in the openerp 7 itself. Refer http://stackoverflow.com/questions/11580150/field-readonly-and-groups-attribute also refer https://answers.launchpad.net/openobject-server/+question/178779
On Fri, Jan 2, 2015 at 7:56 PM, Ludwik Trammer <lud...@trammer.pl> wrote: > *Note: I've already posted this message to the @mail.odoo.com > <http://mail.odoo.com> mailing list. It was suggested to me that I should > also post it here.* > > Hi, > > I learned about Odoo just four months ago. Since then I've done quite a > lot of work with the Odoo programming framework - I created almost 20 Odoo > modules for two clients, started a blog about Odoo development and posted > answers to a dozen Odoo related questions on Stack Overflow. > > The more I develop with Odoo the more I feel there is one area that is > really lacking - per field permissions. > > Yes, I know about the "groups" attribute - one can specify it on a model > field to make it available to selected groups only. That's certainly a > start. But this is not enough for more advanced uses. > > Couple of example of things that would be very useful (or in my case - > necessary) in that area: > > 1. Something similar to the "groups" attribute, but limited to the "write" > permissions. It would make other groups able to read the field, but only > chosen groups would be able to modify it. > This should both make the field appear readonly in forms (for users > without modify privileges for that field) and validate the privileges when > saving the model. > > 2. Rule-based per-field permissions. Something similar to ir.rule, but > checked per individual field. This could look like this: > > *members = fields.many2many(* > * 'res.users',* > * read_rule="[('members', '=', user.id <http://user.id>)]",* > * write_rule="[('manager', '=', user.id <http://user.id>)]",* > *)* > > Let's say this is a filed on a Project model. This would mean that only > manager of this project is able to add/remove its members and only members > of this project are able to see other members (readonly). > > You are not able to achieve anything even remotely similar using only > group permissions. > > For consistency, the way group based per-field permissions ("groups" and > "grups_modify") would interact with rule based per-field permissions would > mirror the way ir.model.access and ir.rule interact. > > 3. Record rules should be reflected in the way views are presented to the > user. If user doesn't have "write" access to the given object she should > not be presented with an "edit" button. Similarly lack of "unlink" > permissions should hide the "remove" option. Currently this works with > access rules (ir.model.access), but not with record rules (ir.rule) > This issue confuses the heck out of my users (understandably). This means > I'll be forced to roll my own solution for the issue, but this seams as > something that should be dealt with on the framework layer. > > Are those issue something that the Odoo Team is currently looking into? > Are there any plans for improvements in Odoo 9? > > Ludwik Trammer > > _______________________________________________ > Mailing list: https://launchpad.net/~openerp-community > Post to : openerp-community@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openerp-community > More help : https://help.launchpad.net/ListHelp > > -- Omal Bastin
_______________________________________________ Mailing list: https://launchpad.net/~openerp-community Post to : openerp-community@lists.launchpad.net Unsubscribe : https://launchpad.net/~openerp-community More help : https://help.launchpad.net/ListHelp
