devops_admin
/
odex25_standard
mirror of https://github.com/hydracp9/odex25_standard
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
odex25_standard/odex25_base/tour_genius/security/rules.xml

43 lines
2.3 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<odoo>
<data noupdate="1">
<!-- Record Rule: Standard Users can only see Published Topics -->
<record id="rule_genius_topic_published_only" model="ir.rule">
<field name="name">Genius Topic: Published Only for Standard Users</field>
<field name="model_id" ref="model_genius_topic"/>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
<field name="domain_force">[('state', '=', 'published'), ('active', '=', True)]</field>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<!-- Record Rule: Genius Users/Instructors/Admins see everything (handled by existing group rules or lack thereof) -->
<!-- Odoo's additive nature means if they are in group_genius_user, they might need an explicit rule if global rules restrict them,
BUT here we are applying a GROUP rule to base.group_user.
If a Genius User is ALSO a base.group_user (which they are), this rule applies.
SO we must allow Genius Users to see everything via another rule or make the above rule EXCLUDE them?
Actually, access rights are additive but Record Rules are:
- Global rules (no group) are INTERSECTED (AND)
- Group rules are UNIONED (OR)
So if I add a rule for base.group_user, it allows access to published.
I need another rule for group_genius_user to allow access to ALL (or draft).
-->
<record id="rule_genius_topic_all_for_genius_users" model="ir.rule">
<field name="name">Genius Topic: All for Genius Users</field>
<field name="model_id" ref="model_genius_topic"/>
<field name="groups" eval="[(4, ref('group_genius_user'))]"/>
<field name="domain_force">[(1, '=', 1)]</field> <!-- Allow everything -->
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="True"/>
<field name="perm_unlink" eval="True"/>
</record>
</data>
</odoo>
Reference in New Issue View Git Blame Copy Permalink