odoo权限管理
ir.model.access.csv文件这里注意,用户和经理的写法
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_demo_contract_lx,demo.contract.lx,model_demo_contract_lx,group_contract_user,1,0,0,0
access_demo_contract_lx_manager,demo.contract.lx,model_demo_contract_lx,group_contract_manager,1,1,1,1
access_settle_account,settle.account,model_settle_account,group_contract_user,1,0,0,0
access_settle_account_manager,settle.account,model_settle_account,group_contract_manager,1,1,1,1
access_settle_account_line,settle.account.line,model_settle_account_line,group_contract_user,1,0,0,0
access_settle_account_line_manager,settle.account.line,model_settle_account_line,group_contract_manager,1,1,1,1
access_sigining_contract,sigining.contract,model_sigining_contract,group_contract_user,1,0,0,0
access_sigining_contract_manager,sigining.contract,model_sigining_contract,group_contract_manager,1,1,1,1
access_pay_type,pay.type,model_pay_type,group_contract_user,1,0,0,0
access_pay_type_manager,pay.type,model_pay_type,group_contract_manager,1,1,1,1
一、创建权限
1.1、使用ir.module.category来定义权限组的分类
1.2、res.groups模型,定义权限角色
1.3、继承的权限implied_ids
1.4、users 默认指定
1.5、ref属性,其值必须是有效的 外部id,它将被查找并设置为该字段的值。
1.6、eval 属性提供的Python表达式并将结果设置为该字段的值。
<?xml version="1.0" encoding="utf-8"?> <openerp> <!--其中这一段,是文件定义组和组对菜单的访问权限--> <!--Noupdate 表示,当模块升级时是否更新本条数据。--> <!--对于demo 数据,通常设置成noupdate=”1”,即不更新,不指定noupdate 的话,默认值是noupdate=”0”。--> <data noupdate="0"> <record id="model_category_contract_management" model="ir.module.category"> <!--分类总的model为固定model id是自己取的--> <field name="name">合同</field> <!--哪个模块的分类--> <field name="sequence">16</field> </record> <record id="group_contract_user" model="res.groups"><!--model代表你自己要限制权限的哪个文件名--> <field name="name">用户</field> <field name="category_id" ref="model_category_contract_management"/><!--category_id 指定此组属于哪个应用程序(模块)--> <field name="implied_ids" eval="[(4, ref('base.group_user'))]"/> </record> <record id="group_contract_manager" model="res.groups"> <field name="name">经理</field> <field name="category_id" ref="model_category_contract_management"/> <field name="implied_ids" eval="[(4,ref('group_contract_user'))]"/> <!--包含--> <field name="users" eval="[(4,ref('base.user_root'))]"/> <!--超级用户权限--><!--users 指定了组里面的用户,这里表示把admin用户添加到该组--> </record> </data> </openerp>
一个完整的权限例子:各部门都要有各部门的权限:
<?xml version="1.0" encoding="utf-8"?> <openerp> <!--其中这一段,是文件定义组和组对菜单的访问权限--> <!--Noupdate 表示,当模块升级时是否更新本条数据。--> <!--对于demo 数据,通常设置成noupdate=”1”,即不更新,不指定noupdate 的话,默认值是noupdate=”0”。--> <data noupdate="0"> <record id="model_demo_mrp" model="ir.module.category"> <!--分类总的model为固定model id是自己取的--> <field name="name">demo_mrp</field> <!--哪个模块的分类--> <field name="sequence">22</field> </record> <record id="group_demo_mrp_user_io" model="res.groups"><!--model代表你自己要限制权限的哪个文件名--> <field name="name">仓库</field> <field name="implied_ids" eval="[(4, ref('base.group_user'))]"/> <field name="category_id" ref="model_demo_mrp"/> </record> <record id="group_demo_mrp_manager_io" model="res.groups"><!--model代表你自己要限制权限的哪个文件名--> <field name="name">仓库经理</field> <field name="implied_ids" eval="[(4, ref('group_demo_mrp_user_io'))]"/> <field name="category_id" ref="model_demo_mrp"/> </record> <record id="group_demo_mrp_user_bussiness" model="res.groups"><!--model代表你自己要限制权限的哪个文件名--> <field name="name">业务部</field> <field name="implied_ids" eval="[(4, ref('base.group_user'))]"/> <field name="category_id" ref="model_demo_mrp"/> </record> <record id="group_demo_mrp_manager_bussiness" model="res.groups"><!--model代表你自己要限制权限的哪个文件名--> <field name="name">业务部经理</field> <field name="implied_ids" eval="[(4, ref('group_demo_mrp_user_bussiness'))]"/> <field name="category_id" ref="model_demo_mrp"/> </record> <record id="group_demo_mrp_user_drawn" model="res.groups"><!--model代表你自己要限制权限的哪个文件名--> <field name="name">绘图部</field> <field name="implied_ids" eval="[(4, ref('base.group_user'))]"/> <field name="category_id" ref="model_demo_mrp"/> </record> <record id="group_demo_mrp_manager_drawn" model="res.groups"><!--model代表你自己要限制权限的哪个文件名--> <field name="name">绘图部经理</field> <field name="implied_ids" eval="[(4, ref('group_demo_mrp_user_drawn'))]"/> <field name="category_id" ref="model_demo_mrp"/> </record> <record id="group_mrp_manager_man" model="res.groups"> <field name="name">超级用户</field> <field name="category_id" ref="model_demo_mrp"/> <!--<field name="implied_ids" eval="[(4, ref('group_demo_mrp_user_bussiness'))]"/>--> <field name="implied_ids" eval="[((4,ref('group_demo_mrp_user_bussiness')),(4,ref('group_demo_mrp_user_drawn')),(4,ref('group_demo_mrp_user_io')),(4,ref('group_demo_mrp_manager_bussiness')),(4,ref('group_demo_mrp_manager_io')),(4,ref('group_demo_mrp_manager_drawn')))]"/> <!--包含--> <field name="users" eval="[(4,ref('base.user_root'))]"/><!--超级用户权限--><!--users 指定了组里面的用户,这里表示把admin用户添加到该组--> </record> </data> </openerp>
二、表单级别的权限:security/ir.model.access.csv
1、id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink,权限组,1,1,1,1
2、唯一标识符,名称,模型,权限,1/0,1/0,1/0,1/0
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink access_unit,unit,model_unit,group_mrp_manager_man,1,1,1,1 access_profin_application,profin.application,model_profin_application,group_demo_mrp_user_io,1,0,0,0 access_proofing_process,proofing.process,model_proofing_process,group_demo_mrp_user_io,1,0,0,0 access_new_nversion,new.nversion,model_new_nversion,group_demo_mrp_user_io,1,0,0,0 access_create_versionzhi,create.versionzhi,model_create_versionzhi,group_demo_mrp_user_io,1,0,0,0 access_prodtion_lc,prodtion.lc,model_prodtion_lc,group_demo_mrp_user_io,1,0,0,0 access_outg_process,outg.process,model_outg_process,group_demo_mrp_user_io,1,0,0,0 access_product_instock,product.instock,model_product_instock,group_demo_mrp_user_io,1,1,1,1 access_finishp_out,finishp.out,model_finishp_out,group_demo_mrp_user_io,1,1,1,1 access_product_require,product.require,model_product_require,group_demo_mrp_user_io,1,1,1,1 access_market_sort,market.sort,model_market_sort,group_demo_mrp_user_io,1,1,1,1 access_machine_model,machine.model,model_machine_model,group_demo_mrp_user_io,1,1,1,1 access_shb_mc,shb.mc,model_shb_mc,group_demo_mrp_user_io,1,1,1,1 access_trademark_type,trademark.type,model_trademark_type,group_demo_mrp_user_io,1,0,0,0 access_unit,unit,model_unit,group_demo_mrp_user_io,1,1,1,1 access_product_instock_line,product.instock.line,model_product_instock_line,group_demo_mrp_user_io,1,1,1,1 access_product_instock_order,product.instock.order,model_product_instock_order,group_demo_mrp_user_io,1,1,1,1 access_finishp_out_line,finishp.out.line,model_finishp_out_line,group_demo_mrp_user_io,1,1,1,1 access_profin_application_1,profin.application,model_profin_application,group_demo_mrp_user_drawn,1,0,0,0 access_proofing_process_1,proofing.process,model_proofing_process,group_demo_mrp_user_drawn,1,1,1,1 access_new_nversion_1,new.nversion,model_new_nversion,group_demo_mrp_user_drawn,1,0,0,0 access_create_versionzhi_1,create.versionzhi,model_create_versionzhi,group_demo_mrp_user_drawn,1,0,0,0 access_prodtion_lc_1,prodtion.lc,model_prodtion_lc,group_demo_mrp_user_drawn,1,0,0,0 access_outg_process_1,outg.process,model_outg_process,group_demo_mrp_user_drawn,1,0,0,0 access_product_instock_1,product.instock,model_product_instock,group_demo_mrp_user_drawn,1,1,1,1 access_finishp_out_1,finishp.out,model_finishp_out,group_demo_mrp_user_drawn,1,1,1,1 #对与同一表单,不同部门权限,名称不能重复,必须唯一 access_product_require_1,product.require,model_product_require,group_demo_mrp_user_drawn,1,1,1,1 access_market_sort_1,market.sort,model_market_sort,group_demo_mrp_user_drawn,1,1,1,1 access_machine_model_1,machine.model,model_machine_model,group_demo_mrp_user_drawn,1,1,1,1 access_shb_mc_1,shb.mc,model_shb_mc,group_demo_mrp_user_drawn,1,1,1,1 access_trademark_type_1,trademark.type,model_trademark_type,group_demo_mrp_user_drawn,1,0,0,0 access_unit_1,unit,model_unit,group_demo_mrp_user_drawn,1,1,1,1 access_proofing_process_line_1,proofing.process.line,model_proofing_process_line,group_demo_mrp_user_drawn,1,1,1,1 access_profin_application_2,profin.application,model_profin_application,group_demo_mrp_user_bussiness,1,1,1,1 access_proofing_process_2,proofing.process,model_proofing_process,group_demo_mrp_user_bussiness,1,0,0,0 access_new_nversion_2,new.nversion,model_new_nversion,group_demo_mrp_user_bussiness,1,1,1,1 access_create_versionzhi_2,create.versionzhi,model_create_versionzhi,group_demo_mrp_user_bussiness,1,1,1,1 access_prodtion_lc_2,prodtion.lc,model_prodtion_lc,group_demo_mrp_user_bussiness,1,1,1,1 access_prodtion_lc_line_2,prodtion.lc.line,model_prodtion_lc_line,group_demo_mrp_user_bussiness,1,1,1,1 access_fen_vernum_2,fen.vernum,model_fen_vernum,group_demo_mrp_user_bussiness,1,1,1,1 access_outg_process_2,outg.process,model_outg_process,group_demo_mrp_user_bussiness,1,1,1,1 access_outg_process_line_2,outg.process.line,model_outg_process_line,group_demo_mrp_user_bussiness,1,1,1,1 access_wai_vernum_2,wai.vernum,model_wai_vernum,group_demo_mrp_user_bussiness,1,1,1,1 access_product_instock_2,product.instock,model_product_instock,group_demo_mrp_user_bussiness,1,0,0,0 access_finishp_out_2,finishp.out,model_finishp_out,group_demo_mrp_user_bussiness,1,0,0,0 access_product_require_2,product.require,model_product_require,group_demo_mrp_user_bussiness,1,1,1,1 access_market_sort_2,market.sort,model_market_sort,group_demo_mrp_user_bussiness,1,1,1,1 access_machine_model_2,machine.model,model_machine_model,group_demo_mrp_user_bussiness,1,1,1,1 access_shb_mc_2,shb.mc,model_shb_mc,group_demo_mrp_user_bussiness,1,1,1,1 access_trademark_type_2,trademark.type,model_trademark_type,group_demo_mrp_user_bussiness,1,0,0,0 access_unit_2,unit,model_unit,group_demo_mrp_user_bussiness,1,1,1,1 access_proofing_process_line_2,proofing.process.line,model_proofing_process_line,group_demo_mrp_user_bussiness,1,0,0,0 access_proofing_process_line_3,proofing.process.line,model_proofing_process_line,group_mrp_manager_man,1,1,1,1 access_profin_application_3,profin.application,model_profin_application,group_mrp_manager_man,1,1,1,1 access_proofing_process_3,proofing.process,model_proofing_process,group_mrp_manager_man,1,1,1,1 access_new_nversion_3,new.nversion,model_new_nversion,group_mrp_manager_man,1,1,1,1 access_create_versionzhi_3,create.versionzhi,model_create_versionzhi,group_mrp_manager_man,1,1,1,1 access_prodtion_lc_3,prodtion.lc,model_prodtion_lc,group_mrp_manager_man,1,1,1,1 access_prodtion_lc_line_3,prodtion.lc.line,model_prodtion_lc_line,group_mrp_manager_man,1,1,1,1 access_fen_vernum_3,fen.vernum,model_fen_vernum,group_mrp_manager_man,1,1,1,1 access_outg_process_3,outg.process,model_outg_process,group_mrp_manager_man,1,1,1,1 access_outg_process_line_3,outg.process.line,model_outg_process_line,group_mrp_manager_man,1,1,1,1 access_wai_vernum_3,wai.vernum,model_wai_vernum,group_mrp_manager_man,1,1,1,1 access_product_instock_3,product.instock,model_product_instock,group_mrp_manager_man,1,1,1,1 access_finishp_out_3,finishp.out,model_finishp_out,group_mrp_manager_man,1,1,1,1 access_product_require_3,product.require,model_product_require,group_mrp_manager_man,1,1,1,1 access_market_sort_3,market.sort,model_market_sort,group_mrp_manager_man,1,1,1,1 access_machine_model_3,machine.model,model_machine_model,group_mrp_manager_man,1,1,1,1 access_shb_mc_3,shb.mc,model_shb_mc,group_mrp_manager_man,1,1,1,1 access_trademark_type_3,trademark.type,model_trademark_type,group_mrp_manager_man,1,1,1,1 access_unit_2,unit,model_unit,group_mrp_manager_man,1,1,1,1 access_product_instock_line_3,product.instock.line,model_product_instock_line,group_mrp_manager_man,1,1,1,1 access_product_instock_order_3,product.instock.order,model_product_instock_order,group_mrp_manager_man,1,1,1,1 access_finishp_out_line_3,finishp.out.line,model_finishp_out_line,group_mrp_manager_man,1,1,1,1
三、记录规则
<record model="ir.rule" id="resource_calendar_leaves_rule_group_user_create"> <field name="name">resource.calendar.leaves: employee reads own or global</field> #记录规则名称 <field name="model_id" ref="model_resource_calendar_leaves"/> #模型id,ref可以理解为一个函数用来获取模型的id <field name="groups" eval="[(4, ref('base.group_user'))]"/> #指定权限,可以是多个 <field name="domain_force">[('resource_id.user_id', 'in', [False, user.id])]</field> #记录规则查看条件
<field name="perm_write" eval="False"/> #修改
<field name="perm_create" eval="False"/> #创建
<field name="perm_unlink" eval="False"/> #删除
</record>
四、菜单级别与字段级别权限
field标签有一个groups属性,可以是一个或多个权限角色,多个权限角色使用逗号分隔对拥有groups权限组的人可见
<field name="company_id" options="{'no_create': True}" groups="base.group_multi_company"/>
<menuitem name="记录" id="sec_epidemic_record_menu" parent="epidemic_record_menu_root" action="epidemic_record_act_window" groups="base.group_user" sequence="10"/>
base.group_user, base.group_no_one;标签menuitem 有一个groups属性,可以是一个或多个权限角色,多个权限角色使用逗号分隔 对拥有groups权限组的人可见
心有猛虎,细嗅蔷薇
