Odoo访问错误尽管使用组属性隐藏元素仍然阻止用户。

huangapple go评论87阅读模式
英文:

Odoo Access Error blocks users despite using groups attribute to hide elements

问题

我已经扩展了product.template的表单视图,添加了新的笔记本页。我的意图是使用groups属性隐藏新页面,以便不阻止其他用户(仅隐藏元素)。不幸的是,这不起作用,当不属于groups属性中使用的安全组的用户打开产品表单时,他们会被阻止。页面确实被隐藏,但我仍然收到访问错误

我已经追踪到新表单视图中的一个字段元素的问题。当我将其注释掉时,一切都正常工作。

<field name="vendor_connector_ids"
       widget="many2many_checkboxes"
       attrs="{'required' : [('can_be_tracked', '=', True)]}"
/>

vendor_connector_ids字段是一个简单的布尔类型字段。

can_be_tracked = fields.Boolean(string="Can be Tracked")

新的产品表单视图(视图已经简化):

<record id="product_template_form_view" model="ir.ui.view">
    <field name="name">product.template.form.view.inherit.substitutes</field>
    <field name="model">product.template</field>
    <field name="inherit_id" ref="product.product_template_only_form_view"/>
    <field name="arch" type="xml">

        <div name="options" position="inside">
            <div groups="vendor_eshop_connector.vendor_connector_group_user">
                <field name="can_be_tracked"/>
                <label for="can_be_tracked" string="Has Substitutes"/>
            </div>
        </div>

        <!-- 其他元素在这里 -->

        <notebook position="inside">
            <page name="vendor_tracking"
                  string="Substitutes and Suppliers"
                  groups="vendor_eshop_connector.vendor_connector_group_user"
                  attrs="{'invisible' : [('can_be_tracked', '=', False)]}">

                <group name="tracking" >
                    
                    <group string="Suppliers" name="vendor_connectors">
                        <!-- 这个字段是问题所在 -->
                        <field name="vendor_connector_ids"
                               widget="many2many_checkboxes"
                               attrs="{'required' : [('can_be_tracked', '=', True)]}"
                        />
                    </group>
                        <!-- 其他元素在这里 -->
                    <group>
                        <!-- 其他元素在这里 -->                           
                    </group>
                </group>
            </page>
        </notebook>
    </field>
</record>

如何在vendor_eshop_connector.vendor_connector_group_user组的非成员中隐藏页面而不完全阻止他们?

英文:

I have extended product.template form view with new notebook page.
My intention was to hide the new page with groups attribute in order to not block other users (only to hide the elements). Unfortunately this does not work and when user who isnt part of security group used in groups attr opens product form, he gets blocked. Page is indeed hidden but I still get Access Error

Odoo访问错误尽管使用组属性隐藏元素仍然阻止用户。

I have traced the problem to one field element in new form view. When I comment it out everything works fine

&lt;field name=&quot;vendor_connector_ids&quot;
       widget=&quot;many2many_checkboxes&quot;
       attrs=&quot;{&#39;required&#39; : [(&#39;can_be_tracked&#39;, &#39;=&#39;, True)]}&quot;
/&gt;

vendor_connector_ids = fields.Many2many(comodel_name=&quot;vendor.connector&quot;, string=&quot;Vendor Connectors&quot;)

Also the can_be_tracked field is simple bool.

can_be_tracked = fields.Boolean(string=&quot;Can be Tracked&quot;)

New product form view (View was simplified):

&lt;record id=&quot;product_template_form_view&quot; model=&quot;ir.ui.view&quot;&gt;
    &lt;field name=&quot;name&quot;&gt;product.template.form.view.inherit.substitutes&lt;/field&gt;
    &lt;field name=&quot;model&quot;&gt;product.template&lt;/field&gt;
    &lt;field name=&quot;inherit_id&quot; ref=&quot;product.product_template_only_form_view&quot;/&gt;
    &lt;field name=&quot;arch&quot; type=&quot;xml&quot;&gt;

        &lt;div name=&quot;options&quot; position=&quot;inside&quot;&gt;
            &lt;div groups=&quot;vendor_eshop_connector.vendor_connector_group_user&quot;&gt;
                &lt;field name=&quot;can_be_tracked&quot;/&gt;
                &lt;label for=&quot;can_be_tracked&quot; string=&quot;Has Substitutes&quot;/&gt;
            &lt;/div&gt;
        &lt;/div&gt;
        
        &lt;!-- Other elements here --&gt;

        &lt;notebook position=&quot;inside&quot;&gt;
            &lt;page name=&quot;vendor_tracking&quot;
                  string=&quot;Substitutes and Suppliers&quot;
                  groups=&quot;vendor_eshop_connector.vendor_connector_group_user&quot;
                  attrs=&quot;{&#39;invisible&#39; : [(&#39;can_be_tracked&#39;, &#39;=&#39;, False)]}&quot;&gt;

                &lt;group name=&quot;tracking&quot; &gt;
                    
                    &lt;group string=&quot;Suppliers&quot; name=&quot;vendor_connectors&quot;&gt;
                        &lt;!-- THIS FIELD HERE IS THE PROBLEM --&gt;
                        &lt;field name=&quot;vendor_connector_ids&quot;
                               widget=&quot;many2many_checkboxes&quot;
                               attrs=&quot;{&#39;required&#39; : [(&#39;can_be_tracked&#39;, &#39;=&#39;, True)]}&quot;
                        /&gt;
                    &lt;/group&gt;
                        &lt;!-- Other elements here --&gt;
                    &lt;group&gt;
                        &lt;!-- Other elements here --&gt;                           
                    &lt;/group&gt;
                &lt;/group&gt;
            &lt;/page&gt;
        &lt;/notebook&gt;
    &lt;/field&gt;
&lt;/record&gt;

How can I hide the page for non members of group vendor_eshop_connector.vendor_connector_group_user without blocking them entirely?

答案1

得分: 1

当您不直接将groups属性放在字段上时,Odoo在打开任何类型的视图时仍可能尝试读取其值,并导致该错误。当您在Python代码中的某处调用read时,但当前用户没有所需的组时,也会发生错误,例如:

product_template = self.env['product_template'].browse(1)
product_template.read()

因此,如果您希望将字段限制为某些特定组,请始终考虑直接在Python字段的定义中放置groups属性:

vendor_connector_ids = fields.Many2many(comodel_name="vendor.connector", string="Vendor Connectors", groups="vendor_eshop_connector.vendor_connector_group_user")
英文:

When you don't put the groups attribute directly on the field, Odoo might still try to read its value when you open any kind of view, and lead to that error. The error will also happen when you call read somewhere in your python code, but the current user does not have the required groups, for example:

product_template = self.env[&#39;product_template&#39;].browse(1)
product_template.read()

So if you want to restrict a field to some specific groups, always consider putting the groups attribute directly on the definition of that field in python:

vendor_connector_ids = fields.Many2many(comodel_name=&quot;vendor.connector&quot;, string=&quot;Vendor Connectors&quot;, groups=&quot;vendor_eshop_connector.vendor_connector_group_user&quot;)

huangapple
  • 本文由 发表于 2023年8月5日 00:16:56
  • 转载请务必保留本文链接:https://go.coder-hub.com/76837634.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定