I want to share with you how I solved my problem.
Instead of storing confidential data in another table as suggested by @ced, I preferred to make a
table_query Model SQL that summarize the base class (in my case
company.employee) with only the “public” fields. I called this class
company.employee.summary and I allow every users to access data of each records of it.
And so, to allow only users of the “Employee Administration” group to CRUD on all employees and the emloyee itself to read its information, I defined
ir.rule[s] directly on
In this way, employees see all of themselves and only the summary of the others, and administrators see all of everyone.
Follows a brief example of the technical implementation.
Base class with a confidential field defined :
__name__ = 'company.employee'
confidential_field = fields.Char('Confidential field')
Summary class that re-defines “public” fields :
class EmployeeSummary(ModelSQL, ModelView):
__name__ = 'company.employee.summary'
first_name = fields.Char('First name')
last_name = fields.Char('Last name')
company = fields.Many2One('company.company', 'Company')
supervisor = fields.Many2One('company.employee.summary', 'Supervisor')
table_query method :
pool = Pool()
employee_table = pool.get('company.employee').__table__()
party_table = pool.get('party.party').__table__()
query = employee_table \
condition=(employee_table.party == party_table.id)) \
To finish, I created a wizard
OpenOwnEmployee to add a menu entry that opens the employee form of the authenticated user.
I would like your advice on this method ! Hope it can help someone else.