Conditional access to records

We need to prevent any changes to records in models before the control date. Users must have read access to these records. Should record rules be used? Do we need two rules? (One rule is for the period before the control date, the second is for the period after it.)
The control date is a field in one of the models. How to pass this value in XML?

Yes, that’s a typical use case for record rules.

First start building your record rule in the client itself. Once you have created such rule in XML, you are not allowed to make changes to it so it’s easier to create the rule first in the client and after everything works, move it into XML.

For an example in XML you can take a look at to see how it works.

Be aware though, in version 7.0 several context parameters are gone to make hitting the cache more often. The example above is from version 7.0

1 Like

I don’t understand how to do this?
Do we need two rules? And how to pass the control date value in XML?

You can not create temporal rules per se but you can make the rule depend on a field of the record that may change over time.
So it could be like give write access if the field X is True where X is a Function field that depend on time. But X must also have a searcher because the record rule mechanism need it.

You can find the record rules in Administration -> Models -> Record Rules. Look at the existing rules to get an idea how they look like.

I think so, take a look at the User Application record rules.

I’m not sure because one record rule is the general one, which is applied to everybody. That rule filters out all other users applications so you are left with your own. The other rule is just a rule with an empty domain and is added to a group. Users in that group can see all the records.
In your case it’s a bit simpler, you want to make everything readonly when a certain date is reached. So I think it will be possible with one rule.

Your date field should go into the domain field which is a PYSON expression. You can also look at the XML data of the User Application. I don’t have an example which solves your problem.

Maybe you can do it like this:

class Rule(metaclass=PoolMeta):
    __name__ = 'ir.rule'

    def _get_context(cls):
        context = super()._get_context() 
        context['control_date'] = ...
        return context

Then you can create temporary rules per se:

        <record model="ir.rule" id="rule_before_control_date">
            <field name="domain" pyson="1"
                eval="[('date', '<', Eval('control_date'))]" />
            <field name="rule_group" ref="rule_group_before_control_date"/>
        <record model="ir.rule" id="rule_after_control_date">
            <field name="domain" pyson="1"
                eval="[('date', '>=', Eval('control_date'))]" />
            <field name="rule_group" ref="rule_group_after_control_date"/>

There are actually several user groups. One of the groups can only read data both before and after the control date. So we had to make two rules for other groups because by default users only have readonly access.

You can not because rules are cached.

Can rules be uncached or updated?

ОК. We didn’t want to, but we’ll have to use function field in every model.
Thanks to ced and edbo for their help. And thanks to edbo for the trick (building record rules in the client).

This topic was automatically closed 12 hours after the last reply. New replies are no longer allowed.