Domain Issue in the Module

mimo_Alva · July 5, 2024, 1:15pm

Hi for all;

I need some help. I want to ensure that if the user is not named ‘Marcos’ or ‘admin’, the records in the party will only show the records where the party name is equal to the name of the logged-in user else when user.name are ‘Marcos’ or ‘admin’ , all the records will be visible on party module.

Here is the Xml code that i have add

            <field name="domain" eval="(
                ('name', '=', Eval('_user', {}).get('name')) if Eval('_user', {}).get('name') not in ('Marcos', 'admin') else ()
            )" pyson="1"/>

Here is the completed code

        <record model="ir.ui.view" id="party_view_tree">
            <field name="model">party.party</field>
            <field name="type">tree</field>
            <field name="name">party_tree</field>
        </record>

        <record model="ir.ui.view" id="party_view_form">
            <field name="model">party.party</field>
            <field name="type">form</field>
            <field name="name">party_form</field>
        </record>

        <record model="ir.action.act_window" id="act_party_form">
            <field name="name">Parties</field>
            <field name="res_model">party.party</field>
            <field name="domain" eval="(
                ('name', '=', Eval('_user', {}).get('name')) if Eval('_user', {}).get('name') not in ('Marcos', 'admin') else ()
            )" pyson="1"/>        
        </record>

        <record model="ir.action.act_window.view" id="act_party_form_view1">
            <field name="sequence" eval="10"/>
            <field name="view" ref="party_view_tree"/>
            <field name="act_window" ref="act_party_form"/>
        </record>

        <record model="ir.action.act_window.view" id="act_party_form_view2">
            <field name="sequence" eval="20"/>
            <field name="view" ref="party_view_form"/>
            <field name="act_window" ref="act_party_form"/>
        </record>

Now when i test the code and logged in with any user.name no records i find in Party Module, any help will be appreciated. THANKS.

ced · July 5, 2024, 1:43pm

You can not use Python if is a PYSON statement, you must use the If() of PYSON.
The action domain is evaluated by the client, but the _user keyword is just the user id. If you want to evaluate against more data, you need to put them in the user context so they will be available as Eval('context', {}).get(...)

Also if you are looking for access control, you should use record rule but since Remove user from evaluation context of rule domain (52ba840937ba) · Commits · Tryton / Tryton · GitLab the user is no more in the evaluation context. So you will have to add it.
But adding such restriction on a so common model than party could be very challenging because it is used as reference in many other models.

mimo_Alva · July 5, 2024, 2:09pm

Thanks i have tried this,

I have tried that

<field name="domain" eval="If(
        Eval('context', {}).get('user', {}).get('name') not in ['Marcos', 'admin'],
        [('name', '=', Eval('context', {}).get('user', {}).get('name'))],
        []
    )" pyson="1"/>

—> but still facing same issue no records no matter the user.name logged in

mimo_Alva · July 5, 2024, 2:10pm

I didn’t get well the idea must i also use record rule ?? For me, I am looking just for the visibility control of parties records based on the user.name

ced · July 5, 2024, 2:13pm

user is not in the context and even less as a dictionary.
You must fill yourself the context for example by extending res.user and add name to _context_fields.

mimo_Alva · July 5, 2024, 3:07pm

mimo_Alva:

<field name="domain" eval="If(
        Eval('context', {}).get('user', {}).get('name') not in ['Marcos', 'admin'],
        [('name', '=', Eval('context', {}).get('user', {}).get('name'))],
        []
    )" pyson="1"/>

thanks for your rapid response again, I have tried that now, Here is the steps that i have did now , i have add name in res.user model like that:

    cls._context_fields = [
        'name',
        'language',
        'language_direction',
        'groups',
    ]

then i have updated my Xml code like that

<record model="ir.action.act_window" id="act_party_form">
    <field name="name">Parties</field>
    <field name="res_model">party.party</field>
    <field name="domain" eval="If(
            Eval('context', {}).get('user', {}).get('name') not in ['Marcos', 'admin'],
            [('name', '=', Eval('context', {}).get('user', {}).get('name'))],
            []
        )" pyson="1"/>
</record>

<record model="ir.model.access" id="access_party_party_user">
    <field name="model" search="[('model', '=', 'party.party')]"/>
    <field name="perm_read" eval="1"/>
    <field name="perm_write" eval="1"/>
    <field name="perm_create" eval="1"/>
    <field name="perm_delete" eval="1"/>
</record>

        <record model="ir.rule.group" id="group_party_user_access">
            <field name="name">Party User Access Rule</field>
            <field name="model" search="[('model', '=', 'party.party')]"/>
            <field name="global_p" eval="True"/>
        </record>

        <record model="ir.rule" id="rule_party_user_access">
         <field name="domain" eval="If(
            Eval('context', {}).get('user', {}).get('name') not in ['Marcos', 'admin'],
            [('name', '=', Eval('context', {}).get('user', {}).get('name'))],
            []
        )" pyson="1"/>
    <field name="rule_group" ref="group_party_user_access"/>
</record>

—> But i still faced same issue, no matter the user.name logged in , no records shown in Party module.

ced · July 5, 2024, 4:03pm

The context fields are directly in the context so it should be:

Eval('context', {}).get('name')

You can neither user Python operator not in in PYSON as it is evaluated directly. You must use the PYSON In() and Not().

So your domain should look like:

If(~Eval('context', {}).get('name').in_(['Marcos', 'admin']), [('name', '=', Eval('context', {}).get('name'))], [])

I see that you put also an access rule, but as I said this is going to be very difficult to implement because you need to enforce the rule to all models that use party as reference.
Any way in record rule, you must add the user to the Rule._get_context in order to have user in the evaluation context. And you must also add the user to the Rule._get_cache_key.
Then the domain should look like [('name', '=', Eval('user', {}).get('name'))].

mimo_Alva · July 5, 2024, 5:14pm

Okay now i have deleted the access rule, I thought it’s obligatory to do it to control visibility? so i need to confirm is it obligatory because i deleted it ? and i tested with your domain suggestion

<record model="ir.action.act_window" id="act_party_form">
    <field name="name">Parties</field>
    <field name="res_model">party.party</field>
    <field name="domain" eval="If(~Eval('context', {}).get('name').in_(['Marcos', 'admin']), [('name', '=', Eval('context', {}).get('name'))], [])" pyson="1"/>
</record>

—>but nothing happen when i try to type on Parties menu

Thanks again Mr.@ced.

ced · July 5, 2024, 5:18pm

The access rule is required if you really forbid any user to see any other parties. But as I said this will make Tryton mostly unusable because almost every model is linked to a party in some way.

Is the name in the user context? Did you re-login?

Topic		Replies	Views
Retrieve rows conditionally Developer	14	402	June 29, 2023
How to filter several conditions using: action window domain Developer	3	885	May 5, 2021
Domain in XML to only show records an employee is involved with Developer	3	612	May 29, 2021
Issue restricting rights for employee Developer	4	74	August 27, 2024
Getting key value from user preferences in domain? Developer	7	435	February 19, 2021

Domain Issue in the Module

Related topics