Field access rights to a specific group

Support Developer
1

Hi need some help about field access…
I define a boolean field on a model:

class Template(metaclass=PoolMeta):
name = ‘product.template’

validated = fields.Boolean('Validated',
    states={
        'readonly': ~Eval('active', True)
    }, 
    depends=['active'])

This field is only writable by a specific group:

    <record model="ir.model.field.access"
            id="model_field_access_product_validated">
        <field name="field"
            search="[('model.model', '=', 'product.template'), ('name', '=', 'validated')]"/>
        <field name="perm_read" eval="True"/>
        <field name="perm_write" eval="False"/>
    </record>
    <record model="ir.model.field.access"
            id="model_field_access_product_validated_group_party_validate">
        <field name="field"
            search="[('model.model', '=', 'product.template'), ('name', '=', 'validated')]"/>
        <field name="group" ref="group_product_validate"/>
        <field name="perm_read" eval="True"/>
        <field name="perm_write" eval="True"/>
    </record>

When i try to save the model, i get this error ‘you are not allowed to access “Product Template.Validated”’

Capture%20d%E2%80%99%C3%A9cran%20du%202019-09-30%2009-11-56
Capture%20d%E2%80%99%C3%A9cran%20du%202019-09-30%2009-11-561632×776 53 KB

Should i define some extra rules in python code?
Should not this field be automatically readonly/disabled if write access = False ? (bug ?) It seems it was working before. Now i can check and uncheck the field even if i’ve only read access right…
The goal of this field is to allow many users to create products but only products having validated field = True can be used in Sales, Purchases, … And only users in group “product_validate” are allowed to write this specific field (so they check if all product’s data are correct before to validate the product).
Thanks for help!

2

It sounds logical if the field is not readonly that False is sent.

I do not see in ModelView any code that would set field as readonly. But we may think about adding it.

3

So defined right access on the field in XML are correct, i just need to set the field readonly to avoid the error message? Can i set a field readonly or not depending on a group ?

Would be nice!

As the field is defined on product template and then also referenced on product variant, should i define access rights on both models ?

4

I do not think because client sent value for stated readonly field. Only the fixed readonly are skipped (for now).

Yes using Id

I do not think as product field copied from template are read-only by default.

5

We made some tests: my code was working on tryton 5.0 (with field access rights in xml). The field related by only read access rights is readonly. So there’s an update in 5.2 that change this behaviour. (don’t know yet which issue made this change)
I made some easy tests: setting field “consumable” in product template readonly for all users, and all access (R,D, C and W) to admin. I set product administration rights to demo user. Field is not readonly when using demo user in 5.2, but field is readonly with the same access rules in 5.0

6

Indeed there is code to make readonly field for which there is no write right. It is in Model.fields_get.
I found that in 5.2 we introduced a bug: Issue 8692: Non writtable fields are not readonly - Tryton issue tracker

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.