Rational
Often a “document” is composed of many models. For example, the document “Invoice” is composed of account.invoice
, account.invoice.line
, account.invoice.tax
etc.
It is simpler to express the access rights in term of document instead of low level model and it is very rare that the access rights different for different parts of a document.
Proposal
I propose to add a new attribute __access__
if defined it will be used in addition to the __name__
to check model access and rule group.
For the rule group, __access__
is the dotted notation from the actual model to the access model in order to convert the rule domain (with a clause (__access__, 'where', clause)
).