131 lines
8.3 KiB
XML
131 lines
8.3 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<odoo>
|
|
<data>
|
|
<!--
|
|
RESTRICTIVE RULES
|
|
These rules restrict access based on User's allowed fields.
|
|
They include a context check 'bypass_user_restriction' to allow system/sudo operations to pass if needed.
|
|
-->
|
|
|
|
<!-- Stock Warehouse -->
|
|
<record id="stock_warehouse_allowed_rule" model="ir.rule">
|
|
<field name="name">Stock Warehouse Allowed Access</field>
|
|
<field name="model_id" ref="stock.model_stock_warehouse"/>
|
|
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
|
|
<field name="domain_force">
|
|
(
|
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
|
[('id', 'in', user.sudo().allowed_warehouse_ids.ids)] if user.sudo().allowed_warehouse_ids else [(1, '=', 1)]
|
|
)
|
|
</field>
|
|
</record>
|
|
|
|
<!-- Stock Picking Type -->
|
|
<record id="stock_picking_type_allowed_rule" model="ir.rule">
|
|
<field name="name">Stock Picking Type Allowed Access</field>
|
|
<field name="model_id" ref="stock.model_stock_picking_type"/>
|
|
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
|
|
<field name="domain_force">
|
|
(
|
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
|
['|', ('id', 'in', user.sudo().allowed_picking_type_ids.ids), ('warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_picking_type_ids or user.sudo().allowed_warehouse_ids or user.sudo().allowed_location_ids) else [(1, '=', 1)]
|
|
)
|
|
</field>
|
|
</record>
|
|
|
|
<!-- Stock Location -->
|
|
<record id="stock_location_allowed_rule" model="ir.rule">
|
|
<field name="name">Stock Location Allowed Access</field>
|
|
<field name="model_id" ref="stock.model_stock_location"/>
|
|
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
|
|
<field name="domain_force">
|
|
(
|
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
|
['|', ('usage', '!=', 'internal'), '|', '|', '|', ('id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('id', 'parent_of', user.sudo().allowed_location_ids.ids or [0]), ('warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)]
|
|
)
|
|
</field>
|
|
</record>
|
|
|
|
<!-- Stock Quant (The critical one for Reports) -->
|
|
<record id="stock_quant_allowed_rule" model="ir.rule">
|
|
<field name="name">Stock Quant Allowed Access</field>
|
|
<field name="model_id" ref="stock.model_stock_quant"/>
|
|
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
|
|
<field name="domain_force">
|
|
(
|
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
|
['|', '|', ('location_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)]
|
|
)
|
|
</field>
|
|
</record>
|
|
|
|
<!-- Stock Move -->
|
|
<record id="stock_move_allowed_rule" model="ir.rule">
|
|
<field name="name">Stock Move Allowed Access</field>
|
|
<field name="model_id" ref="stock.model_stock_move"/>
|
|
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
|
|
<field name="domain_force">
|
|
(
|
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
|
['|', '|', '|', ('location_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids),
|
|
'|', '|', ('location_dest_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)]
|
|
)
|
|
</field>
|
|
</record>
|
|
|
|
<!-- Stock Move Line -->
|
|
<record id="stock_move_line_allowed_rule" model="ir.rule">
|
|
<field name="name">Stock Move Line Allowed Access</field>
|
|
<field name="model_id" ref="stock.model_stock_move_line"/>
|
|
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
|
|
<field name="domain_force">
|
|
(
|
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
|
['|', '|', '|', ('location_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids),
|
|
'|', '|', ('location_dest_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)]
|
|
)
|
|
</field>
|
|
</record>
|
|
|
|
<!-- MRP Workcenter -->
|
|
<record id="mrp_workcenter_allowed_rule" model="ir.rule">
|
|
<field name="name">MRP Workcenter Allowed Access</field>
|
|
<field name="model_id" ref="mrp.model_mrp_workcenter"/>
|
|
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
|
|
<field name="domain_force">
|
|
(
|
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
|
[('id', 'in', user.sudo().allowed_workcenter_ids.ids)] if user.sudo().allowed_workcenter_ids else [(1, '=', 1)]
|
|
)
|
|
</field>
|
|
</record>
|
|
|
|
<!-- Approval Category -->
|
|
<record id="approval_category_allowed_rule" model="ir.rule">
|
|
<field name="name">Approval Category Allowed Access</field>
|
|
<field name="model_id" ref="approvals.model_approval_category"/>
|
|
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
|
|
<field name="domain_force">
|
|
(
|
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
|
[('id', 'in', user.sudo().allowed_approval_category_ids.ids)] if user.sudo().allowed_approval_category_ids else [(1, '=', 1)]
|
|
)
|
|
</field>
|
|
</record>
|
|
|
|
<!-- Report Stock Quantity -->
|
|
<record id="report_stock_quantity_allowed_rule" model="ir.rule">
|
|
<field name="name">Report Stock Quantity Allowed Access</field>
|
|
<field name="model_id" ref="stock.model_report_stock_quantity"/>
|
|
<field name="global" eval="True"/>
|
|
<field name="domain_force">
|
|
(
|
|
[(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
|
|
[('warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_warehouse_ids or user.sudo().allowed_location_ids) else [(1, '=', 1)]
|
|
)
|
|
</field>
|
|
</record>
|
|
|
|
</data>
|
|
</odoo>
|