Contact for sales/user: own document only group, but it seems like the administrator group also is affected

2
votes

I am creating a module for odoo and I only want the salesman to see the customer that was assigned to him/her in the in contact, so I created a record rule with a domain filter [('user_id,'=' user.id)]:

<record model="ir.rule" id="partner_view_rule_salesperson">
    <field name="name">Sales Person View Rule</field>
    <field name="model_id" ref="base.model_res_partner"/>
    <field name="groups" eval="[(4, ref('sales_team.group_sale_salesman'))]" />
    <field name="domain_force">[('user_id', '=', user.id)]</field>
</record>

Now the problem is, the administrator groups seems to be affected by record rule. It throws an error when I create a new user:

The requested operation ("create” on “Contact” (res.partner)) was rejected because of the following rules: - Sales Person View Rule

Records: Sample code {id=18), User: Administrator (id=2)}

I was really confuse because I didn't add the administrator group in the record rule that I've just created. And if I remove the record rule, it returns to normal.

I hope anyone can help me with this. I have already search through the internet and still not able to find the solution for this.

1
odoorecord-rules
Welcome to Stack Overflow! Please take the tour and read through the help center, in particular how to ask. Your best bet here is to do your research, search for related topics on SO, and give it a go. After doing more research and searching, post a Minimal, Complete, and Verifiable example of your attempt and say specifically where you're stuck, which can help you get better answers.help-info.de
Please don't paste links to images of your code / error messages. It would be much better to copy/paste your code / error messages into your question, including what line gives you that error. Please read how to create a Minimal, Complete and Verifiable example.help-info.de

1 Answers

1
votes

You need tu undo this for the admin group or any other group:

<record model="ir.rule" id="partner_view_rule_salesmanager">
    <field name="name">Sales manager View Rule</field>
   <field name="model_id" ref="base.model_res_partner"/>
   <field name="groups" eval="[(4, ref('sales_team.group_sale_manager'))]" />
   <field name="domain_force">[(1, '=', 1)]</field>
</record>

group rules when are applied in the query they are applield ( RULE1 or RULE2 or RULE3 .....) for admin now he has two rules and one of them is always true this is why he can see all partners. And make sure to read about global rules (rule that don't have a security group) because the they are applied to every one and cannot be canceled by other rule.

    GLOBALRULE and GLOBALRULE2 and GLOBALRULE3 .... AND (GROUPRULE1 or GROUPRULE2 or GROUPRULE3....)

If there is a global record that prevent from reading a record the query will not return it.