We all know about the security groups in Odoo. We know how to create different User groups and the purpose of the user groups. You can refer to more details in the blog below to understand more about the user groups and its operations: How to Create a Security Group in Odoo 13
In this blog we will see where and how to use these security user groups in different areas such as in menu items, views, templates, and many more.
Normally we can give user groups as;
groups=”securit_user_group_name” or groups=”module_name.securit_user_group_name”
Where the module_name must be the technical name of the module in which the security user group is created.
Also we can specify more than one group instead of using a single group separating by a comma;
groups=”group_1,group_2”
Now let's see different examples.
Security User Group in Menu Items:
<menuitem id="hr_announcement_sub_menu"
name="Announcements"
action="action_hr_announcement"
parent="hr_announcement"
groups="hr.group_hr_user"
sequence="20"/>
Security User Group in Actions
In the case of actions we need to specify the group as group_id;
<record id="action_purchase_send_reminder" model="ir.actions.server">
<field name="name">Send Reminder</field>
<field name="model_id" ref="purchase.model_purchase_order"/>
<field name="binding_model_id" ref="purchase.model_purchase_order"/>
<field name='groups_id' eval="[(4, ref('purchase.group_send_reminder'))]"/>
<field name="binding_view_types">form</field>
<field name="state">code</field>
<field name="code">
if records:
action = records._send_reminder_mail(send_single=True)
</field>
</record>
Security User Group in Views
We can also specify the groups to different views with group_id same as like we see in the actions. We can also define these groups to all types of views in Odoo;
<record id="view_partner_property_form" model="ir.ui.view">
<field name="name">res.partner.pos.form</field>
<field name="model">res.partner</field>
<field name="priority" eval="4"/>
<field name="groups_id" eval="[(4, ref('group_pos_user'))]"/>
<field name="arch" type="xml">
<form>
Your code
</form>
</field>
</record>
Note: We cannot use the groups with the xpath just like we are using it for the menu item or the fields. But we can make it happen by just giving the group_id for that particular view in which we are using the xpath just like below. In the below example the field temp_product_name will be only visible to 'group_pos_user'.
However, note that it will not be applicable to that particular field but also to all other xpaths which we are adding inside the particular view.
<record id="view_partner_property_form" model="ir.ui.view">
<field name="name">res.partner.pos.form.inherit</field>
<field name="model">res.partner</field>
<field name="inherit_id" ref="base.view_partner_form"/>
<field name="priority" eval="4"/>
<field name="groups_id" eval="[(4, ref('group_pos_user'))]"/>
<field name="arch" type="xml">
<xpath expr="//field[@name='default_code']" position="after">
<field name="temp_product_name"/>
</xpath>
</field>
</record>
Security User Group in Fields
Setting a user group for a field will be the same like as an attribute. We can also use this attribute to make the fields invisible to other users. Like for some particular groups of users can see this field and for other groups of users won't be able to see it. So the property becomes just like making the field invisible.
<field name="action_id" groups="hr.group_hr_user"/>
Note: We cannot use the groups with the invisible attribute or states attribute.
If we put it invisible then the field will be invisible to all users irrespective of the user groups. In this case we need to write a python function to check all the possibilities of making the field visible. There are many other cases where the field needs to be visible not only as per the user group but with different other conditions.
length_visibility = fields.Boolean("visibility", compute="compute_field_visibility", default=False)
@api.multi
def compute_field_visibility(self):
""" compute function for the visibility of the fields """
for rec in self:
if self.env.user.has_group(project.group_project_portal_user'):
rec.length_visibility = True
And in the xml code,
<field name="'length_visibility'" invisible=”1”/>
<field name="action_id" attrs="{'invisible': [('length_visibility', '=', True]}"/>
In the above example, first we will create a temporary boolean field for the visibility(length_visibility) and in the compute function of that field check the user group of the current user by using has_group().
In the above example, we are using self.env.user.has_group() in which it will check whether the current user has the user group which is mentioned inside the function. You can also add many other condition checks in this particular function. And after all the condition checks you can decide whether we need to make the field invisible or not.
Security User Group in Qweb
Normally we cannot put the groups or group_id to the templates. So we can put the has_group in the js code before calling the template.
session.user_has_group(barcode.group_enable_barcode_scanning').then(function(has_group){
if(has_group){
self.do_action({
type: "ir.actions.act_window",
name: _t("Scan a Barcode to trigger an Action"),
res_model: "muk_web_barcode_actions.barcode",
views: [[false, "form"]],
view_mode: "form",
view_type: "form",
target: "new",
});
}
else{
alert("You are not permitted to use the barcode scanning")
}
Now if you need to make some field invisible to some field then you need to use the t-if condition and when the condition is true then need to write the code instead of using the user groups