In Odoo 17, superuser access to record sets is achieved using the sudo() method. This method allows access to recordsets as a superuser, bypassing access rules and record rules. Let's consider an example using a model named student.student:
class Student(models.Model):
_name = "student.student"
_description = "Student"
name = fields.Char(string="Name", required=True)
phone = fields.Char(string="Phone Number")
email = fields.Char(string="Email", required=True)
status = fields.Char(string="Status", groups="edu_organisation.group_organisation_admins")
In this example, the status field is only accessible by users belonging to the 'edu_organisation.group_organisation_admins' group.
Now, let's create a button to update the student records' status:
<button name="update_status" string="Update Status" class="oe_highlight" type="object"/>
The corresponding method for this button uses the sudo() method to ensure superuser access before updating the status field:
def update_status(self):
self.sudo().write({
'status': "Status Updated"
})
In this Odoo 17 example, the sudo() method is applied before the write() method to access the current record set with superuser privileges. This allows the method to bypass any access rules and security rights associated with the 'status' field, enabling users who do not belong to the 'edu_organisation.group_organisation_admins' category to update the status field value.