Development Book V17: Superuser access to record sets

In Odoo 17, superuser access to record sets is achieved using the sudo() method. This method allows access to recordsets as a superuser, bypassing access rules and record rules. Let's consider an example using a model named student.student:

class Student(models.Model):
    _name = "student.student"
    _description = "Student"
    name = fields.Char(string="Name", required=True)
    phone = fields.Char(string="Phone Number")
    email = fields.Char(string="Email", required=True)
    status = fields.Char(string="Status", groups="edu_organisation.group_organisation_admins")

In this example, the status field is only accessible by users belonging to the 'edu_organisation.group_organisation_admins' group.

Now, let's create a button to update the student records' status:

<button name="update_status" string="Update Status" class="oe_highlight" type="object"/>

The corresponding method for this button uses the sudo() method to ensure superuser access before updating the status field:

def update_status(self):
    self.sudo().write({
        'status': "Status Updated"
    })

In this Odoo 17 example, the sudo() method is applied before the write() method to access the current record set with superuser privileges. This allows the method to bypass any access rules and security rights associated with the 'status' field, enabling users who do not belong to the 'edu_organisation.group_organisation_admins' category to update the status field value.

whatsapp
location

Calicut

Cybrosys Technologies Pvt. Ltd.
Neospace, Kinfra Techno Park
Kakkancherry, Calicut
Kerala, India - 673635

location

Kochi

Cybrosys Technologies Pvt. Ltd.
1st Floor, Thapasya Building,
Infopark, Kakkanad,
Kochi, India - 682030.

location

Bangalore

Cybrosys Techno Solutions
The Estate, 8th Floor,
Dickenson Road,
Bangalore, India - 560042

Send Us A Message