In Odoo 17, the sudo() method is used to grant superuser-level access
to recordsets. This approach bypasses both access rights and record
rules, allowing unrestricted interaction with data. For example,
using the model student.student, we can apply sudo() to perform
operations with elevated privileges:
class Student(models.Model):
_name = "student.student"
_description = "Student"
name = fields.Char(string="Name", required=True)
phone = fields.Char(string="Phone Number")
email = fields.Char(string="Email", required=True)
status = fields.Char(string="Status", groups="edu_organisation.group_organisation_admins")
In this For example the status field is restricted to users who
belong to the edu_organisation.group_organisation_admins group.
Now, let’s add a button that allows authorized users to update the
status of student records.
<button name="action_update_status" string="Update Status" class="oe_highlight" type="object"/>
The method linked to this button utilizes the sudo() function to
ensure superuser access before updating the status field, thereby
bypassing any access restrictions.
def action_update_status(self):
self.sudo().write({
'status': "Status Updated"
})
In this Odoo 17 example, the sudo() method is applied before calling
the write() method to grant superuser-level access to the current
recordset. This approach bypasses any access rights and record rules
associated with the status field, allowing even users outside the
'edu_organisation.group_organisation_admins' group to update its
value.