Odoo Addons (MOVED TO GITHUB)

  1. Bug #969198
  2. Comment #1

Comment 1 for bug 969198

Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote : Re: Any Employee has full CRUD of every other Employee's Attachments

Hello Alan,

I'm not sure if this is a real bug or more of a specific customization that you want to add for certain companies...

You might be able to do it with a pair of Record Rules if you change your requirement to be: "employees can only see attachments that they created themselves, regardless". For example the normal employee group would have one rule to restrict access to employee attachments:
   ['|',('res_model','!=','hr.employee'),('user_id','=',user.id)]

and the HR Manager/HR Officer groups would have a Rule that cancels the normal rule for employees:
   [(1,'=',1)]

Now if you really need to have a special permission for your own employee attachments you probably need to extend the user model by adding an "employee_id" relationship that can be used to check for this special case:
  ['|',('res_model','!=','hr.employee'),'|',('user_id','=',user.id),('res_id','=',user.employee_id.id)]
If the "employee_id" field was automatically computed by looking for the only employee that matches the user, it would make everything quite simple. We might add such a field in the future indeed, as there are many cases where this "reverse" relationship would be useful.