仅在为用户分配任务后才显示任务 [英] Tasks should show up only if the user has been assigned it

问题描述

我只希望分配任务的人在项目模块中看到该任务.我不希望该项目的其他用户看到此人的任务.

I only want the person who I have assigned the task to see the task in the project module. I don't want other users of the project to see this persons tasks.

但是，目前，任何具有用户访问权限的用户都可以看到所有任务，即使未为其分配任务.

However currently any user who has user access rights can see all the tasks even if they were not assigned it.

有没有解决的办法?

推荐答案

OpenERP/Odoo具有两种可以分配给用户组的安全限制:

OpenERP/Odoo has two kinds of security restrictions that can be assigned to a user group:

• 访问权限 是CRUD是/否标志(类似于Unix FS权限)，并允许每个模型访问控制.它们声明该组的成员是否可以对特定文档模型的任何文档(例如，项目任务)执行创建，读取，更新和删除操作.默认策略是DENY，因此默认情况下，如果用户没有通过其组的访问权限明确有权执行该操作，则将拒绝任何操作.
• 记录规则 是应用于CRUD操作的过滤器，一旦授予访问权限，就允许每个文档访问控制.如果文档与至少一个记录规则匹配，则用户将只能对给定的文档执行操作.默认策略为ALLOW，因此如果给定模型不存在任何规则，则具有必要访问权限的用户可以访问该模型的所有文档.

• Access Rights are CRUD yes/no flags (similar to Unix FS permissions), and allow per-model access control. They state whether members of this group may perform a Create, Read, Update, and Delete operation on any document of a certain document model (e.g. a project task). The default policy is DENY, so by default any operation will be refused if the user does not explicitly have the right to perform it via one of her groups' access rights.
• Record Rules are filters applied on CRUD operations, and allow per-document access-control, once access right are already granted. Users will only be able to perform an operation on a given document if the document matches at least one of the record rules. The default policy is ALLOW, so if no rule exists for a given model, all documents of that model may be accessed by users who have the necessary access rights.

访问权限和记录规则也可以全局定义，而不将它们分配给特定的组，在这种情况下，它们适用于每个人.记录规则有一个陷阱:全局规则可能不会(故意！)放宽其他规则.

Both Access Rights and Record Rules may also be defined globally without assigning them to a specific group, in which case they apply to everyone. There is one pitfall for Record Rules: global rules may NOT be relaxed by other rules (on purpose!), so use with care.

在您的情况下，您似乎应该在项目用户"组上定义一个额外的记录规则"，以明确限制对项目任务"的访问仅限于您自己的任务(可能是尚未分配的任务).您需要使用以下参数在安全规则"菜单中创建一个新条目:

In your case it looks like you should define one extra Record Rule on the Project User group that explicitly restricts access on Project Tasks to your own tasks (and presumably those that are not assigned yet). You need to create a new entry in the Security Rules menu with these parameters:

• 对象/模型:project.task
• 名称:See own tasks only
• 域:['|',('user_id','=',False),('user_id','=',user.id)]
  • (意味着:您自己的任务和未分配的任务)
  • object/model: project.task
  • name: See own tasks only
  • domain: ['|',('user_id','=',False),('user_id','=',user.id)]
    • (means: your own tasks and unassigned ones)

    记录规则的domain是标准的OpenERP/Odoo域，在您尝试对其执行操作的记录上进行评估，并且可以引用包含当前用户数据的user变量(从技术上讲，当前用户为browse_record). 文档的描述为.

    The domain of a record rule is a standard OpenERP/Odoo domain that is evaluated on the records on which you are trying to perform the operation, and can refer to a user variable that contains the current user's data (technically, a browse_record on the current user). The documentation has a description of domain.

    如果要允许特殊用户(例如，项目经理)查看系统中的所有任务，可以通过向项目经理组中添加另一条规则来允许他们放宽此规则，该规则允许访问所有任务.有一个特殊的域过滤器"，意思是全部允许"，可用于放宽另一个更严格的规则:[(1,'=',1)].

    If you want to allow special users (e.g. Project Managers) to view all tasks in the system, you can relax this rule for them by adding another rule to the Project Manager group which allows access to all tasks. There is a special "domain filter" that means "ALLOW ALL" and is useful to relax another stricter rule: [(1,'=',1)].

    注释1 :查看现有的记录规则，首先了解它们的作用，并确保在添加记录规则时阅读记录规则表单上的说明.要记住的重要一件事是特定于组的规则与OR运算符结合在一起.因此，如果添加我上面描述的规则，则可能看不到任何限制效果，因为其他特定于组的规则仍在提供访问权限.您可能必须禁用它们，对其进行编辑或更改它们所应用的用户组，才能获得所需的确切效果.

    Note 1: Have a look at the existing Record Rules to see what they're doing first, and be sure to read the explanations on the Record Rule form when you are adding yours. One important thing to keep in mind is that group-specific rules are combined with an OR operator. So if you add the rule I described above, you may not see any restriction effect because other group-specific rules are still giving access. You may have to disable them, edit them, or change the user group they apply to, to get the exact effect you want.

    注释2 :请记住，如果您对访问权限和记录规则"做错了任何事情，则始终可以使用admin帐户解决问题，因为这些安全限制不适用于admin(类似于Unix上的root用户).

    Note 2: Remember that if you do something wrong with Access Rights and Record Rules, you can always fix the mess with the admin account, as these security restrictions do not apply to the admin (similarly to the root user on Unix).

    这篇关于仅在为用户分配任务后才显示任务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！