在OpenERP 6.1中创建菜单项时访问规则禁止的操作 [英] Operation prohibited by access rules when creating menu item in OpenERP 6.1
问题描述
当我尝试创建一个新菜单项以在OpenERP 6.1中打开一个窗口时,出现以下错误:
When I try to create a new menu item to open a window in OpenERP 6.1, I get the following error:
AccessError
AccessError
访问规则禁止的操作,或对已删除的文档执行的操作(操作:创建,文档类型:ir.values).
Operation prohibited by access rules, or performed on an already deleted document (Operation: create, Document type: ir.values).
我总是可以使用绕过所有安全检查的魔术管理员帐户,但如果可能的话,我宁愿拥有更好的控制权.为什么会失败,如何允许某些管理员创建菜单项?
I can always use the magic admin account that bypasses all the security checks, but I'd rather have finer control if possible. Why is this failing, and how can I allow some administrators to create menu items?
我特别感兴趣,因为我想编写一个创建菜单项的模块.
I'm particularly interested, because I want to write a module that creates menu items.
推荐答案
经过一番挖掘,我发现了错误的原因.有一条记录规则,称为默认值:仅更改个人价值".在修订3560.1.7 中添加并合并在修订3713 中.提交评论说:
After a bunch of digging, I found the cause of the error. There's a record rule called, "Defaults: alter personal values only." That was added in revision 3560.1.7 and merged in revision 3713. The commit comment says:
[IMP] ir.values:提高安全性:用户只能写入其个人默认值
[IMP] ir.values: improve security: users can only write to their personal defaults
需要管理员访问权限才能为以下各项设置默认值 每个人,以及改变动作绑定.
Administrator access is required to set defaults for everybody, as well as to alter the action bindings.
看来您只能使用魔术管理员帐户来更改操作绑定,并且更改菜单项需要您更改操作绑定.
It appears intended that you should only be able to alter action bindings using the magic admin account, and changing menu items requires you to alter action bindings.
您如何解决此问题?好了,您可以使记录规则更加复杂.您需要限制大多数用户编辑自己的默认值,并让管理用户编辑ir_values表中的所有记录.我们所有的用户都在人力资源/员工"组中,因此我将该组添加到了默认值:仅更改个人价值观"规则中,以防止其成为全局规则.然后,我为ir_values添加了一个名为默认值和操作:更改任何值"的新规则.我使用了一个虚拟域过滤器:[(1,'=',1)]并将其分配给管理/配置"组.现在,大多数用户只能匹配第一个规则,并且只能编辑自己的默认值.配置组中的任何人都将匹配这两个规则,因此这些规则将与OR组合在一起,并且他们将能够编辑表中的所有记录.进行这项工作的重要之处在于,您需要一个或一组所有用户都属于其中的组.
How can you work around this? Well, you can make the record rules more sophisticated. You need to restrict most users to editing their own defaults, and let the administrative users edit all records in the ir_values table. All of our users are in the Human Resources/Employee group, so I added that group to the "Defaults: alter personal values only" rule to stop it from being a global rule. Then I added a new rule for ir_values called "Defaults and actions: alter any values". I used a dummy domain filter: [(1,'=',1)] and assigned it to the Administration / Configuration group. Now most users will only match the first rule and only be able to edit their own defaults. Anyone in the configuration group will match both rules, so the rules will be combined with an OR, and they will be able to edit all records in the table. The important thing to make this work is that you need a group or set of groups that all users are a member of.
这篇关于在OpenERP 6.1中创建菜单项时访问规则禁止的操作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
