谁能解释我在Odoo中的规则行为? [英] Can anyone explain me the rules' behaviour in Odoo?
问题描述
我一如既往地坚持使用规则,因为我还无法理解规则.
I'm, as always, stuck with rules, since I'm not able to understand them yet.
这就是我们所说的:
规则之间的相互作用
Interaction between rules
全局规则(非特定于组)是限制,不能为 绕过.组本地规则授予其他权限,但是 限制在全球范围内.第一组规则 限制比全局规则更严格,但是任何其他组规则都将 添加更多权限.
Global rules (non group-specific) are restrictions, and cannot be bypassed. Group-local rules grant additional permissions, but are constrained within the bounds of global ones. The first group rules restrict further than global rules, but any additional group rule will add more permissions.
详细算法: 1.全局规则与逻辑AND运算符结合在一起,并具有以下步骤的结果 2.特定于组的规则与逻辑OR运算符组合在一起 3.如果用户属于多个组,则将步骤2的结果与逻辑OR运算符组合
Detailed algorithm: 1. Global rules are combined together with a logical AND operator, and with the result of the following steps 2. Group-specific rules are combined together with a logical OR operator 3. If user belongs to several groups, the results from step 2 are combined with logical OR operator
示例:GLOBAL_RULE_1 AND GLOBAL_RULE_2 AND(((GROUP_A_RULE_1 OR GROUP_A_RULE_2)或(GROUP_B_RULE_1 OR GROUP_B_RULE_2))
Example: GLOBAL_RULE_1 AND GLOBAL_RULE_2 AND ((GROUP_A_RULE_1 OR GROUP_A_RULE_2) OR (GROUP_B_RULE_1 OR GROUP_B_RULE_2))
但是我总是对规则有疑问,上面的文字对我来说并不正确(除非我误解了任何内容).
But I always have problems with rules, that above text isn't true for me (unless I'm misunderstanding anything).
现在我有一个简单的情况:我有一个模型,其记录可由任何用户读取,但只能由与该记录属于同一公司的用户创建,编辑和删除.
And now I have this simple situation: I have a model whose records can be read by any user, but only created, edited and removed by users who belong to the same company as the record belongs to.
所以我需要一个全局规则(它将适用于所有人,而不仅仅是一组人).
So I need a global rule (it's going to apply over all people, not only a group).
<record model="ir.rule" id="my_custom_rule_a">
<field name="name">My custom rule A</field>
<field name="model_id" ref="my_module.model_my_model"/>
<field name="domain_force">[('company_id', '=', user.company_id.id)]</field>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="True"/>
<field name="perm_unlink" eval="True"/>
</record>
如果我仅创建此规则,则与该记录属于同一公司的用户可以读取,创建,编辑和删除该规则,这是可以的,但是,如果该用户与该记录不属于同一公司,他们甚至无法读取记录.
If I only create this rule, users who belong to the same company as the record can read, create, edit and remove it, which is OK, but if the user doesn't belong to the same company as the record, they can't even read the record.
因此,我们添加另一个规则以允许他们读取属于其他公司的那些记录:
So let's add another rule to allow them to read those records which belong to other company:
<record model="ir.rule" id="my_custom_rule_b">
<field name="name">My custom rule B</field>
<field name="model_id" ref="my_module.model_my_model"/>
<field name="domain_force">[('company_id', '!=', user.company_id.id)]</field>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
当我添加此规则时,没有人甚至无法读取任何记录,用户是否属于该记录的同一公司都没有关系...所以我以这种方式修改了第二条规则:
When I add this rule, nobody can't even read any record, it doesn't matter if users belong to the same company of the record or not... so I've modified the second rule this way:
<record model="ir.rule" id="my_custom_rule_b">
<field name="name">My custom rule B</field>
<field name="model_id" ref="my_module.model_my_model"/>
<field name="domain_force">['|', ('company_id', '=', user.company_id.id), ('company_id', '!=', user.company_id.id)]</field>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
但是现在的行为与我仅添加第一个规则完全相同:属于同一公司的用户可以对记录执行任何操作,而不属于同一公司的用户甚至不能执行记录阅读记录.
But the behaviour now it's exactly the same as if I only added the very first rule: users who belong to the same company can do whatever to the record and the ones who doesn't belong to the same company can't even read the record.
有人可以帮助我吗?我在规则方面遇到了更大的问题,因此开始理解这个小问题以面对其他问题将是很棒的.
Can anyone help me, please? I've had bigger problems with rules, so it would be great to start understanding this small issue to face the other ones.
推荐答案
全局规则始终与您在问题中复制的文档中的内容相同.将根据这些规则检查每条记录.
Global rules are always AND as you can read in the doc you've copied in your question. Every record will be checked against those rules.
因此,您的第一次尝试是互斥的,这就是为什么没有找到记录的原因. 您第二次尝试的结果也是正确的,因为只有用户公司的记录才满足这两个记录规则.
So your first attempt is mutually exclusive, that's why no record is found. The outcome of your second attempt is correct too, because only records of the users company are satisfying both record rules.
要获得所需的结果,您需要做什么:您必须使用非全局记录规则.
What do you have to do to get your desired outcome: You have to use non-global record rules.
一个非常简单的例子:
模型-> my.model
Model -> my.model
模型访问权限(ir.model.access)(Odoo中的默认用户组,但您可以创建自己的用户组)-> CRUD 1111(每个记录的每个人的所有权限都将受到记录规则的影响) )
model access (ir.model.access) for group Employees (default user group in Odoo, but you can create your own ones) -> CRUD 1111 (all rights for everyone on every record, will be affected by the record rules)
现在您也需要为员工组设置两个记录规则:
Now you need two record rules for group Employees, too:
A ,域为[('company_id', '=', user.company_id.id)]和CRUD 1111(用户公司记录上的所有权利)
A with domain [('company_id', '=', user.company_id.id)] and CRUD 1111 (all rights on users company records)
B ,域为[(1, '=', 1)]和CRUD 0100(每条记录的读取权限)
B with domain [(1, '=', 1)] and CRUD 0100 (read rights on every record)
就是这样.附带说明:客户端在这种情况下表现很差.公司B的用户将看到公司A的记录(根据需要),起初用户似乎可以更改它们,因为显示了编辑按钮且该按钮可运行",但是在保存时,将弹出访问权限警告.
That's it actually. As a sidenote: the client behaves very bad in such constellations. Users of company B will see records of company A (as desired) and at first it seems the user can change them, because the edit button is shown and "functional", but on save the access right warning will pop up.
这篇关于谁能解释我在Odoo中的规则行为?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
