34e5b46025
Users without fax/RC groups could not open Sale Orders, Invoices, or Contacts because the One2many computed fields triggered AccessError on fusion.fax. Now base.group_user gets read-only access so computed fields work silently, while all UI elements (smart buttons, header buttons, menus, partner fields, settings) are restricted to the proper security groups. Both modules now use Odoo 19 privilege pattern for the user settings dropdown. Co-authored-by: Cursor <cursoragent@cursor.com>
66 lines
2.9 KiB
XML
66 lines
2.9 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<odoo>
|
|
|
|
<!-- Module category (appears in Settings > Users) -->
|
|
<record id="module_category_fusion_faxes" model="ir.module.category">
|
|
<field name="name">Fusion Faxes</field>
|
|
<field name="sequence">47</field>
|
|
</record>
|
|
|
|
<!-- Privilege (Odoo 19 user settings dropdown) -->
|
|
<record id="res_groups_privilege_fusion_faxes" model="res.groups.privilege">
|
|
<field name="name">Fusion Faxes</field>
|
|
<field name="sequence">47</field>
|
|
<field name="category_id" ref="module_category_fusion_faxes"/>
|
|
</record>
|
|
|
|
<!-- User group: can send faxes and view own fax history -->
|
|
<record id="group_fax_user" model="res.groups">
|
|
<field name="name">User</field>
|
|
<field name="sequence">10</field>
|
|
<field name="implied_ids" eval="[(4, ref('base.group_user'))]"/>
|
|
<field name="privilege_id" ref="res_groups_privilege_fusion_faxes"/>
|
|
</record>
|
|
|
|
<!-- Manager group: can view all faxes and configure settings -->
|
|
<record id="group_fax_manager" model="res.groups">
|
|
<field name="name">Manager</field>
|
|
<field name="sequence">20</field>
|
|
<field name="implied_ids" eval="[(4, ref('group_fax_user'))]"/>
|
|
<field name="privilege_id" ref="res_groups_privilege_fusion_faxes"/>
|
|
<field name="user_ids" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>
|
|
</record>
|
|
|
|
<data noupdate="0">
|
|
|
|
<!-- Base users can read fax records (needed for One2many computed fields on sale.order etc.) -->
|
|
<record id="rule_fax_base_read" model="ir.rule">
|
|
<field name="name">Fax: all internal users read-only</field>
|
|
<field name="model_id" ref="model_fusion_fax"/>
|
|
<field name="domain_force">[(1, '=', 1)]</field>
|
|
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
|
|
<field name="perm_read" eval="True"/>
|
|
<field name="perm_write" eval="False"/>
|
|
<field name="perm_create" eval="False"/>
|
|
<field name="perm_unlink" eval="False"/>
|
|
</record>
|
|
|
|
<!-- Fax users see only their own faxes (full CRUD minus unlink) -->
|
|
<record id="rule_fax_user_own" model="ir.rule">
|
|
<field name="name">Fax: user sees own faxes</field>
|
|
<field name="model_id" ref="model_fusion_fax"/>
|
|
<field name="domain_force">[('sent_by_id', '=', user.id)]</field>
|
|
<field name="groups" eval="[(4, ref('group_fax_user'))]"/>
|
|
</record>
|
|
|
|
<!-- Managers see all faxes -->
|
|
<record id="rule_fax_manager_all" model="ir.rule">
|
|
<field name="name">Fax: manager sees all faxes</field>
|
|
<field name="model_id" ref="model_fusion_fax"/>
|
|
<field name="domain_force">[(1, '=', 1)]</field>
|
|
<field name="groups" eval="[(4, ref('group_fax_manager'))]"/>
|
|
</record>
|
|
|
|
</data>
|
|
</odoo>
|