admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f3766c2898f5de181a881a891f91f728b7620825
Odoo-Modules/fusion_ringcentral/security/security.xml
gsinghpal 34e5b46025 fix: comprehensive permission overhaul for fusion_faxes and fusion_ringcentral 
Users without fax/RC groups could not open Sale Orders, Invoices, or
Contacts because the One2many computed fields triggered AccessError
on fusion.fax. Now base.group_user gets read-only access so computed
fields work silently, while all UI elements (smart buttons, header
buttons, menus, partner fields, settings) are restricted to the
proper security groups. Both modules now use Odoo 19 privilege
pattern for the user settings dropdown.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-25 11:52:06 -05:00

157 lines
8.0 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<odoo>
<!-- ================================================================== -->
<!-- MODULE CATEGORY -->
<!-- ================================================================== -->
<record id="module_category_fusion_connect" model="ir.module.category">
<field name="name">Fusion Connect</field>
<field name="sequence">46</field>
</record>
<!-- ================================================================== -->
<!-- PRIVILEGE (Odoo 19 pattern for user settings dropdown) -->
<!-- ================================================================== -->
<record id="res_groups_privilege_fusion_connect" model="res.groups.privilege">
<field name="name">Fusion Connect</field>
<field name="sequence">46</field>
<field name="category_id" ref="module_category_fusion_connect"/>
</record>
<!-- ================================================================== -->
<!-- USER GROUP: sees own calls, voicemails, faxes -->
<!-- ================================================================== -->
<record id="group_rc_user" model="res.groups">
<field name="name">User</field>
<field name="sequence">10</field>
<field name="implied_ids" eval="[(4, ref('base.group_user'))]"/>
<field name="privilege_id" ref="res_groups_privilege_fusion_connect"/>
</record>
<!-- ================================================================== -->
<!-- COMPANY USER GROUP: sees ALL company calls, voicemails, faxes -->
<!-- ================================================================== -->
<record id="group_rc_company_user" model="res.groups">
<field name="name">Company User</field>
<field name="sequence">20</field>
<field name="implied_ids" eval="[(4, ref('group_rc_user'))]"/>
<field name="privilege_id" ref="res_groups_privilege_fusion_connect"/>
</record>
<!-- ================================================================== -->
<!-- MANAGER GROUP: full access + RingCentral configuration -->
<!-- ================================================================== -->
<record id="group_rc_manager" model="res.groups">
<field name="name">Manager</field>
<field name="sequence">30</field>
<field name="implied_ids" eval="[(4, ref('group_rc_company_user'))]"/>
<field name="privilege_id" ref="res_groups_privilege_fusion_connect"/>
<field name="user_ids" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>
</record>
<data noupdate="0">
<!-- ============================================================ -->
<!-- Base read rules (allow computed fields on res.partner to -->
<!-- work for users without RC groups) -->
<!-- ============================================================ -->
<record id="rule_call_base_read" model="ir.rule">
<field name="name">RC Call: all internal users read-only</field>
<field name="model_id" ref="model_rc_call_history"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<record id="rule_voicemail_base_read" model="ir.rule">
<field name="name">RC Voicemail: all internal users read-only</field>
<field name="model_id" ref="model_rc_voicemail"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<!-- ============================================================ -->
<!-- Call History record rules -->
<!-- ============================================================ -->
<record id="rule_call_user_own" model="ir.rule">
<field name="name">RC Call: user sees own calls</field>
<field name="model_id" ref="model_rc_call_history"/>
<field name="domain_force">[('user_id', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('group_rc_user'))]"/>
</record>
<record id="rule_call_company_all" model="ir.rule">
<field name="name">RC Call: company user sees all calls</field>
<field name="model_id" ref="model_rc_call_history"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('group_rc_company_user'))]"/>
</record>
<record id="rule_call_manager_all" model="ir.rule">
<field name="name">RC Call: manager sees all calls</field>
<field name="model_id" ref="model_rc_call_history"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('group_rc_manager'))]"/>
</record>
<!-- ============================================================ -->
<!-- Voicemail record rules -->
<!-- ============================================================ -->
<record id="rule_voicemail_user_own" model="ir.rule">
<field name="name">RC Voicemail: user sees own</field>
<field name="model_id" ref="model_rc_voicemail"/>
<field name="domain_force">[('create_uid', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('group_rc_user'))]"/>
</record>
<record id="rule_voicemail_company_all" model="ir.rule">
<field name="name">RC Voicemail: company user sees all</field>
<field name="model_id" ref="model_rc_voicemail"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('group_rc_company_user'))]"/>
</record>
<record id="rule_voicemail_manager_all" model="ir.rule">
<field name="name">RC Voicemail: manager sees all</field>
<field name="model_id" ref="model_rc_voicemail"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('group_rc_manager'))]"/>
</record>
<!-- ============================================================ -->
<!-- Fax record rules -->
<!-- ============================================================ -->
<record id="rule_fax_user_own" model="ir.rule">
<field name="name">Fax: user sees own faxes</field>
<field name="model_id" ref="fusion_faxes.model_fusion_fax"/>
<field name="domain_force">['|', ('sent_by_id', '=', user.id), ('create_uid', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('group_rc_user'))]"/>
</record>
<record id="rule_fax_company_all" model="ir.rule">
<field name="name">Fax: company user sees all faxes</field>
<field name="model_id" ref="fusion_faxes.model_fusion_fax"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('group_rc_company_user'))]"/>
</record>
<record id="rule_fax_manager_all" model="ir.rule">
<field name="name">Fax: manager sees all faxes</field>
<field name="model_id" ref="fusion_faxes.model_fusion_fax"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('group_rc_manager'))]"/>
</record>
</data>
</odoo>
Reference in New Issue View Git Blame Copy Permalink