i develop a custom module to restrict the right to create a new employee or to modify an existing one to the employees who belongs to group "Employee/Employee" but i notice even though my employee has the right "Employee/Manager" he became not able to create or edit employees. How can i fix that problem ? Any idea for help please ? here is my code :

hr_employee_view.xml

<?xml version="1.0" encoding="utf-8"?>
<odoo>
<record id="view_hr_employee_form_remove_edit" model="ir.ui.view">
    <field name="name">view.hr.employee.form.remove.edit</field>
    <field name="model">hr.employee</field>
    <field name="inherit_id" ref="hr.view_employee_form"/>
    <field name="groups_id" eval="[(4,ref('base.group_user'))]"/>
    <field name="arch" type="xml">
        <xpath expr="//form" position="attributes">
            <attribute name="edit">false</attribute>
            <attribute name="create">false</attribute>

        </xpath>
    </field>
</record>

<record id="view_hr_employee_tree_remove_edit_create" model="ir.ui.view">
    <field name="name">view.hr.employee.tree.remove.edit.create</field>
    <field name="model">hr.employee</field>
    <field name="inherit_id" ref="hr.view_employee_tree"/>
    <field name="groups_id" eval="[(6, 0, [ref('base.group_user')])]"/>
    <field name="arch" type="xml">
        <xpath expr="//tree" position="attributes">
            <attribute name="edit">false</attribute>
            <attribute name="create">false</attribute>
        </xpath>
    </field>
</record>

<record id="view_hr_employee_kanban_remove_edit_create" model="ir.ui.view">
    <field name="name">view.hr.employee.kanban.remove.edit.create</field>
    <field name="model">hr.employee</field>
    <field name="inherit_id" ref="hr.hr_kanban_view_employees"/>
    <field name="groups_id" eval="[(6, 0, [ref('base.group_user')])]"/>
    <field name="arch" type="xml">
        <xpath expr="//kanban" position="attributes">
            <attribute name="edit">false</attribute>
            <attribute name="create">false</attribute>
        </xpath>
    </field>
</record>

</odoo>

enter image description here

3 Answers

1
EasyOdoo On Best Solutions

Your technique work when the users don't have that group but as you know every user have that group and you cannot remove it.

You should use Odoo sercurity to Do this.

One thing by default Users that don't belong to Officer they don't have access to create

  access_hr_employee_system_user,hr.employee system user,model_hr_employee,base.group_user,1,0,0,0
  access_hr_employee_user,hr.employee user,model_hr_employee,group_hr_user,1,1,1,1

So If you mean that only manager can create an employee you should do this

  1. change access right of Officer group (target the ID hr.access_hr_employee_user)

    hr.access_hr_employee_user,hr.employee user,model_hr_employee,group_hr_user,1,0,0,0

  2. Give manager full access rights

    access_hr_employee_manger,hr.employee manager,model_hr_employee,hr.group_hr_manager,1,1,1,1

This why only manager can Create or update employees.

0
AvaniSomaiya On

You can hide button create/edit from XML. Like the following:

<field name="your_field_name" options="{'no_create_edit':True}" />

I hope this helps you. Thank you.

1
S.Saloua On

Add this rule to your module, it will hide the button 'create' only for the hr_user group and not for hr_manager group, you should create new file security.xml, where you can past this rule

  <record id="rule_security_groups_hr_user" model="ir.rule">
        <field name="name">User can't edit or create employees.</field>
        <field name="model_id" ref="hr.model_hr_employee"/>
        <field name="groups" eval="[(4, ref('hr.group_hr_user'))]"/>
        <field name="perm_read" eval="1"/>
        <field name="perm_create" eval="0"/>
        <field name="perm_write" eval="0"/>
        <field name="perm_unlink" eval="0" />
        <field name="domain_force">[('user_id','=',user.id)]</field>
    </record>

I hope this helps you. good luck