Search Here

Restrict User from Accessing Differnt Records by Changing ID in URL

 In this article, you will learn how to restrict users to see only his own records. To achieve this functionality we are going to use the odoo14 read method.

Restrict User from Accessing Differnt Records by Changing ID in URL | Learn OpenERP | Odoo

How to use read() method in Odoo14

We can restrict the user by using record rules, but in this article, I am going to show you how to restrict the user from accessing different records by changing the id in the URL. In Odoo8, to achieve this we can use Server Actions, but in Odoo14 we can't use Server Actions. So here we will use the read() method.


Restrict Users to See Only his Record



rec[0].get('login_id')[0]

This will give us the record of current model, and this record belongs to the current login user 

self.env.uid

This will give us the current logged in user id 

if rec[0].get('login_id')[0] != self.env.uid

It's mean that, user is trying to change id in URL to see another users record  

Post a Comment

4 Comments

  1. Well not sure how this is supposed to work. In whole Odoo 14.0 (or 13.0 for that matter) repository there is no mention of attribute called "login_id" that should be generally available for any model. It does not appear in any of the Python or JavaScript sources. The metadata are attributes like create_uid, create_date and write_uid and write_date.

    ReplyDelete
  2. My dear login_id is custom defined field, If you want to get id of some record than use your own defined field, for example if you have a model and in that model you have field vehicle_id than use like this: rec[0].get('vehicle_id')[0]

    ReplyDelete
    Replies
    1. Well in such case you should have said so. Also you should indicate when and how that field gets populated with the value so that this can work.

      Delete