In this article, you will learn how to restrict users to see only his own records. To achieve this functionality we are going to use the odoo14 read method.
How to use read() method in Odoo14
We can restrict the user by using record rules, but in this article, I am going to show you how to restrict the user from accessing different records by changing the id in the URL. In Odoo8, to achieve this we can use Server Actions, but in Odoo14 we can't use Server Actions. So here we will use the read() method.
Restrict Users to See Only his Record
rec[0].get('login_id')[0]
This will give us the record of current model, and this record belongs to the current login user
self.env.uid
This will give us the current logged in user id
if rec[0].get('login_id')[0] != self.env.uid
It's mean that, user is trying to change id in URL to see another users record
4 Comments
Well not sure how this is supposed to work. In whole Odoo 14.0 (or 13.0 for that matter) repository there is no mention of attribute called "login_id" that should be generally available for any model. It does not appear in any of the Python or JavaScript sources. The metadata are attributes like create_uid, create_date and write_uid and write_date.
ReplyDeleteHope you understand
DeleteMy dear login_id is custom defined field, If you want to get id of some record than use your own defined field, for example if you have a model and in that model you have field vehicle_id than use like this: rec[0].get('vehicle_id')[0]
ReplyDeleteWell in such case you should have said so. Also you should indicate when and how that field gets populated with the value so that this can work.
Delete