moylop260/read_only_user.py Secret

## read_only_user.py
from odoo import _, api, fields, models, tools
from odoo.exceptions import AccessError

# ALLOWED_MODEL_ACCESS extracted from global groups with create permissions
# groups = (self.env.ref('base.group_portal') | self.env.ref('base.group_public') |
#           self.env.ref('base.group_user'))
# self.env['ir.model.access'].search(
#     ['&', '|', ('group_id', 'in', groups.ids), ('group_id', '=', False),
#      ('perm_create', '=', True)]).mapped('model_id.model'))))
# Exclude internal employee since that it requires a new user instead of readonly one
ALLOWED_MODEL_ACCESS = [
    'bus.bus', 'bus.presence', 'ir.filters',
    'mail.activity', 'mail.alias', 'mail.channel', 'mail.channel.partner',
    'mail.followers', 'mail.mail', 'mail.message', 'mail.message.subtype',
    'mail.moderation', 'mail.notification', 'mail.shortcode', 'mail.thread',
    'note.note', 'report.layout', 'res.users.log',
    'utm.campaign', 'utm.medium', 'utm.source',
]


class IrModelAccess(models.Model):
    _inherit = 'ir.model.access'

    @api.model
    @tools.ormcache_context(
        'self._uid', 'model', 'mode', 'raise_exception', keys=('lang',))
    def check(self, model, mode='read', raise_exception=True):
        result = super(IrModelAccess, self).check(
            model, mode, raise_exception=raise_exception)
        if (self.env.user.has_group('custom_module.group_readonly') and mode != 'read'
                and model not in ALLOWED_MODEL_ACCESS):
            if raise_exception:
                raise AccessError(_(
                    "Sorry, you are only allowed to read this document. (%s - %s)") % (model, mode))
            return False
        return result
	from odoo import _, api, fields, models, tools
	from odoo.exceptions import AccessError

	# ALLOWED_MODEL_ACCESS extracted from global groups with create permissions
	# groups = (self.env.ref('base.group_portal') \| self.env.ref('base.group_public') \|
	# self.env.ref('base.group_user'))
	# self.env['ir.model.access'].search(
	# ['&', '\|', ('group_id', 'in', groups.ids), ('group_id', '=', False),
	# ('perm_create', '=', True)]).mapped('model_id.model'))))
	# Exclude internal employee since that it requires a new user instead of readonly one
	ALLOWED_MODEL_ACCESS = [
	'bus.bus', 'bus.presence', 'ir.filters',
	'mail.activity', 'mail.alias', 'mail.channel', 'mail.channel.partner',
	'mail.followers', 'mail.mail', 'mail.message', 'mail.message.subtype',
	'mail.moderation', 'mail.notification', 'mail.shortcode', 'mail.thread',
	'note.note', 'report.layout', 'res.users.log',
	'utm.campaign', 'utm.medium', 'utm.source',
	]


	class IrModelAccess(models.Model):
	_inherit = 'ir.model.access'

	@api.model
	@tools.ormcache_context(
	'self._uid', 'model', 'mode', 'raise_exception', keys=('lang',))
	def check(self, model, mode='read', raise_exception=True):
	result = super(IrModelAccess, self).check(
	model, mode, raise_exception=raise_exception)
	if (self.env.user.has_group('custom_module.group_readonly') and mode != 'read'
	and model not in ALLOWED_MODEL_ACCESS):
	if raise_exception:
	raise AccessError(_(
	"Sorry, you are only allowed to read this document. (%s - %s)") % (model, mode))
	return False
	return result