4

I used this xml code to add a button inside the 'Action',But i need to restrict the button to some user groups,

<record id="specialist_no_show_action" model="ir.actions.server">
                <field name="name">No Show </field>
                <field name="type">ir.actions.server</field>
                <field name="binding_model_id" ref="second_opinion.model_consultation"/>
                <field name="model_id" ref="second_opinion.model_consultation"/>
                <field name="state">code</field>
                <field name="code">
                    action = model.update_no_show()
                </field>
            </record>
Raihan
  • 193
  • 2
  • 21

2 Answers2

3

The ir.actions.actions get_bindings method will try to retrieve the list of actions bound to the given model and discard unauthorized actions then read action definitions.

The method will use groups_id field to check if the user may not perform an action.

groups_id
Many2many field to the groups allowed to view/use the current report

So a groups_id field is added to ir.actions.report to allow groups to view/use the current report

Unfortunately, the groups_id field is not implemented in ir.actions.server

Fortunately, the get_bindings method is implemented in the ir.actions.actions model which is the base model for both models ir.actions.report and ir.actions.server, so to use the same logic in server actions just add a groups_id field in ir.action.server and use it from the XML definition to restrict access to some groups.

Use the groups_id field for server action:

  • Inherit server action model and add the groups_id field:

    class IrActionsServer(models.Model):
    _inherit = 'ir.actions.server'

    groups_id = fields.Many2many('res.groups', 'res_groups_server_rel', 'uid', 'gid', string='Groups')

  • Then set the groups_id field value from XML, the following example will use the special commands format to add the Administration/Access Rights group to the groups_id field:

    <field name='groups_id' eval="[(4, ref('base.group_erp_manager'))]"/>
Kenly
  • 24,317
  • 7
  • 44
  • 60
  • 1
    Would be nice Odoo implementing this to the core code. I don't know why it isn't yet, because i only see advantages and as you mentioned: everything is there anyways (except the field...) – CZoellner Sep 06 '20 at 07:53
2

I don't think it is possible to restrict its visibility in the action menu, but as a workaround you could do the following in the code of the server action:

if not env.user.has_group('base.group_erp_manager'):
    raise Warning("You do not have access to trigger this action")

Replace "base.group_erp_manager" with your user group's XML ID.

adekock11
  • 544
  • 2
  • 11