Scribd
Upload
26 views

Restrict Url

Uploaded by

Topan Permata
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
26 views

Restrict Url

Uploaded by

Topan Permata
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

To restrict certain URLs in Odoo based on user roles or groups, you can use Odoo’s built-in

access control mechanisms along with custom code in controllers. Here’s how you can achieve
this:

1. Using Access Control Lists (ACLs)


Access Control Lists (ACLs) in Odoo allow you to define which users or groups can read,
write, create, or delete records of specific models.
1. Define a security rule in your module: Create a file named security/ir.model.access.csv
in your module directory.
1 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
2 access_restricted_model,access.restricted.model,model_restricted_model,
↪ base.group_user,1,0,0,0

This example restricts access to the restricted.model model to users who belong to
the base.group_user group, allowing read access only.

2. Using Record Rules


Record rules allow you to define more granular access controls based on specific conditions.
1. Define a record rule in your module: Create a file named security/ir.rule.csv
in your module directory.
1 id,name,model_id:id,groups,domain,perm_read,perm_write,perm_create,perm_unlink
2 rule_restricted_model,Restricted Model Access,model_restricted_model,
↪ base.group_user,[(1, '=', 1)],1,0,0,0

This example allows users in the base.group_user group to read all records in the
restricted.model model.

3. Restricting Controller URLs


To restrict access to specific URLs based on user roles or groups, you can customize your
controller methods to check the user’s group and redirect or deny access accordingly.
1. Create a custom controller: In your custom module, create a file named
controllers/main.py.
1 from odoo import http
2 from odoo.http import request
3
4 class MyController(http.Controller):
5
6 @http.route('/restricted/url', type='http', auth='user')
7 def restricted_url(self, **kwargs):
8 user = request.env.user

1
9 if not user.has_group('your_module.your_group'):
10 return request.redirect('/web/login') # Redirect to login if the
↪ user does not belong to the group
11
12 return "Welcome to the restricted URL!"

This example defines a controller that restricts access to the URL /restricted/url
based on whether the user belongs to a specific group.
2. Define the group in your module: Create a file named security/security.xml
in your module directory.
1 <odoo>
2 <data noupdate="1">
3 <record id="group_restricted_user" model="res.groups">
4 <field name="name">Restricted User</field>
5 </record>
6 </data>
7 </odoo>

3. Update the manifest file: Ensure that your manifest file __manifest__.py includes
references to the security files.
1 {
2 'name': 'Your Module',
3 'version': '1.0',
4 'category': 'Hidden',
5 'description': 'Module to restrict URL access based on user roles or
↪ groups',
6 'depends': ['base'],
7 'data': [
8 'security/security.xml',
9 'security/ir.model.access.csv',
10 'security/ir.rule.csv',
11 'views/views.xml',
12 ],
13 'installable': True,
14 'application': False,
15 }

4. Grant the Group to Users


Make sure the users who should have access to the restricted URL are added to the
group_restricted_user group.
This setup ensures that specific URLs in Odoo are restricted based on user roles or groups
using a combination of ACLs, record rules, and custom controller code.

You might also like