I'm not sure if this is a real bug or more of a specific customization that you want to add for certain companies...
You might be able to do it with a pair of Record Rules if you change your requirement to be: "employees can only see attachments that they created themselves, regardless". For example the normal employee group would have one rule to restrict access to employee attachments:
['|',('res_model','!=','hr.employee'),('user_id','=',user.id)]
and the HR Manager/HR Officer groups would have a Rule that cancels the normal rule for employees:
[(1,'=',1)]
Now if you really need to have a special permission for your own employee attachments you probably need to extend the user model by adding an "employee_id" relationship that can be used to check for this special case:
['|',('res_model','!=','hr.employee'),'|',('user_id','=',user.id),('res_id','=',user.employee_id.id)]
If the "employee_id" field was automatically computed by looking for the only employee that matches the user, it would make everything quite simple. We might add such a field in the future indeed, as there are many cases where this "reverse" relationship would be useful.
Hello Alan,
I'm not sure if this is a real bug or more of a specific customization that you want to add for certain companies...
You might be able to do it with a pair of Record Rules if you change your requirement to be: "employees can only see attachments that they created themselves, regardless". For example the normal employee group would have one rule to restrict access to employee attachments: ,('res_ model', '!=','hr. employee' ),('user_ id','=' ,user.id) ]
['|'
and the HR Manager/HR Officer groups would have a Rule that cancels the normal rule for employees:
[(1,'=',1)]
Now if you really need to have a special permission for your own employee attachments you probably need to extend the user model by adding an "employee_id" relationship that can be used to check for this special case: ('res_model' ,'!=',' hr.employee' ),'|',( 'user_id' ,'=',user. id),('res_ id','=' ,user.employee_ id.id)]
['|',
If the "employee_id" field was automatically computed by looking for the only employee that matches the user, it would make everything quite simple. We might add such a field in the future indeed, as there are many cases where this "reverse" relationship would be useful.