While making custom modules, sometimes the need arises to create a new security group along with the existing groups or change the behavior of some existing groups. We will discuss both of these cases in this blog.
Let us look into the attendance module for this, currently, the attendance app has 3 user roles.
In Odoo, security groups are written in a hierarchical manner and it is mandatory to keep this hierarchy while adding new groups and editing to existing groups.
Here
“Manual Attendance” role has limited access and is the lowest role in the hierarchy.
“Officer” has all access Manual Attendance has along with some additional access.
“Administrator” has full access and is at the top of the hierarchy.
We use the field implied_ids inside group definitions to show this hierarchy.
If you check the definition of “Manual attendance” in addons/hr_attendance/security/hr_attendance_security.xml,
You can see there is no implied_ids for this record, implying that this group is at the lowest level of the hierarchy.
Now let’s add a new role with access only to the Kiosk mode inside the attendance app. So that this new role will be at the lowest hierarchy below the Manual Attendance.
In our custom module, we can write the code for Kiosk Only role like this
<record id="group_hr_attendance_kiosk_only" model="res.groups">
<field name="name">Kiosk Only</field>
<field name="category_id" ref="base.module_category_human_resources_attendances"/>
<field name="comment">Access only to Kiosk mode</field>
</record>
Now we will overwrite the existing group “Manual Attendance” and add the implied_ids of the new role to it.
In implied_ids we give our_custom_module_name.id_of_new_role(here hr_attendance_kioskonly.group_hr_attendance_kiosk_only)
While overwriting, remember to add the module name (here hr_attendance) of the group where it originally belongs, to the record id.
<record id="hr_attendance.group_hr_attendance" model="res.groups">
<field name="name">Manual Attendance</field>
<field name="category_id" ref="base.module_category_human_resources_attendances"/>
<field name="implied_ids" eval="[(4,ref('hr_attendance_kioskonly.group_hr_attendance_kiosk_only'))]"/>
<field name="comment">The user will gain access to the human resources attendance menu, enabling him to manage his own attendance.</field>
</record>
Now we will overwrite the root menu of attendance to change it to the group with the lowest hierarchy. so that user can open app
<record model='ir.ui.menu' id='hr_attendance.menu_hr_attendance_root'>
<field name="groups_id" eval="[(4,ref('hr_attendance_kioskonly.group_hr_attendance_kiosk_only'))]"/>
</record>
Finally we will add a new menu for kiosk mode and set the new group as it’s group,
<menuitem id="menu_hr_attendance_kioskonly_attendances" name="Kiosk Mode"
parent="hr_attendance.menu_hr_attendance_root" sequence="100"
groups="hr_attendance_kioskonly.group_hr_attendance_kiosk_only"
action="hr_attendance.hr_attendance_action_kiosk_mode"/>
Now we have a Kiosk only user group, for this we have,
-Created a new group
-Overwrite the existing “Manual Attendance” group
Users with this role can only access Kiosk mode in attendance app
This is how we overwrite existing security groups and add more roles. For more information about security groups, kindly refer to our blog below