Security is a very important thing in every organization, we can create security groups while creating a module. For some situations, we need to add more security groups other than the security group that already exists.
In this blog, we can briefly explain how to override existing security groups in Odoo 15.
We can take a look into the hr_timesheet module for overriding security groups. Currently, the hr_time sheet has 3 user roles.
It is mandatory to keep the security group as a hierarchical model because in hierarchies it is easy to edit or modify the existing groups.
In the timesheet, we can see the roles “user: own timesheet only”, “user: all timesheets”, and “administrator”.
To show the hierarchy we can use the field “implied_ids” inside the group definition.
We can check an example code that already exists.
If we can check the definition of a category in the hr_timesheet/security/hr_timesheet_security.xml
Here we can see there are no implied_ids on this definition because this is the lowest level hierarchy.
<record model="ir.module.category" id="base.module_category_services_timesheets">
<field name="description">Helps you manage the timesheets.</field>
<field name="sequence">13</field>
</record>
We can check a role in that record that has the “implide_ids”. In this we can see the implied ID is base.group_user. base is the module name, the group_user contains on that module base.
<record id="group_hr_timesheet_user" model="res.groups">
<field name="name">User: own timesheets only</field>
<field name="category_id" ref="base.module_category_services_timesheets"/>
<field name="implied_ids" eval="[(4, ref('base.group_user'))]"/>
<field name="users" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>
</record>
We can add a new role named “user” on the timesheet security group
<record id="group_timesheet_user" model="res.groups">
<field name="name">user</field>
<field name="category_id" ref="base.module_category_serto show the hierarchy vices_timesheets"/>
<field name="implied_ids" eval="[(6,0, [ref('hr_timesheet.group_timesheet_manager')])]"/>
</record>
<record id="group_timesheet_user" model="res.groups">
Record ID is the ID of the record; the id will be unique for each record and that record will be contained in the res.group model.
<field name="name">User</field>
name=”name” is the name that is shown in the dropdown list of security group
<field name="category_id" ref="base.module_category_services_timesheets"/>
name=”category_id” is the category of the security group, the category decides the security shown under which security group category. Here the User group will be shown under module_category_services_timesheets.
In this group, we can see that the implied_ids is the group_timesheet_manager which is already in the security group.
<field name="implied_ids" eval="[(6,0,[ref('hr_timesheet.group_timesheet_manager')])]"/>By setting up the implied_ids we can maintain the hierarchy of the security group. In the below screenshot we can see that the user group is added into the timesheet security group.
In conclusion, we can effectively override the existing security group and add a new group to already existing categories.