Superuser access to record sets
The sudo() is the method where we can access recordsets as superuser. Access to records can be managed using different techniques like record rules, access rules, and so on.
The sudo() can break all the access rules and record rules. Let us look at an example,
class Student(models.Model):
_name = "student.student"
_description = "Student"
name = fields.Char(string="Name", required=True)
phone = fields.Char(string="Phone Number")
email = fields.Char(string="Email", required=True)
status = fields.Char(string="Status", groups="edu_organisation.group_organisation_admins")
Here, we can see a model which records all student's related data. Consider the field ‘status.’This field is only accessible by admins group users.
Next, we can create a button to update the student's records status.
<button name="update_status" string="Update Status" class="oe_highlight" type="object"/>
Here, we need a method to work this button. Since the status field is only accessible to the Admins, it is necessary to use the superuser access in the button click method. For that, use sudo() in the method. Before using the write method, we used sudo() for accessing the current record set with superuser access. This will return the same record set with a different environment, that is, the environment from the superuser, and it will bypass all access rules and security rights. This way, a user who does not include in the Edu Organization Admin category can update the status field value.
def update_status(self):
self.sudo().write({
'status': "Status Updated"
})