You might have noticed, upon loading our module is getting a warning message in the server log: The model todo.task has no access rules, consider adding one.
The message is pretty clear: our new model has no access rules, so it can't be used by anyone other than the admin super user. As a super user the admin ignores data access rules, that's why we were able to use the form without errors. But we must fix this before other users can use it.
To get a picture of what information is needed to add access rules to a model, use the web client and go to: Settings|Technical|Security|Access Controls List.
Here we can see the ACL for the mail.mail model. It indicates, per group, what actions are allowed on records.
This information needs to be provided by the module, using a data file to load the lines into the ir.model.access model. We will add full access on the model to the employee group. Employee is the basic access group nearly everyone belongs to.
This is usually done using a CSV file named security/ir.model.access.csv. Models have automatically generated identifiers: for todo.task the identifier is model_todo_task. Groups also have identifiers set by the modules creating them. The employee group is created by the base module and has identifier base.group_user. The line's name is only informative and it's best if it's kept unique. Core modules usually use a dot-separated string with the model name and the group. Following this convention we would use todo.task.user.
Now we have everything we need to know, let's add the new file with the following content:
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink access_todo_task_group_user,todo.task.user,model_todo_task,base.group_user,1,1,1,1
We must not forget to add the reference to this new file in the __openerp__.py descriptor's data attribute, so that should look like this:
'data': [
'todo_view.xml',
'security/ir.model.access.csv',
],As before, upgrade the module for these additions to take effect. The warning message should be gone, and you can confirm the permissions are OK by logging in with the user demo (password is also demo) and trying the to-do tasks feature.