Setting up access security
You might have noticed that, upon loading, our module is getting a warning message in the server log:
The model todo.task has no access rules, consider adding one.
The message is pretty clear: our new model has no access rules, so it can't be used by anyone other than the admin superuser. As a superuser, the admin
ignores data access rules, and that's why we were able to use the form without errors. But we must fix this before other users can use our model.
Another issue we have yet to address is that we want the to-do tasks to be private to each user. Odoo supports row-level access rules, which we will use to implement that.
Testing access security
In fact, our tests should be failing right now due to the missing access ...
Get Odoo 10 Development Essentials now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.