Prevent URL manipulation in portal for vps

2024-08-05 00:01:31 +02:00
parent da325f0c79
commit 44a91358ff
6 changed files with 60 additions and 20 deletions
--- a/ow_vm_management/security/ir.rule.xml
+++ b/ow_vm_management/security/ir.rule.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+    <data noupdate="1">
+        <record id="vps_server_portal_rule" model="ir.rule">
+            <field name="name">Portal user can only see own VPS servers</field>
+            <field name="model_id" ref="model_vps_server"/>
+            <field name="domain_force">[('customer_id', '=', user.partner_id.id)]</field>
+            <field name="groups" eval="[(4, ref('base.group_portal'))]"/>
+            <field name="perm_read" eval="True"/>
+            <field name="perm_write" eval="False"/>
+            <field name="perm_create" eval="False"/>
+            <field name="perm_unlink" eval="False"/>
+        </record>
+    </data>
+</odoo>