hr_expense_security/security/ir_rule_data.xml
<?xml version="1.0" encoding="utf-8" ?>
<!-- Copyright 2019 OpenSynergy Indonesia
License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). -->
<openerp>
<data>
<!-- All Employee -->
<record id="ir_rule_expense_viewer_employee" model="ir.rule">
<field name="model_id" ref="hr_expense.model_hr_expense_expense" />
<field name="domain_force">[
('employee_id.user_id.id','=',user.id)
]</field>
<field name="name">Employee Expense Rule for Employee</field>
<field name="groups" eval="[(4, ref('base.group_user'))]" />
<field eval="1" name="perm_unlink" />
<field eval="1" name="perm_write" />
<field eval="1" name="perm_read" />
<field eval="1" name="perm_create" />
</record>
<!-- Operation -->
<record id="ir_rule_expense_operation_user" model="ir.rule">
<field name="model_id" ref="hr_expense.model_hr_expense_expense" />
<field name="domain_force">[
('employee_id.user_id.id','=',user.id)
]</field>
<field name="name">Employee Expense Operation Rule for User</field>
<field name="groups" eval="[(4, ref('group_expense_operation_user'))]" />
<field eval="1" name="perm_unlink" />
<field eval="1" name="perm_write" />
<field eval="1" name="perm_read" />
<field eval="1" name="perm_create" />
</record>
<record id="ir_rule_expense_operation_supervisor" model="ir.rule">
<field name="model_id" ref="hr_expense.model_hr_expense_expense" />
<field name="domain_force">[
('user_valid.id','=',user.id),
]</field>
<field name="name">Employee Expense Operation Rule for Manager</field>
<field name="groups" eval="[(4, ref('group_expense_operation_supervisor'))]" />
<field eval="1" name="perm_unlink" />
<field eval="1" name="perm_write" />
<field eval="1" name="perm_read" />
<field eval="1" name="perm_create" />
</record>
<record id="ir_rule_expense_operation_department" model="ir.rule">
<field name="model_id" ref="hr_expense.model_hr_expense_expense" />
<field name="domain_force">[
('department_id.id','child_of',user.employee_ids[0].department_id.id),
]</field>
<field name="name">Employee Expense Operation Rule for Department</field>
<field name="groups" eval="[(4, ref('group_expense_operation_department'))]" />
<field eval="1" name="perm_unlink" />
<field eval="1" name="perm_write" />
<field eval="1" name="perm_read" />
<field eval="1" name="perm_create" />
</record>
<record id="ir_rule_expense_operation_company" model="ir.rule">
<field name="model_id" ref="hr_expense.model_hr_expense_expense" />
<field name="domain_force">[
('company_id.id','child_of',user.company_id.id),
]</field>
<field name="name">Employee Expense Operation Rule for Company</field>
<field name="groups" eval="[(4, ref('group_expense_operation_company'))]" />
<field eval="1" name="perm_unlink" />
<field eval="1" name="perm_write" />
<field eval="1" name="perm_read" />
<field eval="1" name="perm_create" />
</record>
<!-- Viewer -->
<record id="ir_rule_expense_viewer_supervisor" model="ir.rule">
<field name="model_id" ref="hr_expense.model_hr_expense_expense" />
<field name="domain_force">[
('user_valid.id','=',user.id),
]</field>
<field name="name">Employee Expense Viewer Rule for Manager</field>
<field name="groups" eval="[(4, ref('group_expense_viewer_supervisor'))]" />
<field eval="0" name="perm_unlink" />
<field eval="0" name="perm_write" />
<field eval="1" name="perm_read" />
<field eval="0" name="perm_create" />
</record>
<record id="ir_rule_expense_viewer_department" model="ir.rule">
<field name="model_id" ref="hr_expense.model_hr_expense_expense" />
<field name="domain_force">[
('department_id.id','child_of',user.employee_ids[0].department_id.id),
]</field>
<field name="name">Employee Expense Viewer Rule for Department</field>
<field name="groups" eval="[(4, ref('group_expense_viewer_department'))]" />
<field eval="0" name="perm_unlink" />
<field eval="0" name="perm_write" />
<field eval="1" name="perm_read" />
<field eval="0" name="perm_create" />
</record>
<record id="ir_rule_expense_viewer_company" model="ir.rule">
<field name="model_id" ref="hr_expense.model_hr_expense_expense" />
<field name="domain_force">[
('company_id.id','child_of',user.company_id.id),
]</field>
<field name="name">Employee Expense Viewer Rule for Company</field>
<field name="groups" eval="[(4, ref('group_expense_viewer_company'))]" />
<field eval="0" name="perm_unlink" />
<field eval="0" name="perm_write" />
<field eval="1" name="perm_read" />
<field eval="0" name="perm_create" />
</record>
</data>
</openerp>