staff/security/rules.xml
<?xml version="1.0" encoding="utf-8"?>
<openerp>
<data>
<record id="group_staff_leave_own_rule" model="ir.rule">
<field name='name'>员工可以查看、创建、修改、删除自己的请假记录</field>
<field name='model_id' ref="staff.model_staff_leave"/>
<field name='domain_force'>[('user_id','=',user.id)]</field>
<field name='groups' eval="[(4,ref('staff.hr_groups'))]"/>
<field name='perm_read' eval='True'/>
<field name='perm_write' eval='True'/>
<field name='perm_create' eval='True'/>
<field name='perm_unlink' eval='True'/>
</record>
<record id="group_staff_leave_read_all_rule" model="ir.rule">
<field name='name'>员工可以查看所有人的请假记录,但不能创建、修改或删除其他人的请假记录</field>
<field name='model_id' ref="staff.model_staff_leave"/>
<field name='domain_force'>[('user_id','!=',user.id)]</field>
<field name='groups' eval="[(4,ref('staff.hr_groups'))]"/>
<field name='perm_read' eval='True'/>
<field name='perm_write' eval='False'/>
<field name='perm_create' eval='False'/>
<field name='perm_unlink' eval='False'/>
</record>
<record id="group_staff_leave_manager_rule" model="ir.rule">
<field name='name'>管理员可以查看、创建、修改、删除所有人的请假记录</field>
<field name='model_id' ref="staff.model_staff_leave"/>
<field name='domain_force'>[(1,'=',1)]</field>
<field name='groups' eval="[(4,ref('staff.hr_senior_groups'))]"/>
<field name='perm_read' eval='True'/>
<field name='perm_write' eval='True'/>
<field name='perm_create' eval='True'/>
<field name='perm_unlink' eval='True'/>
</record>
</data>
</openerp>