Odoo
Implementation
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 44 |
| Technical Name |
attachment_security |
| Website | http://lucidbrainz.com |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 44 |
| Technical Name |
attachment_security |
| Website | http://lucidbrainz.com |
Community
Enterprise
Odoo.sh
Overview
The Attachment Security module for Odoo 16 is a custom security tool developed by Lucidbrainz that controls who can access and delete file attachments in the system. The module extends Odoo's attachment model to ensure that only the user who uploaded a file can delete it, preventing unauthorized deletion of important documents. It adds a visibility check mechanism to determine whether attachments should be shown to specific users and includes an administrative checkbox on user profiles to grant special deletion permissions. The module depends on the base and mail modules and provides read-only access to all users by default through security rules, while deletion rights remain restricted to the attachment creator. However, the current implementation has several technical issues including duplicate field definitions and incomplete permission integrations that need refinement for optimal functionality.
Features
- Users can only delete attachments they personally uploaded, preventing unauthorized file removal
- Implements a computed visibility field to control which attachments are accessible to specific users
- Adds "Can Delete Attachments" checkbox on user profiles for administrators to grant special deletion privileges
- Provides read-only access to all users by default while restricting write, create and delete operations
- Displays clear error messages when unauthorized deletion attempts occur: "You are not allowed to delete this attachment"
- Seamlessly integrates with Odoo's base and mail modules for compatibility across all records supporting file attachments
- Extends the core ir.attachment model without modifying existing Odoo functionality
- Allows restricting attachment access based on user permissions and ownership
Configuration & Usage
- User Access Rights
- Navigate to Settings >> Users & Companies >> Users to configure user permissions. Users must have basic system access and the "Technical Settings" permission to view and modify attachment security configurations.
- Locate the "Can Delete Attachments" field on the user form, which appears directly after the "Active" checkbox. Enable this checkbox for users who should have special privileges to delete attachments created by other users.
- How to Upload Attachments with Security
- Go to any Odoo module (Sales >> Orders, Accounting >> Invoices, or Projects >> Tasks) and open any record.
- Click the attachment/paperclip icon at the top of the form to upload files. The system automatically records the uploader's user ID in the attachment record for future permission checks.
- All users can view uploaded attachments on records they have access to, as the module grants universal read permissions by default.
- The button automatically hides when no bills exist for a partner, maintaining a clean interface.
- How to Delete Attachments
- Open any record containing attachments and hover over the attachment you want to delete.
- Click the trash/delete icon next to the attachment. The system automatically checks if the current user is the attachment creator.
- If you created the attachment, deletion proceeds normally without any restrictions. If you did not create the attachment and don't have the "Can Delete Attachments" permission, an error message appears: "You are not allowed to delete this attachment".
- The security control operates transparently in the background without requiring any manual configuration or additional steps from users.
Our Services
Odoo
Customization
Odoo
Migration
Support &
Maintenance
Please log in to comment on this module