| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Accounting (accountant)
• Invoicing (account) • Discuss (mail) • Helpdesk (helpdesk) • Project (project) • Timesheets (timesheet_grid) • Employees (hr) • Sales (sale_management) |
| Community Apps Dependencies | Show |
| Lines of code | 4708 |
| Technical Name |
portal_access_control |
| License | OPL-1 |
| Website | https://gonexview.com |
Portal Access Control
Granular Per-Module Access Control for Portal Users
Control exactly which Odoo modules each portal user can access â Helpdesk, Projects, Sales, Invoicing, and Timesheets â with simple boolean toggles. Includes multi-company branch support, per-collaborator task visibility, and read-only project sharing.
Per-Module Access Toggles
A dedicated "Portal Access" tab is added to the user form for portal users (share=True). Each toggle controls whether the user can access records from the corresponding module. When a toggle is off, the portal user only sees records where they are explicitly a follower or collaborator.
- Portal Helpdesk: Controls access to helpdesk tickets via location_id matching.
- Portal Projects: Controls access to projects and tasks via location_id matching.
- Portal Sales: Controls access to sale orders and lines via partner hierarchy.
- Portal Invoicing: Controls access to invoices and invoice lines via partner hierarchy.
- Portal Timesheets: Controls access to timesheet entries via portal domain override.
Multi-Company Branch Support
When the "Apply to Branches" toggle is enabled, the portal user's access extends beyond their parent company to include all branch companies (branch_ids). This allows a single portal user to view records from the entire corporate group â tickets, projects, sales orders, and invoices â without needing separate accounts per branch.
- Automatic Expansion: ir.rule domains dynamically include parent_id + branch_ids when enabled.
- Conditional Visibility: The "Apply to Branches" toggle only appears when at least one module toggle is active.
- Cross-Module: Branch expansion applies to Helpdesk, Projects, Sales, and Invoicing simultaneously.
All Tasks Access & Read-Only Project Sharing
Extends the native project sharing wizard with an "All Tasks Access" checkbox per collaborator. When enabled, the collaborator can see all tasks in the project regardless of follow status. Combined with access_mode='read', this creates a read-only project sharing experience â collaborators can view all tasks but cannot create or edit them.
- All Tasks Access: Boolean field on project.collaborator and the share wizard; grants visibility to all tasks via ir.rule.
- Read-Only Mode: Dedicated readonly kanban and form views (create=0, edit=0) served through a separate controller route.
- Automatic Redirect: Portal users with readonly_access are automatically redirected to the read-only sharing URL.
- Wizard Integration: The share wizard correctly propagates all_tasks_access and readonly_access to project.collaborator records.
Security Rules Architecture
Replaces all native portal ir.rules with custom rules that enforce the per-module toggles. Native rules are deactivated (since rules in the same group are OR'd, leaving any native rule active would bypass the toggle). Global multi-company rules are also deactivated for portal users and recreated as internal-user-only rules.
- Helpdesk: 1 custom rule â uses location_id + message_partner_ids.
- Project: 2 custom rules (project + task) â uses location_id, collaborator_ids, all_tasks_access.
- Sale: 2 custom rules (order + line) â uses partner hierarchy (child_of).
- Invoicing: 2 custom rules (move + line) â uses partner hierarchy + state/type filters.
- Timesheet: No ir.rule needed â controlled via _timesheet_get_portal_domain() override.
- noupdate Rules: Native global rules (project_comp_rule, task_comp_rule) deactivated via Python function tag.
Key Capabilities
Toggle-Based Control
Simple boolean toggles on the user form to enable or disable access per module. Changes take effect immediately via registry cache invalidation â no session refresh needed.
Branch Expansion
A single toggle extends portal access to all branch companies of the user's parent company. Works across Helpdesk, Projects, Sales, and Invoicing modules simultaneously.
Read-Only Sharing
Granular project sharing with read-only mode. Collaborators with read + all_tasks_access get dedicated readonly views and are automatically redirected to the readonly sharing URL.
Take Control of Your Portal Access Today
Designed and developed by NexView to provide enterprise-grade portal access management.
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module