[IMP] estate: implemented security restrictions for the Real Estate module

- Added groups for real estate agents and managers.
- Defined access rights: agents can read types/tags but cannot delete properties
- Created record rules to restrict agents to only see/manage their own
properties.
- Updated estate_account to bypass security for confirming sales without full
invoicing access.

Author: sahm-odoo

estate/__manifest__.py

@@ -2,8 +2,10 @@
     'name': "Real State",
     'depends': ['base'],
     'author': "Sahil Mangukiya",
+    'category': 'Real Estate/Brokerage',
     'description': "This is my First tutorial module.",
     'data': [
+        'security/estate_security.xml',
         'security/ir.model.access.csv',
         'data/estate.property.type.csv',
         'views/res_users_views.xml',

estate/security/estate_security.xml

@@ -0,0 +1,33 @@
+<?xml version='1.0' encoding='utf-8'?>
+<odoo>
+
+    <record id="estate_group_user" model="res.groups">
+        <field name="name">Agent</field>
+        <field name="category_id" ref="base.module_category_real_estate_brokerage"></field>
+    </record>
+    <record id="estate_group_manager" model="res.groups">
+        <field name="name">Manager</field>
+        <field name="category_id" ref="base.module_category_real_estate_brokerage"></field>
+        <field name="implied_ids" eval="[ref('estate_group_user')]"/>
+    </record>
+
+    <record id="estate_property_record_rule_agent" model="ir.rule">
+        <field name="name">A description of the rule's role</field>
+        <field name="model_id" ref="estate.model_estate_property"/>
+        <field name="groups" eval="[Command.link(ref('estate.estate_group_user'))]"/>
+        <!-- <field name="perm_create" eval="True"/>
+        <field name="perm_read" eval="True"/> -->
+        <field name="domain_force">
+            ['|', ('seller_id', '=', user.id), ('seller_id', '=', False)]
+        </field>
+    </record>
+
+    <record id="estate_property_record_rule_manager" model="ir.rule">
+        <field name="name">A description of the rule's role</field>
+        <field name="model_id" ref="estate.model_estate_property"/>
+        <field name="groups" eval="[Command.link(ref('estate.estate_group_manager'))]"/>
+        <field name="domain_force">
+            [(1, '=', 1)]
+        </field>
+    </record>
+</odoo>

estate/security/ir.model.access.csv

@@ -1,6 +1,11 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
-access_estate_property,access_estate_property,model_estate_property,base.group_user,1,1,1,1
-access_estate_property_type,access_estate_property_type,model_estate_property_type,base.group_user,1,1,1,1
-access_estate_property_tag,access_estate_property_tag,model_estate_property_tag,base.group_user,1,1,1,1
-access_estate_property_offer,access_estate_property_offer,model_estate_property_offer,base.group_user,1,1,1,1
+access_estate_property,access_estate_property,model_estate_property,estate.estate_group_manager,1,1,1,0
+access_estate_property_type,access_estate_property_type,model_estate_property_type,estate.estate_group_manager,1,1,1,1
+access_estate_property_tag,access_estate_property_tag,model_estate_property_tag,estate.estate_group_manager,1,1,1,1
+access_estate_property_offer,access_estate_property_offer,model_estate_property_offer,estate.estate_group_manager,1,1,1,1
+
+access_estate_property,access_estate_property,model_estate_property,estate.estate_group_user,1,1,1,0
+access_estate_property_type,access_estate_property_type,model_estate_property_type,estate.estate_group_user,1,0,0,0
+access_estate_property_tag,access_estate_property_tag,model_estate_property_tag,estate.estate_group_user,1,0,0,0
+access_estate_property_offer,access_estate_property_offer,model_estate_property_offer,estate.estate_group_user,1,1,1,1
 

estate/views/estate_property_offer_views.xml

@@ -4,7 +4,6 @@
         <field name="name">Offers</field>
         <field name="res_model">estate.property.offer</field>
         <field name="view_mode">tree,form</field>
-        <field name="domain">[('property_type_id', '=', active_id)]</field>
     </record>
 
     <record id="estate_property_offer_view_tree" model="ir.ui.view">

estate_account/models/estate_property.py

@@ -1,4 +1,4 @@
-from odoo import models, Command
+from odoo import models, Command, fields
 
 
 class estateProperty(models.Model):
@@ -20,7 +20,7 @@ def action_sold(self):
             "price_unit": 100.00
         }
 
-        self.env["account.move"].create({
+        self.env["account.move"].sudo().create({
             "name": self.name + " Invoice",
             "partner_id": self.buyer_id.id,
             "move_type": "out_invoice",