Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/OCA/calendar/llms.txt

Use this file to discover all available pages before exploring further.

OCA Calendar is composed of several independent Odoo modules, each with its own security layer. Some modules define dedicated user groups, others rely entirely on Odoo’s built-in groups (base.group_user for internal users, base.group_system for administrators, and base.group_portal for portal users). The sections below document every group, model-level access control list (ACL), and record rule defined in source.

ICS Export Security

The calendar_export_ics module defines a single hidden security group that gates access to the export wizard.

Group definition

XML IDNameCategory
calendar_export_ics.group_calendar_exportCalendar Export IcsHidden (base.module_category_hidden)
Because the group belongs to base.module_category_hidden, it does not appear in Settings → Users & Companies → Groups in the Odoo UI. It is managed programmatically (e.g., assigned via automated actions or technical menus) rather than from the standard user-permission screen.

Model access (ACL)

ModelGroupReadWriteCreateDelete
calendar.export.icsgroup_calendar_export
Only users who hold group_calendar_export can open and submit the ICS export wizard. No other groups are granted access to this transient model.

ICS Import Security

The calendar_import_ics module follows the same pattern as the export module: a single hidden group controls wizard access.

Group definition

XML IDNameCategory
calendar_import_ics.group_calendar_importCalendar Import IcsHidden (base.module_category_hidden)
Like the export group, group_calendar_import is hidden from the standard Groups UI. It is assigned programmatically and is not selectable from the user form.

Model access (ACL)

ModelGroupReadWriteCreateDelete
calendar.import.icsgroup_calendar_import

Public Holiday Security

The calendar_public_holiday module does not define custom groups. It relies on Odoo’s built-in base.group_user (all internal users) and base.group_system (system administrators / Technical menu users) groups.

Model access (ACL)

ModelInternal Users (base.group_user)System Admin (base.group_system)
calendar.public.holidayRead onlyFull CRUD
calendar.public.holiday.lineRead onlyFull CRUD
calendar.public.holiday.next.year (wizard)Full CRUD
Key points:
  • Every internal Odoo user can read the public holiday calendar and its individual lines. This allows HR and scheduling features that depend on holiday data to work without requiring elevated permissions.
  • Only system administrators can create, modify, or delete holiday sets and their lines.
  • The “next year” wizard (calendar.public.holiday.next.year) is exclusively available to system administrators — no read access is granted to regular users.
If a user needs to manage public holidays but does not have full system-administrator rights, an Odoo administrator must grant base.group_system membership directly, as there is no intermediate “Holiday Manager” group in this module.

Resource Booking Security

The resource_booking module defines its own category and two explicit groups, plus a comprehensive set of record rules.

Groups

XML IDNameImpliesDefault members
resource_booking.group_userResource Booking / User(assigned manually)
resource_booking.group_managerResource Booking / Managergroup_userbase.user_root, base.user_admin
Both groups belong to the Resource Booking module category and are visible in Settings → Users & Companies → Groups.

Model access (ACL)

ModelUserManagerPortal (base.group_portal)
resource.booking.typeReadFull CRUD
resource.booking.combinationReadFull CRUD
resource.booking.type.combination.relReadFull CRUD
resource.bookingRead + Write + Create (no delete)Full CRUDRead
resource.resourceFull CRUD
Regular User members can create and edit their own bookings but cannot delete them. Only Managers have delete permission on resource.booking records.

Record rules

Record rules add row-level filtering on top of the ACL table above. All multi-company rules are global (apply to every user regardless of group).

Multi-company rules (global)

Rule nameModelDomain
Resource booking type multi company ruleresource.booking.type('company_id', 'in', company_ids + [False])
Resource booking multi company ruleresource.booking('type_id.company_id', 'in', company_ids + [False])
company_ids is an Odoo built-in variable in record-rule evaluation context that holds the IDs of all companies the current user belongs to. A booking type with no company (company_id = False) is visible to users of all companies.

Per-group record rules on resource.booking

Rule nameApplies toDomain
Resource booking portal rulebase.group_portal| ('partner_ids', 'child_of', user.partner_id.ids) OR ('message_partner_ids', 'child_of', user.partner_id.ids)
Resource booking user ruleresource_booking.group_user| | ('partner_ids', 'child_of', user.partner_id.ids) OR ('message_partner_ids', 'child_of', user.partner_id.ids) OR ('combination_id.resource_ids.user_id', 'in', user.ids)
Resource booking manager ruleresource_booking.group_manager(1, '=', 1) — unrestricted
What each rule means in practice:
  • Portal users can see only bookings where they appear as an attendee (partner_ids) or as a message follower (message_partner_ids).
  • Regular users can see bookings where they are an attendee, a follower, or where they own one of the booked resources — giving resource owners visibility into upcoming reservations.
  • Managers can see every booking regardless of company (subject only to the global multi-company rule above).

Event Type Color Security

The calendar_event_type_color module does not define a new group. It restricts the Calendar Event Type menu item to base.group_system (administrators):
<menuitem
    id="calendar_management_menu"
    name="Calendar Event Type"
    parent="calendar.mail_menu_calendar"
    action="calendar_event_type_action"
    groups="base.group_system"
/>
Only Odoo administrators can access Calendar → Calendar Event Type to assign colors to event types. Regular internal users will not see this menu entry.

Build docs developers (and LLMs) love