You shouldn't never trust all sale managers. Any sale manager could break the database.
Maybe we could add a boolean on ir model field to know if this is a custom attribute.
Then add a record rule to let CRUD access only on ir_model_fields that belongs to a custom attribute.
Seems very dangerous to me.
You shouldn't never trust all sale managers. Any sale manager could break the database.
Maybe we could add a boolean on ir model field to know if this is a custom attribute.
Then add a record rule to let CRUD access only on ir_model_fields that belongs to a custom attribute.