Setting up access security
You might have noticed that, upon loading, our module is getting a warning message in the server log:
The model todo.task has no access rules, consider adding one.
The message is pretty clear: our new model has no access rules, so it can't be used by anyone other than the admin superuser. As a superuser, the admin ignores data access rules, and that's why we were able to use the form without errors. But we must fix this before other users can use our model.
Another issue we have yet to address is that we want the to-do tasks to be private to each user. Odoo supports row-level access rules, which we will use to implement that.
Testing access security
In fact, our tests should be failing right now due to the missing access rules. They aren't because they are done with the admin user. So, we should change them so that they use the Demo user instead.
For this, we should edit the tests/test_todo.py file to add a setUp method:
# class TestTodo(TransactionCase): ...
