In steps 1 and 2, we added a new field called report_missing in the model and form view. Note that we put the my_library.group_library_librarian group on the field in Python, so this field is only accessible by the Librarian user.

In the next step, we added the report_missing_book() method, in the body of which we updated the value of the report_missing field. Note that we used sudo() before calling the write method.

Finally, we added a button in the form view to trigger the method from the user interface.

To test this implementation, you need to log in with the non-librarian user. If you have loaded the database with demonstration data, you can log in with the demo user and then click on the Missing book report button in the form view of the book. Upon clicking that button, the report_missing_book() method will be called, and this will write the message in the report_missing field, even if the user doesn't have proper rights. You can check the value of the field through the admin user because this field will be hidden in the demo user.

On a click of the Report Missing Book button, we will get the recordset of the current book in the report_missing_book() method as an argument, self. Before writing the values in the book recordset, we used self.sudo(). This will return the same recordset but with a different environment. This recordset will have the environment from the superuser, and it will bypass all access rules and record rules. Because of that, the non-librarian user will be able to write in the book record. Even the model's logging field, write_uid, will have the value of the superuser.