It would be great to extend the odoo website module with some additional features. Obviously a new module needs to be created. Not every website user should be allowed to edit every page of the website.
Example: Company X uses the website module in odoo. Admin A prepares the homepage of the website by using the website builder. Now user B opens the website builder. He should not be able to edit selected pages like the homepage, contact us page ... but get access to some features like adding and editing a new page about some topics.
Is that possible and what's the best way to accomplish that?
As stated in https://www.odoo.com/documentation/12.0/reference/security.html, to be able to modify a record (on the website.page model in this case) the user access rights (on ir.model.access) are checked.
So, I would suggest creating/editing a group, add some users and then go to the "Record Rules" tab and add a line such as the following:
website.page) [('id','not in',[1])]That rule should allow the group members to edit (write) a website page as long as its id is not 1 (that is, homepage).
Note: You can't use ref on the domain expression, only two objects are available in the context: user (the current user) and time (the Python module).