c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 766982] Re: If you associate 2 or more groups to an ir.rule, rules are not correctly applied

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: "Lorenzo Battistini - agilebg.com" <lorenzo.battistini@xxxxxxxxxxx>
Date: Thu, 21 Apr 2011 14:53:15 -0000
Reply-to: Bug 766982 <766982@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

For me, a rule has to be regarded in this way:
a test that must be passed in order to grant read|write|create|unlink access(es).
I can't see other ways to read rules...

> in case of two different rules granting access to two sets of records
> to the same group, members of this group should indeed have access
> to the union of the two sets

Actually, to the intersection of the two sets. OpenERP behaves so and it
is correct for me.

> The documentation is in fact unclear on this semantic aspect, but
> with respect to the current implementation remark no. 2 on the
> form itself is simply wrong. It should say that group-specific rules
> are combined together with a logical OR operator instead.

As above, the remark is correct since "group-specific rules are combined
together with a logical AND operator". Try it yourself

> For now, I would prefer for the documentation to be adapted to
> the code and not the other way around

Sure, the documentation should be corrected.
But the problem I raised is different, more particular. Ain't talking about the case of 2 rules associated to 1 group. I'm talking about the case of 2 rules associated to 1 group AND one of these rules associated to another group. The rule with 2 groups is INCORRECTLY combined with the others with an OR operator

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/766982

Title:
  If you associate 2 or more groups to an ir.rule, rules are not
  correctly applied

Status in OpenERP Server:
  New

Bug description:
  Steps:
  1- create new db with only 'base' module
  2- create 2 groups: 'group1' and 'group2'
  3- create 2 rules on res.partner:
      - 'rule1' with domain: [('name','=','rule1')] and groups: 'group1'
      - 'rule2' with domain: [('ref','=','rule2')] and groups: 'group1' and 'group2'
  4- create user 'test' and associate to 'group1'
  5- create 2 partners:
      - with name: 'rule1' and ref: 'rule2'
      - with name: 'test' and ref: 'rule2'
  6- login with user 'test'
  7- you'll see both of partners

  This is wrong because since the user 'test' belongs to 'group1' and this group contains 2 rules, these rules must be combined with AND operator. So, user 'test' should see first partner only.
  This happens because second rule and both 2 rules are combined with OR:
  ((rule1 AND rule2) OR rule2)
  I suppose the problem to be connected with line 117 of ir_rule.py: http://bazaar.launchpad.net/~openerp/openobject-server/6.0/view/3404/bin/addons/base/ir/ir_rule.py#L115
  Instead of adding every group of the rule, you should check whether the user belongs to the group that will be added

References

[Bug 766982] [NEW] If you associate 2 or more groups to an ir.rule, rules are not correctly applied
From: Lorenzo Battistini - agilebg.com, 2011-04-20