← Back to team overview

c2c-oerpscenario team mailing list archive

[Bug 766982] Re: If you associate 2 or more groups to an ir.rule, rules are not correctly applied

 

Amit,

Terribly sorry for the confusion, but if you only read my first comment
then our whole discussion was for nothing. This is definitely a bug.
Notwithstanding the various snippets of documentation and their
interpretation, the behaviour of the system for user1 changes if you
remove group2 from the rule, even though user1 is not in that group at
all. That can't be right, can it?

The problem is clear: the keys in 'group_rule' are not filtered against
the user's actual groups, so under certain circumstances rules of groups
are applied to users who are not in those groups.

Regards,
Stefan.

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/766982

Title:
  If you associate 2 or more groups to an ir.rule, rules are not
  correctly applied

Status in OpenERP Server:
  New

Bug description:
  Steps:
  1- create new db with only 'base' module
  2- create 2 groups: 'group1' and 'group2'
  3- create 2 rules on res.partner:
      - 'rule1' with domain: [('name','=','rule1')] and groups: 'group1'
      - 'rule2' with domain: [('ref','=','rule2')] and groups: 'group1' and 'group2'
  4- create user 'test' and associate to 'group1'
  5- create 2 partners:
      - with name: 'rule1' and ref: 'rule2'
      - with name: 'test' and ref: 'rule2'
  6- login with user 'test'
  7- you'll see both of partners

  This is wrong because since the user 'test' belongs to 'group1' and this group contains 2 rules, these rules must be combined with AND operator. So, user 'test' should see first partner only.
  This happens because second rule and both 2 rules are combined with OR:
  ((rule1 AND rule2) OR rule2)
  I suppose the problem to be connected with line 117 of ir_rule.py: http://bazaar.launchpad.net/~openerp/openobject-server/6.0/view/3404/bin/addons/base/ir/ir_rule.py#L115
  Instead of adding every group of the rule, you should check whether the user belongs to the group that will be added


References