c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 766982] Re: If you associate 2 or more groups to an ir.rule, rules are not correctly applied

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: "Olivier Dony \(OpenERP\)" <766982@xxxxxxxxxxxxxxxxxx>
Date: Wed, 18 May 2011 12:34:47 -0000
Reply-to: Bug 766982 <766982@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

(edited copy of my comment on the merge proposal, for the record)
I agree with Stefan, the patch from comment #12 is not correct. The issue is not about changing the semantics of the combination of rules, it is only about being sure a user does not get rules applied from a group he does not actually belong to.

As Lorenzo explained in the bug report, at line 117 there is an
iteration on the rule's groups, but obviously this could include groups
the user does not belong to! So we just need to filter out the groups
that are irrelevant to the user.

This is better explained with code, so here's an unverified, dumb patch
to illustrate the desired result:

=== modified file 'bin/addons/base/ir/ir_rule.py'
--- bin/addons/base/ir/ir_rule.py	2011-03-02 11:08:16 +0000
+++ bin/addons/base/ir/ir_rule.py	2011-05-18 12:25:41 +0000
@@ -115,7 +115,9 @@
         if ids:
             for rule in self.browse(cr, uid, ids):
                 for group in rule.groups:
-                    group_rule.setdefault(group.id, []).append(rule.id)
+                    # filter out irrelevant groups!
+                    if uid in [u.id for u in group.users]:
+                        group_rule.setdefault(group.id, []).append(rule.id)
                 if not rule.groups:
                   global_rules.append(rule.id)
             global_domain = self.domain_create(cr, uid, global_rules)

** Changed in: openobject-server
       Status: Fix Committed => Confirmed

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/766982

Title:
  If you associate 2 or more groups to an ir.rule, rules are not
  correctly applied

Status in OpenERP Server:
  Confirmed

Bug description:
  Steps:
  1- create new db with only 'base' module
  2- create 2 groups: 'group1' and 'group2'
  3- create 2 rules on res.partner:
      - 'rule1' with domain: [('name','=','rule1')] and groups: 'group1'
      - 'rule2' with domain: [('ref','=','rule2')] and groups: 'group1' and 'group2'
  4- create user 'test' and associate to 'group1'
  5- create 2 partners:
      - with name: 'rule1' and ref: 'rule2'
      - with name: 'test' and ref: 'rule2'
  6- login with user 'test'
  7- you'll see both of partners

  This is wrong because since the user 'test' belongs to 'group1' and this group contains 2 rules, these rules must be combined with AND operator. So, user 'test' should see first partner only.
  This happens because second rule and both 2 rules are combined with OR:
  ((rule1 AND rule2) OR rule2)
  I suppose the problem to be connected with line 117 of ir_rule.py: http://bazaar.launchpad.net/~openerp/openobject-server/6.0/view/3404/bin/addons/base/ir/ir_rule.py#L115
  Instead of adding every group of the rule, you should check whether the user belongs to the group that will be added

References

[Bug 766982] [NEW] If you associate 2 or more groups to an ir.rule, rules are not correctly applied
From: Lorenzo Battistini - agilebg.com, 2011-04-20