c2c-oerpscenario team mailing list archive
-
c2c-oerpscenario team
-
Mailing list archive
-
Message #24574
[Bug 766982] Re: If you associate 2 or more groups to an ir.rule, rules are not correctly applied
(edited copy of my comment on the merge proposal, for the record)
I agree with Stefan, the patch from comment #12 is not correct. The issue is not about changing the semantics of the combination of rules, it is only about being sure a user does not get rules applied from a group he does not actually belong to.
As Lorenzo explained in the bug report, at line 117 there is an
iteration on the rule's groups, but obviously this could include groups
the user does not belong to! So we just need to filter out the groups
that are irrelevant to the user.
This is better explained with code, so here's an unverified, dumb patch
to illustrate the desired result:
=== modified file 'bin/addons/base/ir/ir_rule.py'
--- bin/addons/base/ir/ir_rule.py 2011-03-02 11:08:16 +0000
+++ bin/addons/base/ir/ir_rule.py 2011-05-18 12:25:41 +0000
@@ -115,7 +115,9 @@
if ids:
for rule in self.browse(cr, uid, ids):
for group in rule.groups:
- group_rule.setdefault(group.id, []).append(rule.id)
+ # filter out irrelevant groups!
+ if uid in [u.id for u in group.users]:
+ group_rule.setdefault(group.id, []).append(rule.id)
if not rule.groups:
global_rules.append(rule.id)
global_domain = self.domain_create(cr, uid, global_rules)
** Changed in: openobject-server
Status: Fix Committed => Confirmed
--
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/766982
Title:
If you associate 2 or more groups to an ir.rule, rules are not
correctly applied
Status in OpenERP Server:
Confirmed
Bug description:
Steps:
1- create new db with only 'base' module
2- create 2 groups: 'group1' and 'group2'
3- create 2 rules on res.partner:
- 'rule1' with domain: [('name','=','rule1')] and groups: 'group1'
- 'rule2' with domain: [('ref','=','rule2')] and groups: 'group1' and 'group2'
4- create user 'test' and associate to 'group1'
5- create 2 partners:
- with name: 'rule1' and ref: 'rule2'
- with name: 'test' and ref: 'rule2'
6- login with user 'test'
7- you'll see both of partners
This is wrong because since the user 'test' belongs to 'group1' and this group contains 2 rules, these rules must be combined with AND operator. So, user 'test' should see first partner only.
This happens because second rule and both 2 rules are combined with OR:
((rule1 AND rule2) OR rule2)
I suppose the problem to be connected with line 117 of ir_rule.py: http://bazaar.launchpad.net/~openerp/openobject-server/6.0/view/3404/bin/addons/base/ir/ir_rule.py#L115
Instead of adding every group of the rule, you should check whether the user belongs to the group that will be added
References