openerp-dev-web team mailing list archive

["Olivier Dony \(OpenERP\)" <odo@xxxxxxxxxxx>]

Review: Needs Fixing
I agree with Stefan, this is definitely not correct. The issue is not about changing the semantics of the combination of rules, it is only about being sure a user does not get rules applied from a group he does not actually belong to.

As Lorenzo explained in the bug report, at line 117 there is an iteration on the rule's groups, but obviously this could include groups the user does not belong to! So we just need to filter out the groups that are irrelevant to the user.

For example, say you have user U1 who belongs to group G1, and say rule R1 is linked to groups G1 and G2. When iterating on R1's groups for user U1, we will see G1 _and_ G2, and consider U1 a member of both groups, which leads to mistakes.

This is better explained with code, so here's an unverified, dumb patch to illustrate the desired result:
=== modified file 'bin/addons/base/ir/ir_rule.py'
--- bin/addons/base/ir/ir_rule.py	2011-03-02 11:08:16 +0000
+++ bin/addons/base/ir/ir_rule.py	2011-05-18 12:25:41 +0000
@@ -115,7 +115,9 @@
         if ids:
             for rule in self.browse(cr, uid, ids):
                 for group in rule.groups:
-                    group_rule.setdefault(group.id, []).append(rule.id)
+                    # filter out irrelevant groups!
+                    if uid in [u.id for u in group.users]:
+                        group_rule.setdefault(group.id, []).append(rule.id)
                 if not rule.groups:
                   global_rules.append(rule.id)
             global_domain = self.domain_create(cr, uid, global_rules)


-- 
https://code.launchpad.net/~openerp-dev/openobject-server/6.0-opw-5692-ach/+merge/61101
Your team OpenERP R&D Team is subscribed to branch lp:~openerp-dev/openobject-server/6.0-opw-5692-ach.