openerp-india team mailing list archive

["Amit Parik \(OpenERP\)" <amp@xxxxxxxxxxx>]

Hello Erik,

This is not a bug but its by design admin has super powers :).
Admin must not be affected by any access right or ir.rule because he/she must be able to correct them in case there is a configuration error.
 
Calling of stored fields must be done by admin user because there is a chance the user will not have access rights to the fields that is stored. you see when you put a store = {} trigger on a field, you can trigger a computation of the function field when you modify any of the dependent models you configured. So the computation will be triggered by whichever user modifies the dependent model, and that user may not have the necessary access to compute the function field,  this is why it is done by the admin user.

As per your scenario, You have implement function field in order to
respect the company-specific stuff...  for example when you needs to
fetch the taxes on a product you can consider the company of the object
that triggered the computation...   normally there should be a way to do
that properly

Well for example if the computation is triggered on a sale.order, there
is a company_id field on it that lets you know which company it belongs
to, even if the function is computed by admin user. then when reading
property fields with uid 1 you can pass the company in the context to
read only the data that belong to that company. and when searching on
other kinds of documents you can simply add the appropriate filter on
company_id. there should always be a way to make things work properly
even with uid 1.

Hope this will help you.

So this is not a bug and I am converting this to question!

Thanks for understanding!

** Changed in: openobject-server
       Status: New => Invalid

** Converted to question:
   https://answers.launchpad.net/openobject-server/+question/200865

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1010588

Title:
  "# uid == 1 for accessing objects having rules defined on store
  fields"

Status in OpenERP Server:
  Invalid

Bug description:
  Environment is openerp-server-6.0.3 in a Multi-Company environment.

  Seems that when using store=True on a function field, that function is
  called with uid=1 in some situations instead of with the uid of the
  user logged in at the time.

  In this multi-company environment, I have been using rules on objects
  to determine what a user from each company sees/has access to and also
  as a filter.

  For example, the three companies are sharing SKUs (product.product)
  but each have their own separate taxes on these products.

  So far that has worked out just fine - when making a sale, only the
  taxes that the user logged in can access are applied to the sale.

  But now that I have added "store=True" and "store={ ... }" to some
  fields since uid=1 n the initial access of these fields all three
  taxes records are being applied to sales caclulations.

  What I am not too sure of is if this is a bug or whether my method of
  manipulating things using permissions/user.company_id is a bad hack.

  I have checked v 6.1 and it does the same thing with uid:

  ubuntu@ip-10-160-70-30:/opt/openerp/openerp-server/bin/osv$ nano +3789 orm.py 
  ...
  for key in keys:
      val = todo[key]
      if key:
          # uid == 1 for accessing objects having rules defined on store fields
          result = self._columns[val[0]].get(cr, self, ids, val, 1, context=context)
          for id, value in result.items():
  ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1010588/+subscriptions