Tryton - Issues

 

Issue4986

Title Domain validation should skip ir.rule
Priority feature Status closed
Superseder Remove company record rules
View: 4080
Nosy List ced, pokoli
Type behavior Components trytond
Assigned To pokoli Keywords review
Reviews 17531002
View: 17531002

Created on 2015-09-22.16:36:50 by pokoli, last changed by pokoli.

Messages
msg43049 (view) Author: [hidden] (pokoli) (Tryton committer) (Tryton translator) Date: 2018-08-23.17:46:09
This has been solved on issue7555
msg22481 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2015-09-23.10:57:49
No it is not a bug.
First, in recent version validate doesn't validate untouched fields.
Second, you have a design issue if you let user work on records that can be linked to "ruled" records.
I think your problem comes from an wrong usage of rule which should only be used for access right and not for programming purpose (like it is now for multi-company).

So I repeat for me, the solution is to get _check_access disabled for validation and to have rule disabled by _check_access (instead of root) but the last is only possible once issue4080 is fixed. And I will not accept any other hack to solve this locale issue, we must fix the conceptual failure of multi-company to get a correct access right management (apply only on CRUD from RPC).
msg22480 (view) Author: [hidden] (pokoli) (Tryton committer) (Tryton translator) Date: 2015-09-23.09:23:10
Its a bug with the following scenario: 

1. Creates a record using another user, which is allowed to read the record.
2. Modify the related record without touhcing the field because it is not visible to the other user. 
3. The _validate method validates the domain and raises and incorrect error message.
msg22463 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2015-09-22.17:43:04
Not a bug as the user can not set the value of a field using a record he can not read. But anyway, I think the _check_access should be reviewed to really only apply on the first RPC methods.
msg22462 (view) Author: [hidden] (pokoli) (Tryton committer) (Tryton translator) Date: 2015-09-22.17:21:48
We have a record rule that prevents the user to access some records, and this rule is applied on domain_validation, so if the user is not allowed to access this record, the domain validation error is raised despite the domain being correct.
msg22461 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2015-09-22.16:56:02
I don't understand the sentence, it seems it is missing a comma somewhere.
msg22460 (view) Author: [hidden] (pokoli) (Tryton committer) (Tryton translator) Date: 2015-09-22.16:36:49
If there is a rule that prevents the current user to read some values of a model domain validation errors are raised on domains that depend on other field (i.e: ('some_field', '=', Eval('record_field)) but the domain is correct. 

This is due to the search on [1]. 

The attached review fixes it. 

Found on version 3.4, but I expect that all the supported series are affected. 

[1] http://hg.tryton.org/trytond/file/f3f854365015/trytond/model/modelstorage.py#l946
History
Date User Action Args
2018-08-23 17:46:09pokolisetstatus: testing -> closed
messages: + msg43049
2018-08-21 18:50:54cedsetsuperseder: + Remove company record rules
2015-09-23 10:57:50cedsetpriority: bug -> feature
messages: + msg22481
2015-09-23 09:23:12pokolisetpriority: feature -> bug
messages: + msg22480
2015-09-22 17:43:05cedsetpriority: bug -> feature
messages: + msg22463
2015-09-22 17:21:49pokolisetmessages: + msg22462
2015-09-22 16:56:03cedsetnosy: + ced
messages: + msg22461
2015-09-22 16:36:50pokolicreate

Showing 10 items. Show all history (warning: this could be VERY long)