Record rule evaluation depending on related records
I created a record rule on party model
By setting this domain : [[u'addresses.country.code3', u'=', u'MAR']]
And adding it to the user group.
The view partie shows all parties with country.code3 = 'MAR', and this is the expected behavior
The user can update all parties with country.code3 = 'MAR'
But when the user tries to create a new party, the following message appears : "You try to bypass an access rule. (Document type: party.party)"
Here are queries traces generated in the backend :
2018-04-27 09:29:42 WEST LOG: instruction : INSERT INTO "party_party" ("create_uid", "create_date", "code", "siren", "active", "name") VALUES (5, CURRENT_TIMESTAMP, '186', '', true, 'test') RETURNING "id"
2018-04-27 09:29:42 WEST LOG: instruction : SELECT "a"."id" FROM "ir_rule" AS "a" INNER JOIN "ir_rule_group" AS "b" ON ("b"."id" = "a"."rule_group") INNER JOIN "ir_model" AS "c" ON ("b"."model" = "c"."id") WHERE ((("c"."model" = 'party.party') AND ("b"."perm_create" = true)) AND ((("b"."id" IN (SELECT "d"."rule_group" FROM "ir_rule_group-res_group" AS "d" INNER JOIN "res_user-res_group" AS "e" ON ("d"."group" = "e"."group") WHERE ("e"."user" = 5))) OR ("b"."default_p" = true)) OR ("b"."global_p" = true)))
2018-04-27 09:29:42 WEST LOG: instruction : SELECT "a"."create_uid" AS "create_uid", "a"."domain" AS "domain", "a"."rule_group" AS "rule_group", "a"."write_uid" AS "write_uid", "a"."write_date" AS "write_date", "a"."create_date" AS "create_date", "a"."id" AS "id" FROM "ir_rule" AS "a" WHERE (("a"."id" IN (90)))
2018-04-27 09:29:42 WEST LOG: instruction : SELECT "a"."create_uid" AS "create_uid", "a"."perm_delete" AS "perm_delete", "a"."create_date" AS "create_date", "a"."name" AS "name", "a"."id" AS "id", "a"."default_p" AS "default_p", "a"."global_p" AS "global_p", "a"."write_date" AS "write_date", "a"."perm_write" AS "perm_write", "a"."perm_read" AS "perm_read", "a"."perm_create" AS "perm_create", "a"."write_uid" AS "write_uid", "a"."model" AS "model" FROM "ir_rule_group" AS "a" WHERE (("a"."id" IN (84)))
2018-04-27 09:29:42 WEST LOG: instruction : SELECT "a"."id" FROM "ir_rule_group" AS "a" INNER JOIN "ir_model" AS "b" ON ("a"."model" = "b"."id") WHERE ((("b"."model" = 'party.party') AND ("a"."id" NOT IN (SELECT "c"."rule_group" FROM "ir_rule" AS "c"))) AND ("a"."id" IN (SELECT "d"."rule_group" FROM "ir_rule_group-res_group" AS "d" INNER JOIN "res_user-res_group" AS "e" ON ("d"."group" = "e"."group") WHERE ("e"."user" = 5))))
2018-04-27 09:29:42 WEST LOG: instruction : SELECT "a"."id" FROM "party_party" AS "a" WHERE ((("a"."id" IN (170))) AND ((("a"."id" IN (SELECT "b"."party" FROM "party_address" AS "b" LEFT JOIN "country_country" AS "c" ON ("c"."id" = "b"."country") WHERE ((("c"."code3" = 'MAR')) AND ((((("c"."code3" = 'MAR')) AND ("b"."active" = true))) AND ("b"."active" = true)) AND ("b"."active" = true)))))))
2018-04-27 09:29:42 WEST LOG: instruction : SELECT "a"."lang", "a"."type", "a"."name", "a"."src", "a"."value" FROM "ir_translation" AS "a" WHERE (((("a"."lang" = 'fr') AND ("a"."type" = 'error') AND ("a"."name" = 'party.party') AND ("a"."value" != '') AND ("a"."value" IS NOT NULL) AND ("a"."fuzzy" = false) AND ("a"."res_id" = -1)) AND ("a"."src" = 'access_error')))
2018-04-27 09:29:42 WEST LOG: instruction : SELECT "a"."lang", "a"."type", "a"."name", "a"."src", "a"."value" FROM "ir_translation" AS "a" WHERE ((("a"."lang" = 'fr') AND ("a"."type" = 'error') AND ("a"."name" = 'access_error') AND ("a"."value" != '') AND ("a"."value" IS NOT NULL) AND ("a"."fuzzy" = false) AND ("a"."res_id" = -1)))
2018-04-27 09:29:42 WEST LOG: instruction : ROLLBACK
Tests done witg tryton 4.6 and 4.8
Regards
Files
Download | Creator | Timestamp | Type |
---|---|---|---|
WarningMessage.jpg | @nelghani | 2018-04-30 13:10:52.236000 UTC | image/jpeg |