Tryton - Issues

 

Issue7403

Title Record rule evaluation depending on related records
Priority bug Status resolved
Superseder Nosy List ced, nelghani, reviewbot, roundup-bot
Type behavior Components trytond
Assigned To ced Keywords review
Reviews 53301002
View: 53301002

Created on 2018-04-30.15:10:52 by nelghani, last changed by roundup-bot.

Files
File name Uploaded Type Edit Remove
WarningMessage.jpg nelghani, 2018-04-30.15:10:52 image/jpeg
Messages
New changeset b71467328000 by C├ędric Krier in branch 'default':
Check rule after indirect fields and modification
https://hg.tryton.org/trytond/rev/b71467328000
review53301002 updated at https://codereview.tryton.org/53301002/#ps20001
review53301002 updated at https://codereview.tryton.org/53301002/#ps1
msg41479 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2018-06-19.17:59:15
Here is review53301002 which check rules after indirect fields and also after the modifications.
msg40469 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2018-04-30.15:38:08
Having record rules that depends on other records like this has inherent flaws. This is specially the case for all the fields that are not directly written like One2Many.
But indeed ModelSQL.create/.write could be improved to check domain after having set non-direct fields (but keep the test also before the write).
msg40465 (view) Author: [hidden] (nelghani) Date: 2018-04-30.15:10:52
I created a record rule on party model
By setting this domain :  [[u'addresses.country.code3', u'=', u'MAR']]
And adding it to the user group.

The view partie shows all parties with country.code3 = 'MAR', and this is the expected behavior

The user can update all parties with country.code3 = 'MAR'

But when the user tries to create a new party, the following message appears : "You try to bypass an access rule. (Document type: party.party)"

Here are queries traces generated in the backend :

2018-04-27 09:29:42 WEST LOG:  instruction : INSERT INTO "party_party" ("create_uid", "create_date", "code", "siren", "active", "name") VALUES (5, CURRENT_TIMESTAMP, '186', '', true, 'test') RETURNING "id"

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."id" FROM "ir_rule" AS "a" INNER JOIN "ir_rule_group" AS "b" ON ("b"."id" = "a"."rule_group") INNER JOIN "ir_model" AS "c" ON ("b"."model" = "c"."id") WHERE ((("c"."model" = 'party.party') AND ("b"."perm_create" = true)) AND ((("b"."id" IN (SELECT "d"."rule_group" FROM "ir_rule_group-res_group" AS "d" INNER JOIN "res_user-res_group" AS "e" ON ("d"."group" = "e"."group") WHERE ("e"."user" = 5))) OR ("b"."default_p" = true)) OR ("b"."global_p" = true)))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."create_uid" AS "create_uid", "a"."domain" AS "domain", "a"."rule_group" AS "rule_group", "a"."write_uid" AS "write_uid", "a"."write_date" AS "write_date", "a"."create_date" AS "create_date", "a"."id" AS "id" FROM "ir_rule" AS "a" WHERE (("a"."id" IN (90)))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."create_uid" AS "create_uid", "a"."perm_delete" AS "perm_delete", "a"."create_date" AS "create_date", "a"."name" AS "name", "a"."id" AS "id", "a"."default_p" AS "default_p", "a"."global_p" AS "global_p", "a"."write_date" AS "write_date", "a"."perm_write" AS "perm_write", "a"."perm_read" AS "perm_read", "a"."perm_create" AS "perm_create", "a"."write_uid" AS "write_uid", "a"."model" AS "model" FROM "ir_rule_group" AS "a" WHERE (("a"."id" IN (84)))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."id" FROM "ir_rule_group" AS "a" INNER JOIN "ir_model" AS "b" ON ("a"."model" = "b"."id") WHERE ((("b"."model" = 'party.party') AND ("a"."id" NOT IN (SELECT "c"."rule_group" FROM "ir_rule" AS "c"))) AND ("a"."id" IN (SELECT "d"."rule_group" FROM "ir_rule_group-res_group" AS "d" INNER JOIN "res_user-res_group" AS "e" ON ("d"."group" = "e"."group") WHERE ("e"."user" = 5))))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."id" FROM "party_party" AS "a" WHERE ((("a"."id" IN (170))) AND ((("a"."id" IN (SELECT "b"."party" FROM "party_address" AS "b" LEFT JOIN "country_country" AS "c" ON ("c"."id" = "b"."country") WHERE ((("c"."code3" = 'MAR')) AND ((((("c"."code3" = 'MAR')) AND ("b"."active" = true))) AND ("b"."active" = true)) AND ("b"."active" = true)))))))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."lang", "a"."type", "a"."name", "a"."src", "a"."value" FROM "ir_translation" AS "a" WHERE (((("a"."lang" = 'fr') AND ("a"."type" = 'error') AND ("a"."name" = 'party.party') AND ("a"."value" != '') AND ("a"."value" IS NOT NULL) AND ("a"."fuzzy" = false) AND ("a"."res_id" =  -1)) AND ("a"."src" = 'access_error')))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."lang", "a"."type", "a"."name", "a"."src", "a"."value" FROM "ir_translation" AS "a" WHERE ((("a"."lang" = 'fr') AND ("a"."type" = 'error') AND ("a"."name" = 'access_error') AND ("a"."value" != '') AND ("a"."value" IS NOT NULL) AND ("a"."fuzzy" = false) AND ("a"."res_id" =  -1)))

2018-04-27 09:29:42 WEST LOG:  instruction : ROLLBACK

Tests done witg tryton 4.6 and 4.8


Regards
History
Date User Action Args
2018-06-24 16:55:06roundup-botsetstatus: testing -> resolved
nosy: + roundup-bot
messages: + msg41624
2018-06-21 18:03:11reviewbotsetmessages: + msg41579
2018-06-19 17:59:37reviewbotsetnosy: + reviewbot
messages: + msg41480
2018-06-19 17:59:15cedsetstatus: in-progress -> testing
reviews: 53301002
messages: + msg41479
keyword: + review
2018-06-19 16:02:29cedsetstatus: chatting -> in-progress
assignedto: ced
2018-05-09 01:32:26cedsettitle: Record rule warning during party creation -> Record rule evaluation depending on related records
2018-04-30 15:38:09cedsetstatus: unread -> chatting
nosy: + ced
messages: + msg40469
2018-04-30 15:10:52nelghanicreate

Showing 10 items. Show all history (warning: this could be VERY long)