Tryton - Issues

 

Issue7403

Title Record rule evaluation depending on related records
Priority bug Status chatting
Superseder Nosy List ced, nelghani
Type behavior Components trytond
Assigned To Keywords
Reviews

Created on 2018-04-30.15:10:52 by nelghani, last changed by ced.

Files
File name Uploaded Type Edit Remove
WarningMessage.jpg nelghani, 2018-04-30.15:10:52 image/jpeg
Messages
msg40469 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2018-04-30.15:38:08
Having record rules that depends on other records like this has inherent flaws. This is specially the case for all the fields that are not directly written like One2Many.
But indeed ModelSQL.create/.write could be improved to check domain after having set non-direct fields (but keep the test also before the write).
msg40465 (view) Author: [hidden] (nelghani) Date: 2018-04-30.15:10:52
I created a record rule on party model
By setting this domain :  [[u'addresses.country.code3', u'=', u'MAR']]
And adding it to the user group.

The view partie shows all parties with country.code3 = 'MAR', and this is the expected behavior

The user can update all parties with country.code3 = 'MAR'

But when the user tries to create a new party, the following message appears : "You try to bypass an access rule. (Document type: party.party)"

Here are queries traces generated in the backend :

2018-04-27 09:29:42 WEST LOG:  instruction : INSERT INTO "party_party" ("create_uid", "create_date", "code", "siren", "active", "name") VALUES (5, CURRENT_TIMESTAMP, '186', '', true, 'test') RETURNING "id"

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."id" FROM "ir_rule" AS "a" INNER JOIN "ir_rule_group" AS "b" ON ("b"."id" = "a"."rule_group") INNER JOIN "ir_model" AS "c" ON ("b"."model" = "c"."id") WHERE ((("c"."model" = 'party.party') AND ("b"."perm_create" = true)) AND ((("b"."id" IN (SELECT "d"."rule_group" FROM "ir_rule_group-res_group" AS "d" INNER JOIN "res_user-res_group" AS "e" ON ("d"."group" = "e"."group") WHERE ("e"."user" = 5))) OR ("b"."default_p" = true)) OR ("b"."global_p" = true)))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."create_uid" AS "create_uid", "a"."domain" AS "domain", "a"."rule_group" AS "rule_group", "a"."write_uid" AS "write_uid", "a"."write_date" AS "write_date", "a"."create_date" AS "create_date", "a"."id" AS "id" FROM "ir_rule" AS "a" WHERE (("a"."id" IN (90)))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."create_uid" AS "create_uid", "a"."perm_delete" AS "perm_delete", "a"."create_date" AS "create_date", "a"."name" AS "name", "a"."id" AS "id", "a"."default_p" AS "default_p", "a"."global_p" AS "global_p", "a"."write_date" AS "write_date", "a"."perm_write" AS "perm_write", "a"."perm_read" AS "perm_read", "a"."perm_create" AS "perm_create", "a"."write_uid" AS "write_uid", "a"."model" AS "model" FROM "ir_rule_group" AS "a" WHERE (("a"."id" IN (84)))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."id" FROM "ir_rule_group" AS "a" INNER JOIN "ir_model" AS "b" ON ("a"."model" = "b"."id") WHERE ((("b"."model" = 'party.party') AND ("a"."id" NOT IN (SELECT "c"."rule_group" FROM "ir_rule" AS "c"))) AND ("a"."id" IN (SELECT "d"."rule_group" FROM "ir_rule_group-res_group" AS "d" INNER JOIN "res_user-res_group" AS "e" ON ("d"."group" = "e"."group") WHERE ("e"."user" = 5))))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."id" FROM "party_party" AS "a" WHERE ((("a"."id" IN (170))) AND ((("a"."id" IN (SELECT "b"."party" FROM "party_address" AS "b" LEFT JOIN "country_country" AS "c" ON ("c"."id" = "b"."country") WHERE ((("c"."code3" = 'MAR')) AND ((((("c"."code3" = 'MAR')) AND ("b"."active" = true))) AND ("b"."active" = true)) AND ("b"."active" = true)))))))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."lang", "a"."type", "a"."name", "a"."src", "a"."value" FROM "ir_translation" AS "a" WHERE (((("a"."lang" = 'fr') AND ("a"."type" = 'error') AND ("a"."name" = 'party.party') AND ("a"."value" != '') AND ("a"."value" IS NOT NULL) AND ("a"."fuzzy" = false) AND ("a"."res_id" =  -1)) AND ("a"."src" = 'access_error')))

2018-04-27 09:29:42 WEST LOG:  instruction : SELECT "a"."lang", "a"."type", "a"."name", "a"."src", "a"."value" FROM "ir_translation" AS "a" WHERE ((("a"."lang" = 'fr') AND ("a"."type" = 'error') AND ("a"."name" = 'access_error') AND ("a"."value" != '') AND ("a"."value" IS NOT NULL) AND ("a"."fuzzy" = false) AND ("a"."res_id" =  -1)))

2018-04-27 09:29:42 WEST LOG:  instruction : ROLLBACK

Tests done witg tryton 4.6 and 4.8


Regards
History
Date User Action Args
2018-05-09 01:32:26cedsettitle: Record rule warning during party creation -> Record rule evaluation depending on related records
2018-04-30 15:38:09cedsetstatus: unread -> chatting
nosy: + ced
messages: + msg40469
2018-04-30 15:10:52nelghanicreate

Showing 10 items. Show all history (warning: this could be VERY long)