default] Read ids from the table even without columns if a rule domain exists

@ced Mon, 31 Jul 2023 06:18:48 -0700


Cédric Krier pushed to branch branch/default at Tryton / Tryton



Commits:
bd69f102 by Cédric Krier at 2023-07-23T10:18:04+02:00
Read ids from the table even without columns if a rule domain exists

The rule must be enforced also when only non SQL type fields are read.

Closes #12428
- - - - -


3 changed files:

- trytond/CHANGELOG
- trytond/trytond/model/modelsql.py
- trytond/trytond/tests/test_rule.py


Changes:

=====================================
trytond/CHANGELOG
=====================================
@@ -1,3 +1,4 @@
+* Enforce record rules when reading only non SQL fields (#12428)
 * Support PYSON comparison of timedelta
 * Support encoding timedelta into PYSON TimeDelta
 * Allow date formating in sequences substitutions


=====================================
trytond/trytond/model/modelsql.py
=====================================
@@ -1059,7 +1059,7 @@
                 and columns.keys() == {'write_date'}):
             columns.pop('write_date')
             extra_fields.discard('write_date')
-        if columns:
+        if columns or domain:
             if 'id' not in fields_names:
                 columns['id'] = table.id.as_('id')
 


=====================================
trytond/trytond/tests/test_rule.py
=====================================
@@ -320,6 +320,33 @@
             TestRule.read([test.id], ['field'])
 
     @with_transaction(context=_context)
+    def test_perm_read_with_rule_no_sql_type_fail(self):
+        "Test read with rule fail and without SQL type"
+        pool = Pool()
+        TestRule = pool.get('test.rule')
+        RuleGroup = pool.get('ir.rule.group')
+        Model = pool.get('ir.model')
+
+        model, = Model.search([('model', '=', 'test.rule')])
+        rule_group, = RuleGroup.create([{
+                    'name': "Field different from foo",
+                    'model': model.id,
+                    'global_p': True,
+                    'perm_read': True,
+                    'perm_create': False,
+                    'perm_write': False,
+                    'perm_delete': False,
+                    'rules': [('create', [{
+                                    'domain': json.dumps(
+                                        [('field', '!=', 'foo')]),
+                                    }])],
+                    }])
+        test, = TestRule.create([{'field': 'foo'}])
+
+        with self.assertRaisesRegex(AccessError, "Field different from foo"):
+            TestRule.read([test.id], ['rec_name'])
+
+    @with_transaction(context=_context)
     def test_search_without_rule(self):
         "Test search without rule"
         pool = Pool()



View it on Heptapod: 
https://foss.heptapod.net/tryton/tryton/-/commit/bd69f1025bca6648fd9ff11f585a60214d2bbf6e

-- 
View it on Heptapod: 
https://foss.heptapod.net/tryton/tryton/-/commit/bd69f1025bca6648fd9ff11f585a60214d2bbf6e
You're receiving this email because of your account on foss.heptapod.net.

[tryton-commits] [Mercurial][tryton/tryton][branch/default] Read ids from the table even without columns if a rule domain exists

Reply via email to