5.0] Read ids from the table even without columns if a rule domain exists

@ced Mon, 31 Jul 2023 07:49:01 -0700


Cédric Krier pushed to branch branch/5.0 at Tryton / Tryton



Commits:
71e83d24 by Cédric Krier at 2023-07-31T16:22:34+02:00
Read ids from the table even without columns if a rule domain exists

The rule must be enforced also when only non SQL type fields are read.

Closes #12428
(grafted from bd69f1025bca6648fd9ff11f585a60214d2bbf6e)
- - - - -


3 changed files:

- trytond/CHANGELOG
- trytond/trytond/model/modelsql.py
- trytond/trytond/tests/test_rule.py


Changes:

=====================================
trytond/CHANGELOG
=====================================
@@ -1,3 +1,4 @@
+* Enforce record rules when reading only non SQL fields (#12428)
 
 Version 5.0.59 - 2023-05-17
 ---------------------------


=====================================
trytond/trytond/model/modelsql.py
=====================================
@@ -723,7 +723,7 @@
                         Coalesce(table.write_date, table.create_date)
                         ).cast(sql_type).as_('_timestamp'))
 
-        if len(columns):
+        if len(columns) or domain:
             if 'id' not in fields_names:
                 columns.append(table.id.as_('id'))
 


=====================================
trytond/trytond/tests/test_rule.py
=====================================
@@ -282,6 +282,33 @@
             TestRule.read([test.id])
 
     @with_transaction()
+    def test_perm_read_with_rule_no_sql_type_fail(self):
+        "Test read with rule fail and without SQL type"
+        pool = Pool()
+        TestRule = pool.get('test.rule')
+        RuleGroup = pool.get('ir.rule.group')
+        Model = pool.get('ir.model')
+
+        model, = Model.search([('model', '=', 'test.rule')])
+        rule_group, = RuleGroup.create([{
+                    'name': "Field different from foo",
+                    'model': model.id,
+                    'global_p': True,
+                    'perm_read': True,
+                    'perm_create': False,
+                    'perm_write': False,
+                    'perm_delete': False,
+                    'rules': [('create', [{
+                                    'domain': json.dumps(
+                                        [('field', '!=', 'foo')]),
+                                    }])],
+                    }])
+        test, = TestRule.create([{'field': 'foo'}])
+
+        with self.assertRaises(UserError):
+            TestRule.read([test.id], ['rec_name'])
+
+    @with_transaction()
     def test_search_without_rule(self):
         "Test search without rule"
         pool = Pool()



View it on Heptapod: 
https://foss.heptapod.net/tryton/tryton/-/commit/71e83d2455fddf8970e5fb7d9a6d61e91b1c1751

-- 
View it on Heptapod: 
https://foss.heptapod.net/tryton/tryton/-/commit/71e83d2455fddf8970e5fb7d9a6d61e91b1c1751
You're receiving this email because of your account on foss.heptapod.net.

[tryton-commits] [Mercurial][tryton/tryton][branch/5.0] Read ids from the table even without columns if a rule domain exists

Reply via email to