Olivier, Fabien,
I agree with you both.
In general, there are many situations where there are sql queries that break
with access rules and/or company_ids. Many of these can be converted to the ORM
way and do the right thing transparently, with the exception of the ones that
would be too slow (that is not the case here).
Still, that bug is a bit different: we are talking about the account_id of a
decoration invoice line. The account_id doesn't make sense, and in fact isn't
shown to the user, and is there just because that field is required in the
invoice line. So our query should get the account_id that is least likely to be
restricted/changed in the future. That's probably why the original code looks
for the root account.
Example: in a multi-company setup, a user could have access to all accounts,
but still it is nicer to choose his own company's account instead of a random
one.
So: I'm for Olivier's ORM way + [('company_id'),('='),(current_company)]
Thanks!
--
https://code.launchpad.net/~openerp-community/openobject-addons/lpistone_6.0_lp784499/+merge/61377
Your team OpenERP Community is subscribed to branch
lp:~openerp-community/openobject-addons/lpistone_6.0_lp784499.
_______________________________________________
Mailing list: https://launchpad.net/~openerp-community
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openerp-community
More help : https://help.launchpad.net/ListHelp
