First, I’m upgrading an installation from 5.4 to version 6.4. Everything went smooth until access rights (which was kind of expected).
In this case we have a form where timesheet lines are shown. This is a Function
field (one2many
) which gets the timesheet lines based on the timesheet added (many2one
from timesheet.work
). This gives something like:
timesheet = fields.Many2One('timesheet.work', 'Timesheet')
timesheet_lines = fields.Function(
fields.One2Many('timesheet.line', None, 'Timesheet Lines',
domain=[('work', '=', Eval('timesheet'))],
depends=['timesheet']), '_get_timesheet_lines')
def _get_timesheet_lines(self, name):
if self.timesheet:
return [t.id for t in self.timesheet.timesheet_lines]
return []
The timesheet lines then are restricted to only show the timesheet lines of the user. For this a new group was created and a new Record Rule
added to the group which filters the timesheet lines based on the employee
. This is where things go wrong. We now get an UserError
which says that the user is not allowed to read records with id ... ...
etc. And the list of timesheet lines is empty.
We tracked the error back to version 6.0. From that version the error shows up. The strange thing is that when the user directly goes to Timesheet -> Lines
via the menu, it still works. The user only gets it’s own timesheet lines.
It seems we clearly missing something here. In the release notes of version 6.0 there is a sentence saying:
“The record rules are now only applied if _check_access
is set in the context. This improves the multi-company support.”
Adding a print statement to the _get_timesheet_lines
indeed the _check_access
is False
. Change the _check_access
to True
didn’t help either.
def _get_timesheet_lines(self, name):
with Transaction().set_context(_check_access=True):
if self.timesheet:
return [t.id for t in self.timesheet.timesheet_lines]
return []
What are we doing wrong here?
Adding an extra domain to the list is not an option because a group higher up is allowed to see all the timesheet lines from all the users on that timesheet.