I am trying to limit access to projects and tasks only to assignees and their and managers (in hr), So i started with this rule (which looks complex to me, it is my first time):

['|',('user_id','=',user.id),('user_id.employee_ids.id','in', [ m.id for n in user.employee_ids for m in n.child_ids ])]

I got this message:

...NotImplementedError: Iteration is not allowed on browse_record(hr.employee, 12)

Where 12 -i guess- is the first 'child' of the logged-in manager, Am i constructing the rule definition in wrong way/logic?! or i am totally going in the wrong direction?!