Why isn't this rule working as expected?

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Accounting
Inventory
PoS
Project management
MRP

Take the tour

Posts People Badges

Tags View all

odoo accounting v7 pos invoice

About this forum

Help

Why isn't this rule working as expected?

3128 Views

security xml rules odoo-8

Juan Formoso

MY PURPOSE

I'm trying to use security rules to achieve the following purpose:

I need to add in users model a field which will set which warehouses each user can modify. This is because I want to hide the stock moves you aren't allowed to see (stock moves of other warehouses).

WHAT I DID

I've created a Many2many field named allowed_warehouses in res.users model. From here, the administrator can select which warehouses can be used by each user.

Then, I took advantage of the existing fields of Odoo, stock.move model has a Many2one field named picking_type_id, pointing to stock.picking.type model. And stock.picking.typemodel has a Many2one field named warehouse_id, pointing to stock.warehouse.

So the rule was easy in theory:

<record model="ir.rule" id="poc_stock_move_allowed_warehouses">
    <field name="name">stock.move: interaction only allowed if warehouse matches</field>
    <field name="model_id" ref="stock.model_stock_move"/>
    <field name="domain_force">[('picking_type_id.warehouse_id', 'in', user.allowed_warehouses.mapped('id'))]</field>
    <field name="perm_read" eval="True"/>
    <field name="perm_write" eval="True"/>
    <field name="perm_create" eval="True"/>
    <field name="perm_unlink" eval="True"/>
</record>

With this rule, I expected users to see only the stock moves of their allowed warehouses.

THE RESULT

Everything was working almost OK, and I say almost because some weird things are breaking down all the development. For example, I'm allowed to use all the warehouses, and I create a new picking with one stock move, this move has the Product A. I save, and everything goes fine. But if I do exactly the same but choosing Product B instead, I got an access error just after clicking on Save button, so I can't see the moves of that picking anymore. It seems that the move is forbidden for me (despite I should be seeing it), but not! If I go to look for this move in other view (for example in the Traceability > Stock Moves menu), I can see the move in the tree view, and open its form view with no errors! And if I modify the move in PostgreSQL and replace Product B with Product A, I can see the move from the picking view... Of course, if I remove my rule and restart the service, I can see the move in the picking view it doesn't matter if the product is A or B.

MY CONCLUSION

There must be some field in Product B which is shooting my rule, but I can't understand that because my rule is not affected by product fields, and if it was, why can I see the move in some views and not in other ones?

Please, can anyone help me with at least an idea, I'm running out of them!

This question has been flagged