From c0a58c167d376ba952f96ba1c08833db30ea64a6 Mon Sep 17 00:00:00 2001 From: Suherdy Yacob Date: Tue, 10 Mar 2026 09:08:49 +0700 Subject: [PATCH] fix: Access user restriction fields with superuser privileges in ir.rule domains. --- security/ir_rule.xml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/security/ir_rule.xml b/security/ir_rule.xml index c98f70c..d0ce1be 100644 --- a/security/ir_rule.xml +++ b/security/ir_rule.xml @@ -15,7 +15,7 @@ ( [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else - [('id', 'in', user.allowed_warehouse_ids.ids)] if user.allowed_warehouse_ids else [(1, '=', 1)] + [('id', 'in', user.sudo().allowed_warehouse_ids.ids)] if user.sudo().allowed_warehouse_ids else [(1, '=', 1)] ) @@ -28,7 +28,7 @@ ( [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else - ['|', ('id', 'in', user.allowed_picking_type_ids.ids), ('warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids)] if (user.allowed_picking_type_ids or user.allowed_warehouse_ids or user.allowed_location_ids) else [(1, '=', 1)] + ['|', ('id', 'in', user.sudo().allowed_picking_type_ids.ids), ('warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_picking_type_ids or user.sudo().allowed_warehouse_ids or user.sudo().allowed_location_ids) else [(1, '=', 1)] ) @@ -41,7 +41,7 @@ ( [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else - ['|', ('usage', '!=', 'internal'), '|', '|', '|', ('id', 'in', user.allowed_location_ids.ids or [0]), ('id', 'child_of', user.allowed_location_ids.ids or [0]), ('id', 'parent_of', user.allowed_location_ids.ids or [0]), ('warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids)] if (user.allowed_location_ids or user.allowed_warehouse_ids) else [(1, '=', 1)] + ['|', ('usage', '!=', 'internal'), '|', '|', '|', ('id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('id', 'parent_of', user.sudo().allowed_location_ids.ids or [0]), ('warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)] ) @@ -54,7 +54,7 @@ ( [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else - ['|', '|', ('location_id', 'in', user.allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids)] if (user.allowed_location_ids or user.allowed_warehouse_ids) else [(1, '=', 1)] + ['|', '|', ('location_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)] ) @@ -67,8 +67,8 @@ ( [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else - ['|', '|', '|', ('location_id', 'in', user.allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids), - '|', '|', ('location_dest_id', 'in', user.allowed_location_ids.ids or [0]), ('location_dest_id', 'child_of', user.allowed_location_ids.ids or [0]), ('location_dest_id.warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids)] if (user.allowed_location_ids or user.allowed_warehouse_ids) else [(1, '=', 1)] + ['|', '|', '|', ('location_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids), + '|', '|', ('location_dest_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)] ) @@ -81,8 +81,8 @@ ( [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else - ['|', '|', '|', ('location_id', 'in', user.allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids), - '|', '|', ('location_dest_id', 'in', user.allowed_location_ids.ids or [0]), ('location_dest_id', 'child_of', user.allowed_location_ids.ids or [0]), ('location_dest_id.warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids)] if (user.allowed_location_ids or user.allowed_warehouse_ids) else [(1, '=', 1)] + ['|', '|', '|', ('location_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids), + '|', '|', ('location_dest_id', 'in', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id', 'child_of', user.sudo().allowed_location_ids.ids or [0]), ('location_dest_id.warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_location_ids or user.sudo().allowed_warehouse_ids) else [(1, '=', 1)] ) @@ -95,7 +95,7 @@ ( [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else - [('id', 'in', user.allowed_workcenter_ids.ids)] if user.allowed_workcenter_ids else [(1, '=', 1)] + [('id', 'in', user.sudo().allowed_workcenter_ids.ids)] if user.sudo().allowed_workcenter_ids else [(1, '=', 1)] ) @@ -108,7 +108,7 @@ ( [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else - [('id', 'in', user.allowed_approval_category_ids.ids)] if user.allowed_approval_category_ids else [(1, '=', 1)] + [('id', 'in', user.sudo().allowed_approval_category_ids.ids)] if user.sudo().allowed_approval_category_ids else [(1, '=', 1)] ) @@ -121,7 +121,7 @@ ( [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else - [('warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids)] if (user.allowed_warehouse_ids or user.allowed_location_ids) else [(1, '=', 1)] + [('warehouse_id', 'in', (user.sudo().allowed_warehouse_ids + user.sudo().allowed_location_ids.warehouse_id).ids)] if (user.sudo().allowed_warehouse_ids or user.sudo().allowed_location_ids) else [(1, '=', 1)] )