From ebb4ea65db3254aadc3a5666174b47930b5496db Mon Sep 17 00:00:00 2001
From: Suherdy Yacob <suherdy.yacob@mapan.co.id>
Date: Thu, 12 Feb 2026 10:23:13 +0700
Subject: [PATCH] feat: Extend access restrictions for picking types and
 locations to include warehouse-based rules and remove redundant `_search`
 override.

---
 models/restricted_models.py | 18 +++++++++---------
 security/ir_rule.xml        |  4 ++--
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/models/restricted_models.py b/models/restricted_models.py
index 51fb8a3..13741a4 100644
--- a/models/restricted_models.py
+++ b/models/restricted_models.py
@@ -26,15 +26,15 @@ class StockWarehouse(models.Model):
 class StockPickingType(models.Model):
     _inherit = 'stock.picking.type'
 
-    @api.model
-    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
-        if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
-        if not self.env.su and not self.env.user.has_group('base.group_system'):
-            allowed_ids = get_allowed_ids(self.env, 'res_users_stock_picking_type_rel', 'picking_type_id', self.env.user.id)
-            if allowed_ids:
-                domain = Domain(domain or []) & Domain([('id', 'in', allowed_ids)])
-        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+    # @api.model
+    # def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
+    #     if self.env.context.get('bypass_user_restriction'):
+    #         return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+    #     if not self.env.su and not self.env.user.has_group('base.group_system'):
+    #         allowed_ids = get_allowed_ids(self.env, 'res_users_stock_picking_type_rel', 'picking_type_id', self.env.user.id)
+    #         if allowed_ids:
+    #             domain = Domain(domain or []) & Domain([('id', 'in', allowed_ids)])
+    #     return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
 
 
 
diff --git a/security/ir_rule.xml b/security/ir_rule.xml
index e0b4db7..44a08d9 100644
--- a/security/ir_rule.xml
+++ b/security/ir_rule.xml
@@ -28,7 +28,7 @@
             <field name="domain_force">
                 (
                 [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
-                [('id', 'in', user.allowed_picking_type_ids.ids)] if user.allowed_picking_type_ids else [(1, '=', 1)]
+                ['|', ('id', 'in', user.allowed_picking_type_ids.ids), ('warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids)] if (user.allowed_picking_type_ids or user.allowed_warehouse_ids or user.allowed_location_ids) else [(1, '=', 1)]
                 )
             </field>
         </record>
@@ -41,7 +41,7 @@
             <field name="domain_force">
                 (
                 [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
-                ['|', '|', ('id', 'in', user.allowed_location_ids.ids), ('id', 'child_of', user.allowed_location_ids.ids), ('id', 'parent_of', user.allowed_location_ids.ids)] if user.allowed_location_ids else [(1, '=', 1)]
+                ['|', '|', '|', ('id', 'in', user.allowed_location_ids.ids), ('id', 'child_of', user.allowed_location_ids.ids), ('id', 'parent_of', user.allowed_location_ids.ids), ('warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids)] if (user.allowed_location_ids or user.allowed_warehouse_ids) else [(1, '=', 1)]
                 )
             </field>
         </record>