74 lines
3.5 KiB
Python
74 lines
3.5 KiB
Python
import logging
|
|
from odoo import models, api
|
|
from odoo.osv import expression
|
|
|
|
_logger = logging.getLogger(__name__)
|
|
|
|
def get_allowed_ids(env, field_name, table_name, user_id):
|
|
# Use SQL to avoid ORM recursion or self-filtering issues
|
|
query = f"SELECT {field_name.replace('_ids', '')}_id FROM {table_name} WHERE user_id = %s"
|
|
env.cr.execute(query, (user_id,))
|
|
return [r[0] for r in env.cr.fetchall()]
|
|
|
|
class StockWarehouse(models.Model):
|
|
_inherit = 'stock.warehouse'
|
|
|
|
@api.model
|
|
def _search(self, domain, offset=0, limit=None, order=None):
|
|
if not self.env.su and not self.env.user.has_group('base.group_system'):
|
|
allowed_ids = get_allowed_ids(self.env, 'warehouse_ids', 'res_users_stock_warehouse_rel', self.env.user.id)
|
|
domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
|
|
return super()._search(domain, offset=offset, limit=limit, order=order)
|
|
|
|
class StockPickingType(models.Model):
|
|
_inherit = 'stock.picking.type'
|
|
|
|
@api.model
|
|
def _search(self, domain, offset=0, limit=None, order=None):
|
|
if not self.env.su and not self.env.user.has_group('base.group_system'):
|
|
allowed_ids = get_allowed_ids(self.env, 'picking_type_ids', 'res_users_stock_picking_type_rel', self.env.user.id)
|
|
domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
|
|
return super()._search(domain, offset=offset, limit=limit, order=order)
|
|
|
|
class StockLocation(models.Model):
|
|
_inherit = 'stock.location'
|
|
|
|
@api.model
|
|
def _search(self, domain, offset=0, limit=None, order=None):
|
|
if not self.env.su and not self.env.user.has_group('base.group_system'):
|
|
allowed_ids = get_allowed_ids(self.env, 'location_ids', 'res_users_stock_location_rel', self.env.user.id)
|
|
|
|
# Robust filtering for Locations
|
|
# We allow:
|
|
# 1. Any record that is a 'parent_of' an allowed ID (to compute path names like WH/Stock)
|
|
# 2. Any record that is a 'child_of' an allowed ID (to allow access to bins within allowed locations)
|
|
# 3. Non-internal locations (Virtual/Partner) for system movements and reporting
|
|
restrict_domain = [
|
|
'|', '|',
|
|
('id', 'parent_of', allowed_ids),
|
|
('id', 'child_of', allowed_ids),
|
|
('usage', 'not in', ['internal', 'transit'])
|
|
]
|
|
domain = expression.AND([domain or [], restrict_domain])
|
|
return super()._search(domain, offset=offset, limit=limit, order=order)
|
|
|
|
class MrpWorkcenter(models.Model):
|
|
_inherit = 'mrp.workcenter'
|
|
|
|
@api.model
|
|
def _search(self, domain, offset=0, limit=None, order=None):
|
|
if not self.env.su and not self.env.user.has_group('base.group_system'):
|
|
allowed_ids = get_allowed_ids(self.env, 'workcenter_ids', 'res_users_mrp_workcenter_rel', self.env.user.id)
|
|
domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
|
|
return super()._search(domain, offset=offset, limit=limit, order=order)
|
|
|
|
class ApprovalCategory(models.Model):
|
|
_inherit = 'approval.category'
|
|
|
|
@api.model
|
|
def _search(self, domain, offset=0, limit=None, order=None):
|
|
if not self.env.su and not self.env.user.has_group('base.group_system'):
|
|
allowed_ids = get_allowed_ids(self.env, 'approval_category_ids', 'res_users_approval_category_rel', self.env.user.id)
|
|
domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
|
|
return super()._search(domain, offset=offset, limit=limit, order=order)
|