[REVIEW] dms: method-based record ACL (mail.message pattern) vs sentinel ir.rules#27
Open
dnplkndll wants to merge 3 commits into
Open
[REVIEW] dms: method-based record ACL (mail.message pattern) vs sentinel ir.rules#27dnplkndll wants to merge 3 commits into
dnplkndll wants to merge 3 commits into
Conversation
…nel ir.rules
Replace the computed-permission ir.rule sentinel (8 rules with
domain_force=[('permission_<op>','=',user.id)]) with method-based access,
mirroring core mail.message: override _search (AND in the access-group /
inheritance read domain) and _check_access (subtract forbidden records via
the same SQL domain). create/write/unlink are then enforced by core through
check_access, so their overrides + _check_access_dms_record + the
_filtered_access/filtered_domain workarounds are removed.
The sentinel pattern is unused in core 19.0 and broke because the Domain
engine coerces the user.id sentinel to the Boolean field's type before the
search method runs. The permission_<op> fields keep compute+search (still
used by directory_id's domain) but the search method no longer needs the
sentinel-decode HACK. Net -99 lines.
dnplkndll
force-pushed
the
19.0-mig-dms-reorder
branch
3 times, most recently
from
b628ef8 to
171bd86
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Option B from the access-design review — the cleanest, standards-matching answer to victoralmau's question on OCA#475 about the new
_searchoverride.Diff = the full refactor vs the current override version (net −99 lines: 66 ins / 165 del).
What the Odoo 19 source shows (why B)
search=+ir.rulesentinel (domain_force=[('permission_<op>','=',user.id)]) appears nowhere in core 19.0 (all 77 coreuser.idrules target real stored columns).Domainoptimizer coerces theuser.idsentinel to the Boolean field's type before thesearch=method runs (domains.py:1453-1470) — the uid is gone (value=[True]), so the rule stops filtering.mail.message) does dynamic, relation-table-driven, per-user visibility via_search+_check_accessoverrides with SQL subqueries — no ir.rule, no sentinel (mail_message.py:317,453).This PR
_search→ AND inOR(access_groups, inheritance)read domain._check_access→ subtract DMS-forbidden records via_get_forbidden_dms_access(SQL search; the domain carries a subquery so it can't go throughfiltered_domain). create/write/unlink are enforced by core viacheck_access._get_permission_domainsentinel-decode HACK;filtered_domain,_filtered_access/_filtered_access_no_recursion,_check_access_dms_record, and thewrite/unlinkoverrides.permission_<op>computed fields +search=(still used bydirectory_id's domain) — but the search method is now a plain access-domain builder, no sentinel.Proof (dev-runner 19.0, fresh DB, --without-demo=all)
Comparison artifact for OCA#475 — not auto-applied upstream.