def _get_permission_domain(self, operator, value, operation):
"""Abstract logic for searching computed permission fields."""
_self = self
# HACK While computing ir.rule domain, you're always superuser, so if
# you're superuser but `value` is an `int`, we can assume safely that
# you're checking permissions for another user (see the corresponding
# rules in `security.xml`)
# TODO Remove hack in v13, where sudo() and with_user() differ?
if self.env.uid == SUPERUSER_ID and isinstance(value, int):
_self = self.sudo(value)
value = bool(value)
# Tricky one, to know if you want to search
# positive or negative access
positive = (operator not in NEGATIVE_TERM_OPERATORS) == bool(value)
if _self.env.uid == SUPERUSER_ID:
return TRUE_DOMAIN if positive else FALSE_DOMAIN
# Obtain and combine domains
result = OR([
_self._get_domain_by_access_groups(operation),
_self._get_domain_by_inheritance(operation),
])
if not positive:
result.insert(0, "!")
return result
def _get_permission_domain(self, operator, value, operation):
"""Abstract logic for searching computed permission fields."""
_self = self
# HACK ir.rule domain is always computed with sudo, so if this check is
# true, we can assume safely that you're checking permissions
if self.env.su and value == self.env.uid:
_self = self.sudo(False)
value = bool(value)
# Tricky one, to know if you want to search
# positive or negative access
positive = (operator not in NEGATIVE_TERM_OPERATORS) == bool(value)
if _self.env.su:
# You're SUPERUSER_ID
return TRUE_DOMAIN if positive else FALSE_DOMAIN
# Obtain and combine domains
result = OR(
[
_self._get_domain_by_access_groups(operation),
_self._get_domain_by_inheritance(operation),
]
)
if not positive:
result.insert(0, "!")
return result