def _get_permission_domain(self, operator, value, operation): """Abstract logic for searching computed permission fields.""" _self = self # HACK While computing ir.rule domain, you're always superuser, so if # you're superuser but `value` is an `int`, we can assume safely that # you're checking permissions for another user (see the corresponding # rules in `security.xml`) # TODO Remove hack in v13, where sudo() and with_user() differ? if self.env.uid == SUPERUSER_ID and isinstance(value, int): _self = self.sudo(value) value = bool(value) # Tricky one, to know if you want to search # positive or negative access positive = (operator not in NEGATIVE_TERM_OPERATORS) == bool(value) if _self.env.uid == SUPERUSER_ID: return TRUE_DOMAIN if positive else FALSE_DOMAIN # Obtain and combine domains result = OR([ _self._get_domain_by_access_groups(operation), _self._get_domain_by_inheritance(operation), ]) if not positive: result.insert(0, "!") return result
def _get_permission_domain(self, operator, value, operation): """Abstract logic for searching computed permission fields.""" _self = self # HACK ir.rule domain is always computed with sudo, so if this check is # true, we can assume safely that you're checking permissions if self.env.su and value == self.env.uid: _self = self.sudo(False) value = bool(value) # Tricky one, to know if you want to search # positive or negative access positive = (operator not in NEGATIVE_TERM_OPERATORS) == bool(value) if _self.env.su: # You're SUPERUSER_ID return TRUE_DOMAIN if positive else FALSE_DOMAIN # Obtain and combine domains result = OR( [ _self._get_domain_by_access_groups(operation), _self._get_domain_by_inheritance(operation), ] ) if not positive: result.insert(0, "!") return result