You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a record rule that does not allow editing a Purchase Order with a company other than the active one.
Create a Purchase Order with the company that the user has by default.
Mark all companies as available and select one as active other than the user.
Try to attach an attachment to the Purchase Order.
Current behavior:
The system allows adding or deleting attachments without correctly evaluating the record rule.
Expected behavior:
With the record rule active, the system should not allow an attachment to be added since the active company does not match the company of the Purchase Order.
The value obtained from self.env.company is not correct, since it is returning the user's default company and not the one that is visually active.
def company(self):
company_ids = self.context.get('allowed_company_ids', [])
if company_ids:
if not self.su:
user_company_ids = self.user._get_company_ids()
if set(company_ids) - set(user_company_ids):
raise AccessError(_("Access to unauthorized or invalid companies."))
return self['res.company'].browse(company_ids[0])
return self.user.company_id.with_env(self)
The value of allowed_company_ids is empty when it should not be.
Support ticket number submitted via odoo.com/help:
The text was updated successfully, but these errors were encountered:
Impacted versions:
15, 16, 17
Steps to reproduce:
Current behavior:
The system allows adding or deleting attachments without correctly evaluating the record rule.
Expected behavior:
With the record rule active, the system should not allow an attachment to be added since the active company does not match the company of the Purchase Order.
The value obtained from self.env.company is not correct, since it is returning the user's default company and not the one that is visually active.
The value of allowed_company_ids is empty when it should not be.
Support ticket number submitted via odoo.com/help:
The text was updated successfully, but these errors were encountered: