d15d9e4303
When admin (gsingh, uid=2) opened a repair on the dashboard:
"Sorry, Gurpreet Singh (id=2) doesn't have 'read' access to:
- Repair Order, RO-202605-04 (repair.order: 34)
Blame the following rules:
- Repair Order: Technician sees own repairs"
Root cause: per-group record rules in Odoo are OR'd within the same
model. Admin had been added directly to fusion_tasks.group_field_technician
in this database (verified via res_groups_users_rel - direct=1), so the
technician's restrictive rule ('only repairs you are assigned to') kicked
in. Until now there was no per-group rule for the Repairs Office groups
to OR against, so the restrictive rule won by default.
Fix - added two pairs of permissive rules:
rule_repair_order_repairs_user_full - User can read/write/create
rule_repair_order_repairs_manager_unlink - Manager also can delete
rule_technician_task_repairs_office - User can read/write/create tasks
rule_technician_task_repairs_manager_unlink - Manager also can delete tasks
Both have domain_force=[(1,'=',1)] so they grant unrestricted access for
the Repairs groups. OR'd with the field_technician rule, admin and other
office users now see everything. Field technicians who do NOT have any
Repairs group still see only their assigned repairs (rule unchanged).
Also added the matching ir.model.access.csv entries - record rules don't
fire if the user has no model-level ACL. This is the second fix
('office users can schedule') from the same complaint - Repairs User now
has read/write/create on fusion.technician.task; Repairs Manager also
gets unlink.
Verified end-to-end on westin-v19:
Admin can see 17 repairs (was 0 before fix)
Admin can read RO-202605-04 -> 'Gurpreet Singh' (the exact failing record)
Admin can create fusion.technician.task -> permission check passes
(model's own time-overlap business validation correctly rejects an
overlap, but that is a value error not a permission error)
Bumped to 19.0.1.0.7.
Co-authored-by: Cursor <cursoragent@cursor.com>
3.3 KiB
3.3 KiB
| 1 | id | name | model_id:id | group_id:id | perm_read | perm_write | perm_create | perm_unlink |
|---|---|---|---|---|---|---|---|---|
| 2 | access_repair_product_category_user | Repair Category User Read | model_fusion_repair_product_category | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 3 | access_repair_product_category_manager | Repair Category Manager Full | model_fusion_repair_product_category | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 4 | access_repair_intake_template_user | Intake Template User Read | model_fusion_repair_intake_template | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 5 | access_repair_intake_template_manager | Intake Template Manager Full | model_fusion_repair_intake_template | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 6 | access_repair_intake_question_user | Intake Question User Read | model_fusion_repair_intake_question | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 7 | access_repair_intake_question_manager | Intake Question Manager Full | model_fusion_repair_intake_question | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 8 | access_repair_intake_answer_user | Intake Answer User Full | model_fusion_repair_intake_answer | group_fusion_repairs_user | 1 | 1 | 1 | 0 |
| 9 | access_repair_intake_answer_manager | Intake Answer Manager Full | model_fusion_repair_intake_answer | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 10 | access_repair_intake_answer_tech_portal | Intake Answer Technician Read | model_fusion_repair_intake_answer | fusion_tasks.group_field_technician | 1 | 0 | 0 | 0 |
| 11 | access_repair_intake_wizard_user | Intake Wizard User Full | model_fusion_repair_intake_wizard | group_fusion_repairs_user | 1 | 1 | 1 | 1 |
| 12 | access_repair_intake_wizard_equipment_user | Intake Wizard Equipment User Full | model_fusion_repair_intake_wizard_equipment | group_fusion_repairs_user | 1 | 1 | 1 | 1 |
| 13 | access_repair_service_catalog_user | Catalogue User Read | model_fusion_repair_service_catalog | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 14 | access_repair_service_catalog_manager | Catalogue Manager Full | model_fusion_repair_service_catalog | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 15 | access_repair_warranty_user | Warranty User Read | model_fusion_repair_warranty_coverage | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 16 | access_repair_warranty_manager | Warranty Manager Full | model_fusion_repair_warranty_coverage | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 17 | access_repair_visit_report_wizard_user | Visit Report Wizard User | model_fusion_repair_visit_report_wizard | group_fusion_repairs_user | 1 | 1 | 1 | 1 |
| 18 | access_repair_visit_report_wizard_line_user | Visit Report Line User | model_fusion_repair_visit_report_wizard_line | group_fusion_repairs_user | 1 | 1 | 1 | 1 |
| 19 | access_repair_maintenance_user | Maintenance Contract User Read | model_fusion_repair_maintenance_contract | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 20 | access_repair_maintenance_dispatcher | Maintenance Contract Dispatcher | model_fusion_repair_maintenance_contract | group_fusion_repairs_dispatcher | 1 | 1 | 1 | 0 |
| 21 | access_repair_maintenance_manager | Maintenance Contract Manager Full | model_fusion_repair_maintenance_contract | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 22 | access_repair_order_repairs_user | Repair Order Repairs User Read/Write | repair.model_repair_order | group_fusion_repairs_user | 1 | 1 | 1 | 0 |
| 23 | access_repair_order_repairs_manager | Repair Order Repairs Manager Full | repair.model_repair_order | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 24 | access_technician_task_repairs_user | Technician Task Repairs User Schedule | fusion_tasks.model_fusion_technician_task | group_fusion_repairs_user | 1 | 1 | 1 | 0 |
| 25 | access_technician_task_repairs_manager | Technician Task Repairs Manager Full | fusion_tasks.model_fusion_technician_task | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |