Bring odoo-go to ~70%: read_group, record rules, admin, sessions

Phase 1: read_group/web_read_group with SQL GROUP BY, aggregates
  (sum/avg/min/max/count/array_agg/sum_currency), date granularity,
  M2O groupby resolution to [id, display_name].

Phase 2: Record rules with domain_force parsing (Python literal parser),
  global AND + group OR merging. Domain operators: child_of, parent_of,
  any, not any compiled to SQL hierarchy/EXISTS queries.

Phase 3: Button dispatch via /web/dataset/call_button, method return
  values interpreted as actions. Payment register wizard
  (account.payment.register) for sale→invoice→pay flow.

Phase 4: ir.filters, ir.default, product fields expanded, SO line
  product_id onchange, ir_model+ir_model_fields DB seeding.

Phase 5: CSV export (/web/export/csv), attachment upload/download
  via ir.attachment, fields_get with aggregator hints.

Admin/System: Session persistence (PostgreSQL-backed), ir.config_parameter
  with get_param/set_param, ir.cron, ir.logging, res.lang, res.config.settings
  with company-related fields, Settings form view. Technical menu with
  Views/Actions/Parameters/Security/Logging sub-menus. User change_password,
  preferences. Password never exposed in UI/API.

Bugfixes: false→nil for varchar/int fields, int32 in toInt64, call_button
  route with trailing slash, create_invoices returns action, search view
  always included, get_formview_action, name_create, ir.http stub.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Marc
2026-04-02 19:26:08 +02:00
parent 06e49c878a
commit b57176de2f
29 changed files with 3243 additions and 111 deletions

View File

@@ -10,12 +10,12 @@ import (
//
// Rules work as follows:
// - Global rules (no groups) are AND-ed together
// - Group rules are OR-ed within the group set
// - The final domain is: global_rules AND (group_rule_1 OR group_rule_2 OR ...)
// - Group rules (user belongs to one of the rule's groups) are OR-ed together
// - The final domain is: original AND global_rules AND (group_rule_1 OR group_rule_2 OR ...)
//
// Implementation:
// 1. Built-in company filter (for models with company_id)
// 2. Custom ir.rule records loaded from the database
// 2. Custom ir.rule records loaded from the database, domain_force parsed
func ApplyRecordRules(env *Environment, m *Model, domain Domain) Domain {
if env.su {
return domain // Superuser bypasses record rules
@@ -38,59 +38,143 @@ func ApplyRecordRules(env *Environment, m *Model, domain Domain) Domain {
}
}
// 2. Load custom ir.rule records from DB
// Mirrors: odoo/addons/base/models/ir_rule.py IrRule._compute_domain()
// 2. Load ir.rule records from DB
// Mirrors: odoo/addons/base/models/ir_rule.py IrRule._get_rules() + _compute_domain()
//
// Query rules that apply to this model for the current user:
// - Rule must be active and have perm_read = true
// - Either the rule has no group restriction (global rule),
// or the user belongs to one of the rule's groups.
// Use a savepoint so that a failed query (e.g., missing junction table)
// doesn't abort the parent transaction.
// - Either the rule is global (no groups assigned),
// or the user belongs to one of the rule's groups via rule_group_rel.
// Use a savepoint so that a failed query (e.g., missing table) doesn't abort the parent tx.
sp, spErr := env.tx.Begin(env.ctx)
if spErr != nil {
return domain
}
rows, err := sp.Query(env.ctx,
`SELECT r.id, r.domain_force, COALESCE(r.global, false)
`SELECT r.id, r.domain_force, COALESCE(r."global", false) AS is_global
FROM ir_rule r
JOIN ir_model m ON m.id = r.model_id
WHERE m.model = $1 AND r.active = true
AND r.perm_read = true`,
m.Name())
WHERE m.model = $1
AND r.active = true
AND r.perm_read = true
AND (
r."global" = true
OR r.id IN (
SELECT rg.rule_group_id
FROM rule_group_rel rg
JOIN res_groups_users_rel gu ON gu.gid = rg.group_id
WHERE gu.uid = $2
)
)
ORDER BY r.id`,
m.Name(), env.UID())
if err != nil {
sp.Rollback(env.ctx)
return domain
}
defer func() {
rows.Close()
sp.Commit(env.ctx)
}()
// Collect domain_force strings from matching rules
// TODO: parse domain_force strings into Domain objects and merge them
ruleCount := 0
type ruleRow struct {
id int64
domainForce *string
global bool
}
var rules []ruleRow
for rows.Next() {
var ruleID int64
var domainForce *string
var global bool
if err := rows.Scan(&ruleID, &domainForce, &global); err != nil {
var r ruleRow
if err := rows.Scan(&r.id, &r.domainForce, &r.global); err != nil {
continue
}
ruleCount++
// TODO: parse domainForce (Python-style domain string) into Domain
// and AND global rules / OR group rules into the result domain.
// For now, rules are loaded but domain parsing is deferred.
_ = domainForce
_ = global
rules = append(rules, r)
}
if ruleCount > 0 {
log.Printf("orm: loaded %d ir.rule record(s) for %s (domain parsing pending)", ruleCount, m.Name())
rows.Close()
if err := sp.Commit(env.ctx); err != nil {
// Non-fatal: rules already read
_ = err
}
if len(rules) == 0 {
return domain
}
// Parse domain_force strings and split into global vs. group rules.
// Mirrors: odoo/addons/base/models/ir_rule.py IrRule._compute_domain()
// global rules → AND together
// group rules → OR together
// final = original AND all_global AND (group_1 OR group_2 OR ...)
var globalDomains []DomainNode
var groupDomains []DomainNode
parseErrors := 0
for _, r := range rules {
if r.domainForce == nil || *r.domainForce == "" || *r.domainForce == "[]" {
// Empty domain_force = match everything, skip
continue
}
parsed, err := ParseDomainString(*r.domainForce, env)
if err != nil {
parseErrors++
log.Printf("orm: failed to parse domain_force for ir.rule %d: %v (raw: %s)", r.id, err, *r.domainForce)
continue
}
if len(parsed) == 0 {
continue
}
if r.global {
// Global rule: wrap as a single node for AND-ing
globalDomains = append(globalDomains, domainAsNode(parsed))
} else {
// Group rule: wrap as a single node for OR-ing
groupDomains = append(groupDomains, domainAsNode(parsed))
}
}
if parseErrors > 0 {
log.Printf("orm: %d ir.rule domain_force parse error(s) for %s", parseErrors, m.Name())
}
// Merge group domains with OR
if len(groupDomains) > 0 {
orDomain := Or(groupDomains...)
globalDomains = append(globalDomains, domainAsNode(orDomain))
}
// AND all rule domains into the original domain
if len(globalDomains) > 0 {
ruleDomain := And(globalDomains...)
if len(domain) == 0 {
domain = ruleDomain
} else {
result := Domain{OpAnd}
result = append(result, domain...)
result = append(result, ruleDomain...)
domain = result
}
}
return domain
}
// domainAsNode wraps a Domain (which is a []DomainNode) into a single DomainNode
// so it can be used as an operand for And() / Or().
// If the domain has a single node, return it directly.
// If multiple nodes, wrap in a domainGroup.
func domainAsNode(d Domain) DomainNode {
if len(d) == 1 {
return d[0]
}
return domainGroup(d)
}
// domainGroup wraps a Domain as a single DomainNode for use in And()/Or() combinations.
// When compiled, it produces the same SQL as the contained domain.
type domainGroup Domain
func (dg domainGroup) isDomainNode() {}
// CheckRecordRuleAccess verifies the user can access specific record IDs.
// Returns an error if any record is not accessible.
func CheckRecordRuleAccess(env *Environment, m *Model, ids []int64, perm string) error {