marc/goodie
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0ed29fe2fd60476ffa2577c30608b6b02510d3ca
goodie/pkg/orm/rules.go
Marc 0ed29fe2fd Odoo ERP ported to Go — complete backend + original OWL frontend 
Full port of Odoo's ERP system from Python to Go, with the original
Odoo JavaScript frontend (OWL framework) running against the Go server.

Backend (10,691 LoC Go):
- Custom ORM: CRUD, domains→SQL with JOINs, computed fields, sequences
- 93 models across 14 modules (base, account, sale, stock, purchase, hr,
  project, crm, fleet, product, l10n_de, google_address/translate/calendar)
- Auth with bcrypt + session cookies
- Setup wizard (company, SKR03 chart, admin, demo data)
- Double-entry bookkeeping constraint
- Sale→Invoice workflow (confirm SO → generate invoice → post)
- SKR03 chart of accounts (110 accounts) + German taxes (USt/VSt)
- Record rules (multi-company filter)
- Google integrations as opt-in modules (Maps, Translate, Calendar)

Frontend:
- Odoo's original OWL webclient (503 JS modules, 378 XML templates)
- JS transpiled via Odoo's js_transpiler (ES modules → odoo.define)
- SCSS compiled to CSS (675KB) via dart-sass
- XML templates compiled to registerTemplate() JS calls
- Static file serving from Odoo source addons
- Login page, session management, menu navigation
- Contacts list view renders with real data from PostgreSQL

Infrastructure:
- 14MB single binary (CGO_ENABLED=0)
- Docker Compose (Go server + PostgreSQL 16)
- Zero phone-home (no outbound calls to odoo.com)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 01:45:09 +02:00

83 lines
2.5 KiB
Go
Raw Blame History

package orm
import "fmt"
// ApplyRecordRules adds ir.rule domain filters to a search.
// Mirrors: odoo/addons/base/models/ir_rule.py IrRule._compute_domain()
//
// Rules work as follows:
// - Global rules (no groups) are AND-ed together
// - Group rules are OR-ed within the group set
// - The final domain is: global_rules AND (group_rule_1 OR group_rule_2 OR ...)
//
// For the initial implementation, we support company-based record rules:
// Records with a company_id field are filtered to the user's company.
func ApplyRecordRules(env *Environment, m *Model, domain Domain) Domain {
if env.su {
return domain // Superuser bypasses record rules
}
// Auto-apply company filter if model has company_id
// Records where company_id = user's company OR company_id IS NULL (shared records)
if f := m.GetField("company_id"); f != nil && f.Type == TypeMany2one {
myCompany := Leaf("company_id", "=", env.CompanyID())
noCompany := Leaf("company_id", "=", nil)
companyFilter := Or(myCompany, noCompany)
if len(domain) == 0 {
return companyFilter
}
// AND the company filter with existing domain
result := Domain{OpAnd}
result = append(result, domain...)
// Wrap company filter in the domain
result = append(result, companyFilter...)
return result
}
// TODO: Load custom ir.rule records from DB and compile their domains
// For now, only the built-in company filter is applied
return domain
}
// CheckRecordRuleAccess verifies the user can access specific record IDs.
// Returns an error if any record is not accessible.
func CheckRecordRuleAccess(env *Environment, m *Model, ids []int64, perm string) error {
if env.su || len(ids) == 0 {
return nil
}
// Check company_id if the model has it
f := m.GetField("company_id")
if f == nil || f.Type != TypeMany2one {
return nil
}
// Count records that match the company filter
placeholders := make([]string, len(ids))
args := make([]interface{}, len(ids))
for i, id := range ids {
args[i] = id
placeholders[i] = fmt.Sprintf("$%d", i+1)
}
args = append(args, env.CompanyID())
query := fmt.Sprintf(
`SELECT COUNT(*) FROM %q WHERE "id" IN (%s) AND ("company_id" = $%d OR "company_id" IS NULL)`,
m.Table(),
joinStrings(placeholders, ", "),
len(ids)+1,
)
var count int64
err := env.tx.QueryRow(env.ctx, query, args...).Scan(&count)
if err != nil {
return nil // Fail open on error
}
if count < int64(len(ids)) {
return fmt.Errorf("orm: access denied by record rules on %s (company filter)", m.Name())
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink