Code review comment for lp:~openerp-dev/openobject-server/6.0-opw-10420-ira

@Ila: I think you misunsderstood Leonardo's use case, no code change
should be necessary, if I understand correctly his explanation.

On 07/11/2011 10:42 AM, Leonardo Pistone - Agile BG - Domsense wrote:
> don't know if that's the right place to comment as it's merged
> already... anyway, that broke a customer of mine.

Hello Leonardo,

It's a sensible place to discuss it, yes :-)

> That is the scenario: there are companies A and B, with no
> parent-child relationship, and all rules are set so that everyone can
> see data for the current company only.
>
> Some users can switch companies, and to be able to do that they have
> both A and B in their res.user company_ids.
>
> every company has their own sequences, so when for example I make a
> new sale order, that should be from the current company, as it was
> before that merge.

This sounds like a valid use case, that is supported by our current
implementation. Supporting this kind of setup is in fact the reason
for my first comment on this merge prop: I asked *not* to hardcode the
rule about parent-child companies in the code, but to rely on the rules
defined by the administrator.

So if you make sure that the rules of your database only permit seeing
the sequences of the current user company, you should get the result you
expect, because the search() at l.9 of the diff will only return the
current company sequence.
You're saying that all your rules only allow seeing current company
data, just make sure it's the same for ir.sequence too.
BTW, don't test this with the admin (ID=1) account, because it bypasses
all security rules, and should never be used for business flows! (we
should find a way to make this obvious to everyone, I think many are
using admin for everyday transactions)

Hope this helps..