AuditLog rule on product.template not compatible with multi company rule

[NL66278]

Module auditlog

When having product templates with customer taxes in a multi company setting, and there is an audit rule on product.template, the user will no longer be able to open the product form, the user will get a messsage that he is not allowed to read some tax because of: This restriction is due to the following rules:

• Tax multi-company

The user set to look at company A will get an error for taxes for company B and vice versa.

Apparently the audit rule influences how the field taxes_id (the same also goes for the Vendor Taxes by the way) is read. Without audit log rule, or the rule unsubscribed, taxes_id only contains the tax the user can see due to the Tax multi-company rule. WIth the rule enabled, taxes_id contains all taxes defined for the product. DESPITE THE RULE ONLY BEING FOR WRITE, CREATE AND UNLINK. So somehow, I was not able to see in the code why, the auditlog rule influences the reading of values for product.template, even without logging reads.

To Reproduce

I noted this on Odoo 15.0. AuditLog is at 15.0.1.1.0

Steps to reproduce the behavior:

1. Have multiple companies, and product, account and auditlog installed
2. Add taxes for company A to a product, switch company and add taxes for company B
3. Create an audit rule for product.template, with write, create and unlink logging. Not needed to activate read logging.
4. Try to open the product.template form.

Expected behavior The form should just open and only show the taxes for the active company.

I added a traceback to the generation of the error and a pdb line to product template model to see what was going on. Last part of traceback pasted below. Diff to odoo for traceback and pdb attached.

Traceback:

[traceback.txt](https://github.com/OCA/server-tools/files/10755005/traceback.txt)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/api.py", line 451, in _call_kw_multi
    result = method(recs, *args, **kwargs)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/models.py", line 3227, in read
    return self._read_format(fnames=fields, load=load)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/models.py", line 3247, in _read_format
    vals[name] = convert(record[name], record, use_name_get)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/models.py", line 5888, in __getitem__
    return self._fields[key].__get__(self, type(self))
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/fields.py", line 1108, in __get__
    self.compute_value(record)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/fields.py", line 1265, in compute_value
    records._compute_field_value(self)
  File "/home/openeyedev/projecten/callista/auto/addons/mail/models/mail_thread.py", line 411, in _compute_field_value
    return super()._compute_field_value(field)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/models.py", line 4255, in _compute_field_value
    getattr(self, field.compute)()
  File "/home/openeyedev/projecten/callista/auto/addons/account/models/product.py", line 66, in _compute_tax_string
    record.tax_string = record._construct_tax_string(record.list_price)
  File "/home/openeyedev/projecten/callista/auto/addons/account/models/product.py", line 72, in _construct_tax_string
    res = self.taxes_id.compute_all(price, product=self, partner=self.env['res.partner'])
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/fields.py", line 2603, in __get__
    return super().__get__(records, owner)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/fields.py", line 1150, in __get__
    return self.convert_to_record(value, record)

  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/fields.py", line 3200, in convert_to_record
    corecords = corecords.filtered(Comodel._active_name).with_prefetch(prefetch_ids)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/models.py", line 5488, in filtered
    self.mapped(name)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/models.py", line 5450, in mapped
    recs = recs._fields[name].mapped(recs)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/fields.py", line 1176, in mapped
    self.__get__(first(remaining), type(remaining))
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/fields.py", line 1085, in __get__
    record._fetch_field(self)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/models.py", line 3276, in _fetch_field
    self._read(fnames)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/models.py", line 3387, in _read
    raise self.env['ir.rule']._make_access_error('read', forbidden)
  File "/home/openeyedev/projecten/callista/custom/src/odoo/odoo/addons/base/models/ir_rule.py", line 276, in _make_access_error
    traceback.print_stack()
2023-02-16 09:57:28,506 583676 WARNING odocaldem15 odoo.http: Due to security restrictions, you are not allowed to access 'Tax' (account.tax) records.

Records: 21% (id=3)
User: Mitchell Admin (id=2)

This restriction is due to the following rules:
- Tax multi-company

Note: this might be a multi-company issue.

Contact your administrator to request access if necessary. 

(For some reason could not attach traceback. patch, had to rename it to traceback.txt)

[NL66278]

traceback.txt

[andreschenkels]

@NL66278 Ron did you find any solution for this issue?

[NL66278]

@andreschenkels I did not. At the moment unfortunately very limited in time. Is it urgent for you?

[andreschenkels]

It's needed for a project going live at the start of 2025. So there is time. I also see a bug regarding Auditlog with Creditnote creation. Could be something similar.