simahawk
commented
10 months ago @lmignon as per #1493 here's a fix for access issue on the main model of the service. Could you have a look pls?
Open simahawk opened 10 months ago
simahawk
commented
10 months ago @lmignon as per #1493 here's a fix for access issue on the main model of the service. Could you have a look pls?
ATM You are forced to add a record rule for every single record involved in the call. Every. Including nested relations. Making that work might be very complicated, especially when those records have nothing to deal w/ partners, meaning that it would be hard to discriminate if the current partner should be allowed to see it.
For instance, the product.pricelist. This model has no default record rule, hence the /sales api is broken OOTB and unfortunately you cannot control the pricelist in the schema because is used down the stack to compute prices.
Of course this might be the best solution but at least it makes the api work OOTB.
In any case, for now this change is only temporary fix for me and a way to raise the problem. As I understand ppl might want to still rely fully on RR, probably we should make this configurable somehow. Maybe via config param? Not sure what's the best w/ the new implementation since there's no s.backend anymore.