From ae1653e63ccc04702058bdaf9c0ebe681e1eb108 Mon Sep 17 00:00:00 2001
From: Fabien Pinckaers <fp@tinyerp.com>
Date: Tue, 12 Oct 2010 09:08:57 +0200
Subject: [PATCH] [fix] multi-company visibility

bzr revid: fp@tinyerp.com-20101012070857-9ix6fu732ml1o3rt
---
 bin/addons/base/res/res_security.xml | 4 ++--
 bin/addons/base/res/res_user.py      | 8 +++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/bin/addons/base/res/res_security.xml b/bin/addons/base/res/res_security.xml
index f2ff90a804a..ea7b541b9a1 100644
--- a/bin/addons/base/res/res_security.xml
+++ b/bin/addons/base/res/res_security.xml
@@ -17,7 +17,7 @@
         <field name="name">company rule</field>
         <field model="ir.model" name="model_id" ref="model_res_company"/>
         <field eval="True" name="global"/>
-        <field name="domain_force">['|',('user_ids','=',user.id),('parent_id','=',user.company_id.id)]</field>
+        <field name="domain_force">['|', ('child_ids', 'child_of', [company_id]), ('parent_id', 'child_of', [company_id])]</field>
     </record>
 
     <!-- Record Rule For User -->
@@ -25,7 +25,7 @@
         <field name="name">user rule</field>
         <field model="ir.model" name="model_id" ref="model_res_users"/>
         <field eval="True" name="global"/>
-        <field name="domain_force">['|',('company_id','=',user.company_id.id),('company_id','child_of',[user.company_id.id])]</field>
+        <field name="domain_force">['|',('company_id.child_ids','child_of',[user.company_id.id]),('company_id','child_of',[user.company_id.id])]</field>
     </record>
 
 
diff --git a/bin/addons/base/res/res_user.py b/bin/addons/base/res/res_user.py
index fa3e87aab74..094a1f26b25 100644
--- a/bin/addons/base/res/res_user.py
+++ b/bin/addons/base/res/res_user.py
@@ -356,11 +356,13 @@ class users(osv.osv):
         if ids == [uid]:
             for key in values.keys():
                 if not (key in self.SELF_WRITEABLE_FIELDS or key.startswith('context_')):
+                    print 'Not Found', key
                     break
             else:
-                # check that user is not selecting an invalid company_id
-                if 'company_id' not in values or (values.get('company_id') in self.read(cr, uid, uid, ['company_ids'], context=context)['company_ids']):
-                    uid = 1 # safe fields only, so we write as super-user to bypass access rights
+                if 'company_id' in values:
+                    if not (values['company_id'] in self.read(cr, uid, uid, ['company_ids'], context=context)['company_ids']):
+                        del values['company_id']
+                uid = 1 # safe fields only, so we write as super-user to bypass access rights
 
         res = super(users, self).write(cr, uid, ids, values, context=context)