Group constraint doesn't work as intended

I have an entity named Employee. An employee can either be marked as internal, or not. An internal employee has a reference to a cuba user. An employee also has a manager. The manager is another internal employee.

I have two groups that should restrict the internal employee (which in turn also means the signed in user).

Group 1: Should only have access to non-internal employees. This is solved by adding a group with the following constraint and it works perfect:
Operation type: all
Check type: Check in database
Join clause: None
Where clause: {E}.isInternal=false

Group 1: Should only have access to non internal employees (Like above) AND employees which the employee itself manages (employees whose manager is the signed in employee. This I tried solving by doing the following, but for some reason, it can ONLY see employees that it manages. This is the constraint I tried, any idea why it doesn’t work?

Operation type: all
Check type: Check in database
Join clause: None
Where clause: {E}.isInternal=false OR {E}.manager.user.id=:session$userId

Hello @bartekspitza

Could you clarify what version of CUBA do you use?

Regards,
Daniil

I am using 7.0 or higher

Thank you.

The problem is related to logic of ORM mechanisms - INNER JOIN is used when you are trying to access to entity properties via dot.

To make things work you should add explicit LEFT JOIN to join clause.

Regards,
Daniil