c2c-oerpscenario team mailing list archive

["Fabien \(Open ERP\)" <fp@xxxxxxxxxxx>]

as security rules evolved a lot, I don't think it's a good idea.

** Changed in: openobject-server
       Status: Confirmed => Invalid

-- 
Security overwrite manual settings when update base
https://bugs.launchpad.net/bugs/397741
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.

Status in OpenObject Server: Invalid

Bug description:
Hi,


I'm using: Last stable branch of openerp server, addons and extra-addons (lp/*/5.0/, just extra-addons is trunk). I'm sure the problem is also in the trunk branch...

I do the following:

1. Allow the group "Human Ressources / User" to delete account analytic lines (via Administration -> Security -> Access control -> Access control list) and save.

2. Make an update of base module from client side, via the menu "Administration -> Module management -> ..." (for any kind of reason, I did it for updating instance from base source code)

3. Return to "Administration -> Security -> Access control -> Access control list" and the group "Human Ressources / User" don't have the right to delete account analytic line anymore !!!

This is why:

The group "Human Ressources / User" has no right for that in the "ir.model.access.csv", here the concerned line:

"access_hr_account_analytic_line","account.account.analytic.line","account.model_account_analytic_line","hr.group_hr_user",1,1,1,0

AND the file is in the "update" part of the related __terp__.py file...


Anyway : OpenERP should not replace the manual settings made by the administrator by the default settings !!!!!!!!!! Otherwise, you will just reset every manual settings on each update => you cannot work with that...

I don't really know how is the best way to fix it, but please, let's have a discussion and find a solution quickly !

Regards,

Joël