c2c-oerpscenario team mailing list archive

["Olivier Dony \(OpenERP\)" <722579@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

When audit_trail is installed, every request needs to go through an audit step, in which audit_trail tries to determine the auditing rules for the current action.
This should be available also for external users or portal users (that do not belong to the Employee group), as we want them to be audited too, and not see an error for each request.

Therefore security settings should allow everyone to access audit_trail
rules, or better, the rules should be read as "uid 1" to avoid any
problem with the access rights during the processing of each request.

See also bug 719289 which discovered this issue while reporting an issue
with web client.

** Affects: openobject-addons
     Importance: Low
     Assignee: OpenERP R&D Addons Team 1 (openerp-dev-addons1)
         Status: Confirmed

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/722579

Title:
  [6.0] audit_trail settings should be readable by everyone, not just
  employee

Status in OpenERP Modules (addons):
  Confirmed

Bug description:
  When audit_trail is installed, every request needs to go through an audit step, in which audit_trail tries to determine the auditing rules for the current action.
  This should be available also for external users or portal users (that do not belong to the Employee group), as we want them to be audited too, and not see an error for each request.

  Therefore security settings should allow everyone to access
  audit_trail rules, or better, the rules should be read as "uid 1" to
  avoid any problem with the access rights during the processing of each
  request.

  See also bug 719289 which discovered this issue while reporting an
  issue with web client.