c2c-oerpscenario team mailing list archive

["Amit Dodiya \(OpenERP\)" <777850@xxxxxxxxxxxxxxxxxx>]

Thomas,

Thanks for the response.

Well, the merge proposal(the branch which contains the fix) has the following behavior now:
1. Filter the list of Followups which either belongs to NO company, or belongs to user's company or of its children companies.
2. Filter the move lines matching the same criteria as mentioned in 1.

Let me know if this logic doesn't help.

As far as the restriction for follow-ups is concerned, you might be missing Record rules for the followups.
Kindly go through the attached screenshot,create rule accordingly and retry.

Hope this helps.
Thanks.

** Attachment added: "record_rule_followup.png"
   https://bugs.launchpad.net/openobject-addons/+bug/777850/+attachment/2122604/+files/record_rule_followup.png

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/777850

Title:
  account_followup uses SQL query for getting data, cirmumventing
  security rules

Status in OpenERP Modules (addons):
  Fix Committed

Bug description:
  this happens in v6 and trunk

  Hi. 
  Currently account_followup uses SQL queries to get invoice and partners to sent followups to. This doesn't take security rules into account, which is wrong. And ORM way would do the right thing here. 

  For example a very bad effect of this is that in a multicompany
  situation any user sees the open invoices of other companies, which
  shouldn't be.

  The interesting stuff happens here:
  http://bazaar.launchpad.net/~openerp/openobject-
  addons/trunk/view/head:/account_followup/wizard/account_followup_print.py

  Thanks!