c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 777850] Re: account_followup uses SQL query for getting data, cirmumventing security rules

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: "Amit Dodiya \(OpenERP\)" <777850@xxxxxxxxxxxxxxxxxx>
Date: Thu, 12 May 2011 05:06:52 -0000
Reply-to: Bug 777850 <777850@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thomas,

Looking at your tracebacks sent by you, I suspect that you are still
using an older version(fix) of the problem.

Look at the fix on revision http://bazaar.launchpad.net/~openerp-dev
/openobject-addons/6.0-bug-777850-ado/revision/4575 which contains the
new fix.

Regarding the second question, yes it is very much possible to reduce
one step, by making all entries selected by default.This needs a little
customization at your end if you need.

Hope this clears.

Thanks.

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/777850

Title:
  account_followup uses SQL query for getting data, cirmumventing
  security rules

Status in OpenERP Modules (addons):
  Fix Released

Bug description:
  this happens in v6 and trunk

  Hi. 
  Currently account_followup uses SQL queries to get invoice and partners to sent followups to. This doesn't take security rules into account, which is wrong. And ORM way would do the right thing here. 

  For example a very bad effect of this is that in a multicompany
  situation any user sees the open invoices of other companies, which
  shouldn't be.

  The interesting stuff happens here:
  http://bazaar.launchpad.net/~openerp/openobject-
  addons/trunk/view/head:/account_followup/wizard/account_followup_print.py

  Thanks!

References

[Bug 777850] [NEW] account_followup uses SQL query for getting data, cirmumventing security rules
From: Leonardo Pistone - Domsense, 2011-05-05