← Back to team overview

c2c-oerpscenario team mailing list archive

[Bug 777850] Re: account_followup uses SQL query for getting data, cirmumventing security rules

 

Hello Thomas,

I also faced the same issue, but found that I had a wrong configuration.

These are the things I corrected and made sure to get rid of the error:
1. I have assigned X company to demo user and made an account chart for X.
2. Created followup for X.
3. Logged in through demo user.
4. Created an invoice.
5. Clicked on 'send followup' wizard.
6. Earlier I had no invoices(movelines) for X, so it gave me the error.
7. Now, I have journals, account chart for my company X, I can see the objects easily.
8. Attached is the DB I configured. You can configure similar things at your end.

Regarding web error of pager numbers, can you please make sure you have been using latest web version?
Hope this helps.
Thanks.

P.S. admin:a, demo:demo are the users.

** Attachment added: "777850_20110526_12_29.sql"
   https://bugs.launchpad.net/openobject-addons/+bug/777850/+attachment/2143283/+files/777850_20110526_12_29.sql

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/777850

Title:
  account_followup uses SQL query for getting data, cirmumventing
  security rules

Status in OpenERP Modules (addons):
  Fix Released

Bug description:
  this happens in v6 and trunk

  Hi. 
  Currently account_followup uses SQL queries to get invoice and partners to sent followups to. This doesn't take security rules into account, which is wrong. And ORM way would do the right thing here. 

  For example a very bad effect of this is that in a multicompany
  situation any user sees the open invoices of other companies, which
  shouldn't be.

  The interesting stuff happens here:
  http://bazaar.launchpad.net/~openerp/openobject-
  addons/trunk/view/head:/account_followup/wizard/account_followup_print.py

  Thanks!


References