c2c-oerpscenario team mailing list archive

["Amit Dodiya \(OpenERP\)" <777850@xxxxxxxxxxxxxxxxxx>]

Thomas,

I recognized the changes and the only changes between both the DBs were
the date of move lines(accounting entries).

However, the problem was a very well-known one which was raised earlier
and I added that as my very first merge proposal in here.

Long story short, it was a problem of SQL queries failing to handle
record rules.

Can you please check with the attached(very temporary) patch?

I will push a branch tomorrow and convert the culprit SQL queries into
the set of valid and well-mannered OpenERP methods which respect the
records rules(needed here indeed).

Thanks.

** Patch added: "acc_fup.patch"
   https://bugs.launchpad.net/openobject-addons/+bug/777850/+attachment/2143666/+files/acc_fup.patch

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/777850

Title:
  account_followup uses SQL query for getting data, cirmumventing
  security rules

Status in OpenERP Modules (addons):
  Fix Released

Bug description:
  this happens in v6 and trunk

  Hi. 
  Currently account_followup uses SQL queries to get invoice and partners to sent followups to. This doesn't take security rules into account, which is wrong. And ORM way would do the right thing here. 

  For example a very bad effect of this is that in a multicompany
  situation any user sees the open invoices of other companies, which
  shouldn't be.

  The interesting stuff happens here:
  http://bazaar.launchpad.net/~openerp/openobject-
  addons/trunk/view/head:/account_followup/wizard/account_followup_print.py

  Thanks!