openerp-community team mailing list archive

Thread
Date

Re: Project / Invoicing menu available for HR /Employee group

To: Luciano Spiegel <l.spiegel@xxxxxxxxx>
From: Tadeus Prastowo <tadeus.prastowo@xxxxxxxxxxxxx>
Date: Tue, 03 Jul 2012 04:12:44 -0000
Cc: openerp-community@xxxxxxxxxxx
In-reply-to: <CACLpAoZ_81TLcbVxfaJStNEJtFRorPgyeiz-eFZ3daSnCRd1dQ@mail.gmail.com>
Organization: i n f i n i t y . s o l u t i o n (PT. Vikasa Infinity Anugrah)

But, IMO, hiding menus are not a good idea because for a determined
user, he can still craft a HTTP request to read those objects that he
should not.

The above is pointless if OpenERP will not allow read access to an
object when the related menu item is not visible.

Just a quick comment, mistakes on my side are to be expected &
corrected.

Thank you.

-- 
Best regards,
Tadeus Prastowo (Free Software specialist and developer)

i n f i n i t y . s o l u t i o n
PT. Vikasa Infinity Anugrah (www.infi-nity.com)
BSD City Sektor 14, Ruko Golden Madrid 2 blok G/9, Tangerang Selatan
15321 - INDONESIA
t: +62 (21) 5316 4796 f: +62 (21) 5316 4797 m:+62 878 08305292

On Mon, 2012-07-02 at 18:00 +0200, Luciano Spiegel wrote:
> Hi, I want to set up roles and permissions for users who can only
> create tasks works and edit tasks (kind of freelancers users who
> report hours worked to us). I have Analytic Account modules installed
> I added the user to Project Manager / User (slightly customized so the
> freelancer can access only to his Projects / Tasks assigned) and Human
> Resources / Employee groups, both needed to create tasks works.
> 
> 
> The issue is when I assigned the user to the group HR /
> Employee, automatically that user sees the menu Project / Invoicing /
> Contracts to Renew and Project / Invoicing / Invoice Tasks Work.
> Even if those menus are not assigned to the configuration of the group
> HR Employee nor PM /User.
> 
> 
> So the "freelancers" has access to the page where all the contracts
> are (Analytic Accounts) and to Analytic Account Lines (Analytic
> Journal Items), in those views. 
> I cannot deny read access for both objects because it's needed to
> create task work.
> 
> 
> Any idea how can I hide those menus / views for this case?
> 
> 
> thanks in advance
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openerp-community
> Post to     : openerp-community@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openerp-community
> More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: Project / Invoicing menu available for HR /Employee group
From: Luciano Spiegel, 2012-07-03

References

Project / Invoicing menu available for HR /Employee group
From: Luciano Spiegel, 2012-07-02