← Back to team overview

openerp-community team mailing list archive

Re: Concerns about security with OpenERP v8

 

On 2014-02-05 03:58, Carlos Vásquez wrote:

Ferdinand,

I think you can do this with access rules, we have done similar things with attachments using rules.

Hi Carlos!

Some (not all) attachments must be only visible by members of the group who created the attachment and has access right to the main object. For this it is necessary to save the group_id (or group_ids ?) in the attachment resource, which is currently (incl trunk) not the case

For invoices I would like to allow programmatic deletion of attachment, but not manual. Obviously this can be done using the admin id in the attachment deletion, but not with access rights.

Regards,
--
PS: escribí este email desde mi teléfono, por favor disculpe la brevedad y cualquier error de escritura.

Carlos Vásquez
CTO · Director de Ingeniería

carlos.vasquez@xxxxxxxxxxxxxxx <mailto:carlos.vasquez@xxxxxxxxxxxxxxx>
CR: +(506) 4000 CORP (4000 2677)
US: +1 (786) 472-4267
Cel: +(506) 8351 4484
skype: crvasquez
twitter: cvclearcorp

300 m. Este de la Escuela
Calle de Platanares
11402 San Jerónimo, Moravia
San José, Costa Rica

http://www.clearcorp.co.cr



_______________________________________________
Mailing list: https://launchpad.net/~openerp-community
Post to     : openerp-community@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openerp-community
More help   : https://help.launchpad.net/ListHelp


--
Ferdinand


References