openerp-india team mailing list archive

Thread
Date

[Bug 931776] Re: [account] account_move button_validate method is not taking into account group privilages

To: openerp-india@xxxxxxxxxxxxxxxxxxx
From: "Amit Parik \(OpenERP\)" <amp@xxxxxxxxxxx>
Date: Wed, 15 Feb 2012 11:24:32 -0000
Reply-to: Bug 931776 <931776@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hello Hbto,

Yes, I totally agree with you. We have to assign a account group
privileges for Post button.

@Team
Here I have described the more steps which is helpful for reproduce it.

Create one new group and gives read access for account.move and
account.move.line. Create one new user for this group as well assign
this new group for accounting application for accessing account,move.

Create a real time environment then creates a account move from the
stock move. Now trying to post this account move which gives a access
error on line#1329 of account.py (like you can not write this document)
from the write method.

So that is a better thing we have to assign a one account group for this
button.

Thank you!


** Changed in: openobject-addons
   Importance: Undecided => Low

** Changed in: openobject-addons
       Status: New => Confirmed

** Changed in: openobject-addons
     Assignee: (unassigned) => OpenERP R&D Addons Team 3 (openerp-dev-addons3)

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/931776

Title:
  [account] account_move button_validate method is not taking into
  account group privilages

Status in OpenERP Addons (modules):
  Confirmed

Bug description:
  [account] account_move button_validate method is not taking into
  account group privilages,

  Create a new user, 
  Create a new group with just rights to read account.move object, 
  Add that user to the Employee Group,
  After That try to validate an Entry Move created by an Inventory Move,

  It will be posted, Why??

  I think that it is because those account_move has already been
  numbered,

  This is different when you are doing an accoun_move from scratch,

  My Though is that the post method on account_move is the responsible of this
  Why? 

  because of this piece of code:

  When doing and account move from scratch account_move does not
  have a number, and this new_name variable is read, and account_move
  is written,
                  if new_name:
                      self.write(cr, uid, [move.id], {'name':newname})

  But in the case of account_move created by stock_moves
  there is no need to generate new_name, so new_name keeps False value
  and the following piece of code is execute, which does not take into account
  who is executing the post method allowing any user approving a post with a previously
  assigned number

          cr.execute('UPDATE account_move '\
                     'SET state=%s '\
                     'WHERE id IN %s',
                     ('posted', tuple(valid_moves),))

  Thanks in advance for your help.

  Hbto [Vauxoo]

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/931776/+subscriptions

References

[Bug 931776] [NEW] [account] account_move button_validate method is not taking into account group privilages
From: hbto [Vauxoo] http://www.vauxoo.com, 2012-02-13