← Back to team overview

openerp-india team mailing list archive

  1. openerp-india team
  2. Mailing list archive
  3. Message #08558

Re: [Bug 944561] Re: ir.model.access.csv overwriting set permissions

  Thread PreviousDate PreviousThread Next 
** Attachment added: "TruFlo.jpg"
   https://bugs.launchpad.net/bugs/944561/+attachment/2820918/+files/TruFlo.jpg

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/944561

Title:
  ir.model.access.csv overwriting set permissions

Status in OpenERP Server:
  Invalid

Bug description:
  After setting permissions for groups and users etc. via the client and then updating a module the permissions are overwritten.
  This is correct behaviour. However this creates a security issue.

  1, Set up company specific permissions via UI.
  2, Upgrade module eg. openerp-server -u all
  3, Permissions are set back to default
  4, Users can access parts of the system that they should not, based on company specific requirements

  There seems to be no easy way of retaining these set permissions.
  1, We could export to CSV and reload after modules have been updated. This is a bit of work that might get missed on a module upgrade. Who would think to do it?

  2, We could create our own module and override the ir.model.access.csv
  items required. This does not work. There seems to be no mechanism for
  overriding ir.model.access.csv. What happens is that another
  identically named line is added to the ir_model_access table. It would
  be a matter of luck for the new permissions to be parsed before or
  after the duplicate named permissions.

  3, Set all fields and groups of interest by hand in custom module

  A solution for this could be to add a mechanism to override the permissions via a module. This will not solve the issue for changes made via the UI. If you updated the modules before you save the permissions you are in an embarrassing situation.
  Maybe there could be a flag in configuration (set by default to False) that controls weather permissions are reset or not?

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/944561/+subscriptions

References

  Thread PreviousDate PreviousThread Next