openerp-india team mailing list archive

[Brian Taber <1079028@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

bzr version-info
revision-id: tde@xxxxxxxxxxx-20121114150442-4rpfdy9spm1ig0qw
date: 2012-11-14 16:04:42 +0100
build-date: 2012-11-14 23:40:52 -0500
revno: 4562
branch-nick: origin/trunk

- I do not have multi-company enabled anywhere

I created a new user and assigned them access rights for Administration
to "Access Rights".  Logged in as that new user, attempting to create a
new user will throw access denied for create which is caused by the
Record Rules Users (user rule).  I replaced existing rule:

[('company_ids','child_of',[user.company_id.id])]

with

['|',('company_id','=',False),('company_id','child_of',[user.company_id.id])]

and this corrected the first issue.  This then revealed a successive
access denied on the Note Stage, so I eliminated the Apply for Read and
Apply for Write to work around

I am unsure if these have any security implications but they did allow
the user to be created properly

** Affects: openobject-server
     Importance: Undecided
         Status: New


** Tags: trunk

** Summary changed:

- access denied creating users as non-admin
+ [trunk] access denied creating users as non-admin

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1079028

Title:
  [trunk] access denied creating users as non-admin

Status in OpenERP Server:
  New

Bug description:
  bzr version-info
  revision-id: tde@xxxxxxxxxxx-20121114150442-4rpfdy9spm1ig0qw
  date: 2012-11-14 16:04:42 +0100
  build-date: 2012-11-14 23:40:52 -0500
  revno: 4562
  branch-nick: origin/trunk

  - I do not have multi-company enabled anywhere

  I created a new user and assigned them access rights for
  Administration to "Access Rights".  Logged in as that new user,
  attempting to create a new user will throw access denied for create
  which is caused by the Record Rules Users (user rule).  I replaced
  existing rule:

  [('company_ids','child_of',[user.company_id.id])]

  with

  ['|',('company_id','=',False),('company_id','child_of',[user.company_id.id])]

  and this corrected the first issue.  This then revealed a successive
  access denied on the Note Stage, so I eliminated the Apply for Read
  and Apply for Write to work around

  I am unsure if these have any security implications but they did allow
  the user to be created properly

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1079028/+subscriptions