openerp-india team mailing list archive

Thread
Date

Re: [Bug 1084570] Re: [trunk] Access rules are not reloading when you update a module.

To: openerp-india@xxxxxxxxxxxxxxxxxxx
From: Gustavo Adrian Marino <gamarino@xxxxxxxxx>
Date: Thu, 29 Nov 2012 20:05:54 -0000
Reply-to: Bug 1084570 <1084570@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Nhomar:
The potential problems are the same, using any strategy to implement
security rules, and by the way, many of us use some variation of your
proposal. I am not proposing to change your strategy.

Go to the customer 30 days after your implementation is completed and
introduce an update in a base module. Any customer introduced change will
be lost and you will have an argument with your customer about who is
responsible for the potential losses.

I think we should take into consideration real cases, not just our lab
problems
Thanks for your opinion


2012/11/29 Nhomar Hernandez (Vauxoo) <nhomar@xxxxxxxxx>

> Hello Gustavo.
>
> Sorry but I'm not agreed.
>
> In any serious implementation, you must build your grid of permisions,
> and the correct way is trought New Groups by hand trhought your
> interface or groups based on XML files (We use the second one), because
> in this way we are able to replicate a grid of ACL from one DB-instance
> to another one in seconds.
>
> But BTW, I think the correct behaviour is "depends what implementer
> decide.", Not All in All out.
>
> We have several security modules, that are updated from time to time due
> to the introduction of incorrect security holes, and in this way the
> control is with big lenses, and with very high quality.
>
> Even you can TEST your Escenarios with Yaml (we make it too!) take off
> this feature, as you mention is really a BIG regression, because it is
> pushing us to configure by hand all security already done and tested/
>
> Thanks for your opinion.
>
> --
> You received this bug notification because you are subscribed to OpenERP
> Server.
> https://bugs.launchpad.net/bugs/1084570
>
> Title:
>   [trunk] Access rules are not reloading when you update a module.
>
> Status in OpenERP Server:
>   New
>
> Bug description:
>   Hello.
>
>   things declared in security folder in past version is updated, in
>   trunk, it is not happening.
>
>   Why it is necesary:
>
>   In views the core doesn't accept groups not created by code, if i am
>   not able to reload res_group.xml of my module and ist respective
>   ir.mode.access.csv it is not possible have a security module
>   implementation by implementation.
>
>   If this is a design decisition, it should be cool if somebody can
>   explain us what is the workaround wiuth this bug, if not this is a
>   regression.
>
>   Sol:
>
>   opt1: 1.- Make configurable as always, probably i need to block update
> permisions.
>   opt2: 2.- revert the change in this way it can works as before.
>
>   How do i reproduce.
>
>   1.- Create a module with a group/
>   2.- Create an acl on ir.model.access file/
>   3.- Install the modules.
>   4.- In graphical interace delete the acl/
>   5./ Start your server with -u all -d dbname parameters.
>
>   What do i got:
>
>   acl is not reloaded.
>
>   What do i spect:
>
>   acl is reloaded.
>
>   Regards.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/openobject-server/+bug/1084570/+subscriptions
>


--

Gustavo Adrian Marino

Mobile: +54 911 5498 2515

Email: gamarino@xxxxxxxxx

Skype: gustavo.adrian.marino

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1084570

Title:
  [trunk] Access rules are not reloading when you update a module.

Status in OpenERP Server:
  New

Bug description:
  Hello.

  things declared in security folder in past version is updated, in
  trunk, it is not happening.

  Why it is necesary:

  In views the core doesn't accept groups not created by code, if i am
  not able to reload res_group.xml of my module and ist respective
  ir.mode.access.csv it is not possible have a security module
  implementation by implementation.

  If this is a design decisition, it should be cool if somebody can
  explain us what is the workaround wiuth this bug, if not this is a
  regression.

  Sol:

  opt1: 1.- Make configurable as always, probably i need to block update permisions.
  opt2: 2.- revert the change in this way it can works as before.

  How do i reproduce.

  1.- Create a module with a group/
  2.- Create an acl on ir.model.access file/
  3.- Install the modules.
  4.- In graphical interace delete the acl/
  5./ Start your server with -u all -d dbname parameters.

  What do i got:

  acl is not reloaded.

  What do i spect:

  acl is reloaded.

  Regards.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1084570/+subscriptions

References

[Bug 1084570] [NEW] [trunk] Access rules are not reloading when you update a module.
From: Nhomar Hernandez (Vauxoo), 2012-11-29
[Bug 1084570] Re: [trunk] Access rules are not reloading when you update a module.
From: Nhomar Hernandez (Vauxoo), 2012-11-29