openerp-india team mailing list archive

Thread
Date

[Bug 1082009] Re: HR > Leave Requests. User can write date fields of an already approved Leave Request

To: openerp-india@xxxxxxxxxxxxxxxxxxx
From: Anto <1082009@xxxxxxxxxxxxxxxxxx>
Date: Tue, 11 Dec 2012 10:38:02 -0000
Reply-to: Bug 1082009 <1082009@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hello Martin,

The permissions seem ok to me.  Your video shows an expected behavior
because you are using the Administrator account, which has all the
rights.  But if you proceed to the same test (change the start date of
an approved leave request) with the demo user, you'll get an "Access
Denied" error, as expected.

In the code of hr_holidays.py, this restriction is formulated as followed: 
'date_from': fields.datetime('Start Date', readonly=True, states={'draft':[('readonly',False)], 'confirm':[('readonly',False)]}, select=True)

Hope that helps !

Regards, 
Anto.


** Changed in: openobject-addons
       Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/1082009

Title:
  HR > Leave Requests. User can write date fields of an already approved
  Leave Request

Status in OpenERP Addons (modules):
  Invalid

Bug description:
  Version: 6.2dev-20121122-0001
  Related bug: 1005795

  A user gets leaves approved (e.g. sick days). Everybody can see this
  in the calendar (good!). Everybody can move the event around (bad!).
  This makes the calendar much less usable as a credible tool and source
  of information.

  (This can even happen accidently, because the drag-and-drop interface
  allows moving dates just too easy. There is not even an "undo"...)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/1082009/+subscriptions