openerp-india team mailing list archive
-
openerp-india team
-
Mailing list archive
-
Message #21315
[Bug 1098219] Re: Cannot create a new user with another granted user other than the admin
*** This bug is a duplicate of bug 1021378 ***
https://bugs.launchpad.net/bugs/1021378
Hi,
the code of the create function has been modified a lot since then. Does
it's possible that the bug came back?
I've got the bug with the nightly build sources of 6th of january 2013
on the version 7.0
Thanks!
Regards,
Houssine
--
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1098219
Title:
Cannot create a new user with another granted user other than the
admin
Status in OpenERP Server:
New
Bug description:
version : 7.0
OS : Windows
Database : a fresh new one
You create a new user to which you give the acces right group in order
to be able to create new users.
You log on with this new created user and try to create a new user you
will get the following stack trace error :
2013-01-10 16:11:27,390 6180 INFO sales werkzeug: 127.0.0.1 - - [10/Jan/2013 16:11:27] "POST /web/dataset/call_kw HTTP/1.1" 200 -
2013-01-10 16:11:27,437 6180 INFO sales werkzeug: 127.0.0.1 - - [10/Jan/2013 16:11:27] "POST /web/dataset/call_kw HTTP/1.1" 200 -
2013-01-10 16:11:39,780 6180 WARNING sales openerp.osv.orm: Access Denied by record rules for operation: create, uid: 6, model: res.users
2013-01-10 16:11:39,780 6180 ERROR sales openerp.netsvc: Access Denied
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: Users, Operation: create)
Traceback (most recent call last):
File "C:\workspace_OpenERP\openerp_server_7_0_20130601\openerp\netsvc.py", line 289, in dispatch_rpc
result = ExportService.getService(service_name).dispatch(method, params)
File "C:\workspace_OpenERP\openerp_server_7_0_20130601\openerp\service\web_services.py", line 614, in dispatch
res = fn(db, uid, *params)
File "C:\workspace_OpenERP\openerp_server_7_0_20130601\openerp\osv\osv.py", line 169, in execute_kw
return self.execute(db, uid, obj, method, *args, **kw or {})
File "C:\workspace_OpenERP\openerp_server_7_0_20130601\openerp\osv\osv.py", line 125, in wrapper
raise except_osv(inst.name, inst.value)
except_osv: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: Users, Operation: create)')
2013-01-10 16:11:39,953 6180 INFO sales werkzeug: 127.0.0.1 - - [10/Jan/2013 16:11:39] "POST /web/dataset/call_kw HTTP/1.1" 200 -
Here is something wrong with the access rule defined for "res_user" in
the function check_access_rule specially in the else clause :
def check_access_rule(self, cr, uid, ids, operation, context=None):
"""Verifies that the operation given by ``operation`` is allowed for the user
according to ir.rules.
:param operation: one of ``write``, ``unlink``
:raise except_orm: * if current ir.rules do not permit this operation.
:return: None if the operation is allowed
"""
if uid == SUPERUSER_ID:
return
if self.is_transient():
# Only one single implicit access rule for transient models: owner only!
# This is ok to hardcode because we assert that TransientModels always
# have log_access enabled so that the create_uid column is always there.
# And even with _inherits, these fields are always present in the local
# table too, so no need for JOINs.
cr.execute("""SELECT distinct create_uid
FROM %s
WHERE id IN %%s""" % self._table, (tuple(ids),))
uids = [x[0] for x in cr.fetchall()]
if len(uids) != 1 or uids[0] != uid:
raise except_orm(_('Access Denied'),
_('For this kind of document, you may only access records you created yourself.\n\n(Document type: %s)') % (self._description,))
else:
where_clause, where_params, tables = self.pool.get('ir.rule').domain_get(cr, uid, self._name, operation, context=context)
if where_clause:
where_clause = ' and ' + ' and '.join(where_clause)
for sub_ids in cr.split_for_in_conditions(ids):
cr.execute('SELECT ' + self._table + '.id FROM ' + ','.join(tables) +
' WHERE ' + self._table + '.id IN %s' + where_clause,
[sub_ids] + where_params)
returned_ids = [x['id'] for x in cr.dictfetchall()]
self._check_record_rules_result_count(cr, uid, sub_ids, returned_ids, operation, context=context)
To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1098219/+subscriptions
References