openerp-india team mailing list archive

Thread
Date
[Bug 1098219] Re: Cannot create a new user with another granted user other than the admin

To: openerp-india@xxxxxxxxxxxxxxxxxxx
From: diassynthesis <diassynthesis@xxxxxxxxx>
Date: Fri, 08 Feb 2013 16:56:16 -0000
Reply-to: Bug 1098219 <1098219@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
*** This bug is a duplicate of bug 1021378 ***
    https://bugs.launchpad.net/bugs/1021378

version : 7.0
OS : Windows and Linux

Hello;

The same issue; but a little difference  on model res.partner (not
res.users).

LOG: 08 12:51:46,104 9036 WARNING gsctest openerp.osv.orm: Access Denied
by record rules for operation: create, uid: 9, model: res.partner

Issue description: User other than admin can't add: user, contact ...

For jclopezar: Could you please be more explicit when you say  "
WORKOUT: Deactivate the rule on res.user.company ".

Best regards.

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1098219

Title:
  Cannot create a new user with another granted user other than the
  admin

Status in OpenERP Server:
  New

Bug description:
  version : 7.0
  OS : Windows
  Database : a fresh new one

  You create a new user to which you give the acces right group in order
  to be able to create new users.

  You log on with this new created user and try to create a new user you
  will get the following stack trace error :

  2013-01-10 16:11:27,390 6180 INFO sales werkzeug: 127.0.0.1 - - [10/Jan/2013 16:11:27] "POST /web/dataset/call_kw HTTP/1.1" 200 -
  2013-01-10 16:11:27,437 6180 INFO sales werkzeug: 127.0.0.1 - - [10/Jan/2013 16:11:27] "POST /web/dataset/call_kw HTTP/1.1" 200 -
  2013-01-10 16:11:39,780 6180 WARNING sales openerp.osv.orm: Access Denied by record rules for operation: create, uid: 6, model: res.users
  2013-01-10 16:11:39,780 6180 ERROR sales openerp.netsvc: Access Denied
  The requested operation cannot be completed due to security restrictions. Please contact your system administrator.

  (Document type: Users, Operation: create)
  Traceback (most recent call last):
    File "C:\workspace_OpenERP\openerp_server_7_0_20130601\openerp\netsvc.py", line 289, in dispatch_rpc
      result = ExportService.getService(service_name).dispatch(method, params)
    File "C:\workspace_OpenERP\openerp_server_7_0_20130601\openerp\service\web_services.py", line 614, in dispatch
      res = fn(db, uid, *params)
    File "C:\workspace_OpenERP\openerp_server_7_0_20130601\openerp\osv\osv.py", line 169, in execute_kw
      return self.execute(db, uid, obj, method, *args, **kw or {})
    File "C:\workspace_OpenERP\openerp_server_7_0_20130601\openerp\osv\osv.py", line 125, in wrapper
      raise except_osv(inst.name, inst.value)
  except_osv: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: Users, Operation: create)')
  2013-01-10 16:11:39,953 6180 INFO sales werkzeug: 127.0.0.1 - - [10/Jan/2013 16:11:39] "POST /web/dataset/call_kw HTTP/1.1" 200 -


  Here is something wrong with the access rule defined for "res_user" in
  the function check_access_rule specially in the else clause :

      def check_access_rule(self, cr, uid, ids, operation, context=None):
          """Verifies that the operation given by ``operation`` is allowed for the user
             according to ir.rules.

             :param operation: one of ``write``, ``unlink``
             :raise except_orm: * if current ir.rules do not permit this operation.
             :return: None if the operation is allowed
          """
          if uid == SUPERUSER_ID:
              return

          if self.is_transient():
              # Only one single implicit access rule for transient models: owner only!
              # This is ok to hardcode because we assert that TransientModels always
              # have log_access enabled so that the create_uid column is always there.
              # And even with _inherits, these fields are always present in the local
              # table too, so no need for JOINs.
              cr.execute("""SELECT distinct create_uid
                            FROM %s
                            WHERE id IN %%s""" % self._table, (tuple(ids),))
              uids = [x[0] for x in cr.fetchall()]
              if len(uids) != 1 or uids[0] != uid:
                  raise except_orm(_('Access Denied'),
                                   _('For this kind of document, you may only access records you created yourself.\n\n(Document type: %s)') % (self._description,))
          else:
              where_clause, where_params, tables = self.pool.get('ir.rule').domain_get(cr, uid, self._name, operation, context=context)
              if where_clause:
                  where_clause = ' and ' + ' and '.join(where_clause)
                  for sub_ids in cr.split_for_in_conditions(ids):
                      cr.execute('SELECT ' + self._table + '.id FROM ' + ','.join(tables) +
                                 ' WHERE ' + self._table + '.id IN %s' + where_clause,
                                 [sub_ids] + where_params)
                      returned_ids = [x['id'] for x in cr.dictfetchall()]
                      self._check_record_rules_result_count(cr, uid, sub_ids, returned_ids, operation, context=context)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1098219/+subscriptions
References

[Bug 1098219] [NEW] Cannot create a new user with another granted user other than the admin
From: Houssine, 2013-01-10