openerp-india team mailing list archive
-
openerp-india team
-
Mailing list archive
-
Message #23714
[Bug 1021378] Re: "create" permission in res.users dont work with other users, not admin
Hi Everybody;
Further Investigations
You can verify by yourself that this issue exist on the latest runbot releases for 7.0 and trunk but not for 6.0 and 6.1
http://trunk-4253.runbot.openerp.com
http://7-0-4260.runbot.openerp.com
.
.
.
http://6-1-4257.runbot.openerp.com
Also according to the content of openerp.log file :
<< 2013-02-20 18:36:39,023 8916 INFO gsctest werkzeug: 41.107.104.239 - - [20/Feb/2013 18:36:39] "POST /web/dataset/call_kw HTTP/1.1" 200 -
2013-02-20 18:36:49,286 8916 WARNING gsctest openerp.osv.orm: Access Denied by record rules for operation: create, uid: 12, model: res.partner
2013-02-20 18:36:49,286 8916 ERROR gsctest openerp.netsvc: Access Denied
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: Partner, Operation: create)
Traceback (most recent call last):
File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\netsvc.py", line 289, in dispatch_rpc
File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\service\web_services.py", line 614, in dispatch
File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\osv\osv.py", line 169, in execute_kw
File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\osv\osv.py", line 125, in wrapper
except_osv: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: Partner, Operation: create)')
2013-02-20 18:36:49,349 8916 INFO gsctest werkzeug: 41.107.104.239 - - [20/Feb/2013 18:36:49] "POST /web/dataset/call_kw HTTP/1.1" 200 - >>
We can see that this issue is related to access rights on the Model "res.partner" (also called Object in v6.0).
So what have changed since in Record Rules since v7.0 on res.partner ?
Searching in Record Rules for v6.0, v6.1, v7.0 and trunk, and comparing between the rules found,we will see:
1- there is one common rule: "res.partner company" on Partner Model with exactly the same rightsCRUD and Global
and exactly the same definition - ['|','|',('company_id.child_ids','child_of',[user.company_id.id]),('company_id','child_of',[user.company_id.id]),('company_id','=',False)]
2- There is a second rule for v7.0 and trunk: "res_partner: read access on my partner" on the same Model (res.partner)
with just "READ" Access right and defined for "Portal" and Anonymous" groups.
3- There is also another rule for v6.0 and 6.1: " Account Followup
Statistics by Partner Rule" , but this is not important, cause it is on
the object " Followup Statistics by Partner " and not the object
"res.partner"
4- and the last rule: "Partner Bank company rule" whish also seems to be
not important in our case cause it's related to res.partner.bank and not
directly to res.partner
Conclusion:
The second rule (above) seems to be the cause of this issue.
Solution:
1- Put CRUD and Global rughts on this rule
2- Removing the access rights of users on "Portal" and "Anonymous" (Unchecking both)
Tested on runbot: the two solutions are not working
Tested on my development platform: the second solution is working fine
please, could someone test and confirm
best regards.
--
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1021378
Title:
"create" permission in res.users dont work with other users, not admin
Status in OpenERP Community Backports (Server):
Fix Released
Status in OpenERP Community Backports (Server) 7.0 series:
Fix Released
Status in OpenERP Server:
Fix Committed
Status in Therp Backports:
Fix Released
Status in Therp Backports server-6.1 series:
Fix Released
Bug description:
When you create a new user and give permissions: Administration: "access rights". This group "access rights" has create permission to res.users table.
Then login with this new user and try to create a new user, it dont work, the message is "Access Error Operation:Prohibited by the rules of access to or held in a document already removed (Operation: create, document type: res.users)"
The result I expected was create a new user, by using a user different to admin, that has "access rights" permissions.
The platform is ubuntu
The Openerp Version is 6.1 rev. 4196
To manage notifications about this bug go to:
https://bugs.launchpad.net/ocb-server/+bug/1021378/+subscriptions
References