openerp-india team mailing list archive

Thread
Date

[Bug 1021378] Re: "create" permission in res.users dont work with other users, not admin

To: openerp-india@xxxxxxxxxxxxxxxxxxx
From: diassynthesis <diassynthesis@xxxxxxxxx>
Date: Thu, 21 Feb 2013 16:41:21 -0000
Reply-to: Bug 1021378 <1021378@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi Stefan;

Maybe you are right, but it seems to me that the combination of rules is the cause of this bug .. as stated hereafter in OpenERP
<< Interaction between rules
Global rules (non group-specific) are restrictions, and cannot be bypassed. Group-local rules grant additional permissions, but are constrained within the bounds of global ones. The first group rules restrict further than global rules, but any additional group rule will add more permissions
Detailed algorithm:
1. Global rules are combined together with a logical AND operator, and with the result of the following steps
2. Group-specific rules are combined together with a logical OR operator
3. If user belongs to several groups, the results from step 2 are combined with logical OR operator
Example: GLOBAL_RULE_1 AND GLOBAL_RULE_2 AND ( (GROUP_A_RULE_1 OR GROUP_A_RULE_2) OR (GROUP_B_RULE_1 OR GROUP_B_RULE_2) ) >>

Maybe i'm wrong.

And i'm telling to my self, why OpenERP Team was not worried about this
bug till now ? (six months later)

Maybe because the team consider this as not a bug !!! but rather as a
configuration error, or at least there is a contradiction between rules.

Those 2 rules (res.partner company and res_partner: read access on my partner) are applied to the same object.
What happens when one user is linked to those 2 rules by his membership to some groups at the same time or if the rules are put Globaly ?

I repeat, maybe i'm wrong, but my wish is to end with this "Error or
Bug".

I will patch orm.py as you adviced me and keep you informed, but i think
we should continue our investigations.

Thank you Stefan and best regards.

--
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1021378

Title:
"create" permission in res.users dont work with other users, not admin

Status in OpenERP Community Backports (Server):
Fix Released
Status in OpenERP Community Backports (Server) 7.0 series:
Fix Released
Status in OpenERP Server:
Fix Committed
Status in Therp Backports:
Fix Released
Status in Therp Backports server-6.1 series:
Fix Released

Bug description:
When you create a new user and give permissions: Administration: "access rights". This group "access rights" has create permission to res.users table.
Then login with this new user and try to create a new user, it dont work, the message is "Access Error Operation:Prohibited by the rules of access to or held in a document already removed (Operation: create, document type: res.users)"
The result I expected was create a new user, by using a user different to admin, that has "access rights" permissions.
The platform is ubuntu
The Openerp Version is 6.1 rev. 4196

To manage notifications about this bug go to:
https://bugs.launchpad.net/ocb-server/+bug/1021378/+subscriptions

References

[Bug 1021378] [NEW] "create" permission in res.users dont work with other users, not admin
From: Evelyn Martinez, 2012-07-05