openerp-india team mailing list archive

[Daniel Reis <1204455@xxxxxxxxxxxxxxxxxx>]

Hi Amit,

I see that you also face this problem internally at OpenERP.
It certainly isn't an "error", but is it appropriate to mark for "wishlist" a problem that can make a module unusable?

You didn't explain why a record rule isn't a feasible solution.

I have found that res.partner has an "employee" boolean field.
It's a matter of creating a record rule: [('employee', ' =', False)]
, and adding to he_employee.address_id a context; {'employee: True }

It looks like a simple improvement to me.

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/1204455

Title:
  Employee personal address should be private information

Status in OpenERP Addons (modules):
  Opinion

Bug description:
  The Employee Home address is a private and sensitive information.
  Only HR professional should have access to it.

  However, since it's stored in the Partners table, anyone can see these addresses.
  Making these addresses inactive does not  solve the issue: they can still be accessed using an Advanced Filter "Active is false".

  From a information security point of view, this is a show stopper.
  So, a proper solution is needed (using record rules?).

  By the way, for the case where an Employee can also be a Customer, two solutions are possible:
  * you just create a new Customer record, just like what you would do for a non-employee; or
  * in the Work Address you use a Parter record specific for that Person.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/1204455/+subscriptions