openerp-india team mailing list archive
-
openerp-india team
-
Mailing list archive
-
Message #24193
[Bug 1204455] Re: Employee personal address should be private information
Hello Daniel,
Yes, you are correct. We have a employee boolean field on partner but I
didn't seen when it become True.
I agreed with your suggestion that we have to pass context {'employee:
True } on personal address as well as we have to put the domain
[('employee', ' =', True)] on that m20 field.
And record rule is a easy and feasible solution, consider with "Low"
priority.
Thanks for the answer!
** Changed in: openobject-addons
Importance: Wishlist => Low
** Changed in: openobject-addons
Status: Opinion => Confirmed
** Changed in: openobject-addons
Assignee: (unassigned) => OpenERP R&D Addons Team 1 (openerp-dev-addons1)
--
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/1204455
Title:
Employee personal address should be private information
Status in OpenERP Addons (modules):
Confirmed
Bug description:
The Employee Home address is a private and sensitive information.
Only HR professional should have access to it.
However, since it's stored in the Partners table, anyone can see these addresses.
Making these addresses inactive does not solve the issue: they can still be accessed using an Advanced Filter "Active is false".
From a information security point of view, this is a show stopper.
So, a proper solution is needed (using record rules?).
By the way, for the case where an Employee can also be a Customer, two solutions are possible:
* you just create a new Customer record, just like what you would do for a non-employee; or
* in the Work Address you use a Parter record specific for that Person.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/1204455/+subscriptions
References