openerp-india team mailing list archive

["Amit Parik \(OpenERP\)" <amp@xxxxxxxxxxx>]

Hello Alexander,

This is not the problem but its desired behavior of the openerp
framework when you used the same object and same group then always last
created and last loaded rights/record will be override the first created
access.

Normally this is not feasible that we have used the same group , same object and assigned the different rights manytimes, So at this time last created or loaded access will be considered and old one will be override because there is no possibility that both rights will be work together. 
Here you can see that you have created 2nd rule will be last one. So It will be apply and first one will be override that's the normal.

This is not a bug rather then a question, So let me convert into
question!

Thank you!

** Project changed: openobject-addons => openobject-server

** Summary changed:

- [7.0] Access rights for portal do not work properly
+ [7.0]Same object and same group assigned the multiple times then last one is override the first created access

** Changed in: openobject-server
       Status: New => Invalid

** Converted to question:
   https://answers.launchpad.net/openobject-server/+question/238464

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/1125216

Title:
  [7.0]Same object and same group assigned the multiple times then last
  one is override the first created access

Status in OpenERP Server:
  Invalid

Bug description:
  Hello!

  We tried to grant access to an external customer to some parts of our
  OpenERP instance via the portal. During this we encountered a strange
  behaviour of the access rights and rules. I hope the description of
  the problem is understandable.

  What we did:

  - Settings → Users → Groups created a new user group “portal new”
  - Access Rights → Added a rule for Object Invoice → granted all access for this group
  - Rules → Add new rule
    - New rule belongs to Invoice
    - Domain Filter: [('message_follower_ids','in',[user.partner_id.id])]
    - Access Rights: All
    - Groups: new group “portal new”
    - Save the rule
  -Rules → add a second new rule
    - Everything the same as the first rule

  Everything works as expected.

  Problems occur if we change the second rule: If we modify the access
  rights of the rule, the access rights of the second rule override the
  rules of the first one. For example if the first one grants read+write
  access and the second one grants read access only read access is
  granted to the logged in portal user and vice versa. If only a single
  rule is present non of the selected access rights for the rules grant
  or restrict any access. In this case only the Access Rights (in the
  Access Rights Tab) grant or restrict the access. The domain filter of
  the rule is still working.

  Although mentioned in the release notes for V7 that no button is
  present if the user has no right for the action buttons are still
  present if the access is granted via the Access Right-Tab. It seems as
  if you have to define a basic set of rights at the Access Right-Tab
  which displays all the necessary buttons too. The rules restrict these
  rights if there is more than one rule present but buttons are still
  present (an error message appears if the user tries to save a change
  if he has no right – not the button is hidden).

  Second big problem: As the second rule can override the first rules
  access rights it is important to know which rule is the first and
  which is the second one. Nothing indicates which one is which. Not
  even the view's order indicates it. Only try and error can tell you
  that.

  Greets

  
  OpenERP V7
  Webclient
  Server: Ubuntu 12.04 Server

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1125216/+subscriptions