openerp-india team mailing list archive
-
openerp-india team
-
Mailing list archive
-
Message #26590
[Bug 1125216] Re: [7.0] Access rights for portal do not work properly
Hello Alexander,
This is not the problem but its desired behavior of the openerp
framework when you used the same object and same group then always last
created and last loaded rights/record will be override the first created
access.
Normally this is not feasible that we have used the same group , same object and assigned the different rights manytimes, So at this time last created or loaded access will be considered and old one will be override because there is no possibility that both rights will be work together.
Here you can see that you have created 2nd rule will be last one. So It will be apply and first one will be override that's the normal.
This is not a bug rather then a question, So let me convert into
question!
Thank you!
** Project changed: openobject-addons => openobject-server
** Summary changed:
- [7.0] Access rights for portal do not work properly
+ [7.0]Same object and same group assigned the multiple times then last one is override the first created access
** Changed in: openobject-server
Status: New => Invalid
** Converted to question:
https://answers.launchpad.net/openobject-server/+question/238464
--
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/1125216
Title:
[7.0]Same object and same group assigned the multiple times then last
one is override the first created access
Status in OpenERP Server:
Invalid
Bug description:
Hello!
We tried to grant access to an external customer to some parts of our
OpenERP instance via the portal. During this we encountered a strange
behaviour of the access rights and rules. I hope the description of
the problem is understandable.
What we did:
- Settings → Users → Groups created a new user group “portal new”
- Access Rights → Added a rule for Object Invoice → granted all access for this group
- Rules → Add new rule
- New rule belongs to Invoice
- Domain Filter: [('message_follower_ids','in',[user.partner_id.id])]
- Access Rights: All
- Groups: new group “portal new”
- Save the rule
-Rules → add a second new rule
- Everything the same as the first rule
Everything works as expected.
Problems occur if we change the second rule: If we modify the access
rights of the rule, the access rights of the second rule override the
rules of the first one. For example if the first one grants read+write
access and the second one grants read access only read access is
granted to the logged in portal user and vice versa. If only a single
rule is present non of the selected access rights for the rules grant
or restrict any access. In this case only the Access Rights (in the
Access Rights Tab) grant or restrict the access. The domain filter of
the rule is still working.
Although mentioned in the release notes for V7 that no button is
present if the user has no right for the action buttons are still
present if the access is granted via the Access Right-Tab. It seems as
if you have to define a basic set of rights at the Access Right-Tab
which displays all the necessary buttons too. The rules restrict these
rights if there is more than one rule present but buttons are still
present (an error message appears if the user tries to save a change
if he has no right – not the button is hidden).
Second big problem: As the second rule can override the first rules
access rights it is important to know which rule is the first and
which is the second one. Nothing indicates which one is which. Not
even the view's order indicates it. Only try and error can tell you
that.
Greets
OpenERP V7
Webclient
Server: Ubuntu 12.04 Server
To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1125216/+subscriptions