Odoo Addons (MOVED TO GITHUB)

Permissions users multicompany

Bug #1210263 reported by Luis Torres - http://www.vauxoo.com
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Odoo Addons (MOVED TO GITHUB)
Invalid
Undecided
OpenERP Publisher's Warranty Team

Bug Description

1) Steps to reproduce the issue you have observed

You can create 2 sister companies (companyA, companyB), and 2 users (user1 and user2),

The user1 have the companyA, and user2 have companyA and companyB.

The user1 add as follower in a purchase_order to user2, and when the user2 have at present the companyA can view the purchase, but if the user2 change you company to companyB, this already can't view the purchase, by permissions.

Can find a demonstrative video here:: http://www.youtube.com/watch?v=Obf7Ca_4vOU

2) The result you expected:

As the user2 is multicompany, i find that with the two company he can view the documents

3) I use Ubuntu 12.4

OpenERP -.-
Server revno: ---- 5045
addons revno: ---- 9335
web addons revno: ---- 4005

Tags: maintenance

Related branches

lp:~vauxoo/openobject-addons/7.0-project_task_test_yaml_multi-company
Nhomar - Vauxoo (community): Needs Information
Jorge Angel Naranjo Rogel - http://www.vauxoo.com (community): Needs Resubmitting
Olivier Dony (Odoo): Pending requested
OpenERP R&D Team: Pending requested
Moisés López - http://www.vauxoo.com: Pending requested
Diff: 181 lines (+150/-1)
4 files modified
project/__openerp__.py (+5/-1)
project/demo/task_multicompany_demo.yml (+87/-0)
project/test/task_mail_multicompany_test.yml (+23/-0)
project/test/task_multicompany_user_test.yml (+35/-0)
Naresh(OpenERP) (nch-openerp)
Changed in openobject-addons:
assignee: nobody → OpenERP Publisher's Warranty Team (openerp-opw)
tags: added: maintenance
Revision history for this message
Nhomar - Vauxoo (nhomar) wrote :

Hello

The branch attached test the Error with the ACL consulted in the bug to understand what is the problem.

The branch is not pretending solve it just test it automatically when the patch is provided.

Changed in openobject-addons:
importance: Undecided → Medium
Revision history for this message
Moisés López - http://www.vauxoo.com (moylop260) wrote :
Download full text (3.4 KiB)

Somesh,
You can't reproduce this error. Right?

We generate a MP with test-yaml of a similar situation.
https://code.launchpad.net/~vauxoo/openobject-addons/7.0-project_task_test_yaml_multi-company

And generate a runbot instance:
http://runbot.openerp.com/vauxoo-test-yaml-task-multi-company-test-jorge-vauxoo-18987/logs/test-all.txt

This is the log
2013-09-02 18:22:15,805 32438 INFO test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.modules.loading: module project: loading test/task_multicompany.yml
2013-09-02 18:22:15,824 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Test 1, Assigned task to User A with User Multi-Company
2013-09-02 18:22:15,824 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Create a company 'TestA'
2013-09-02 18:22:15,925 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Create a company 'TestB'
2013-09-02 18:22:16,040 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Create a user 'UserAB'
2013-09-02 18:22:16,283 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Create a user 'UserA'
2013-09-02 18:22:16,485 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Added companies to UserAB
2013-09-02 18:22:16,541 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Added companies to UserA
2013-09-02 18:22:16,619 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Create task assigned to UserA by UserAB with company A
2013-09-02 18:22:16,794 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Read task UserA
2013-09-02 18:22:16,816 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Changed companyA to companyB in UserAB
2013-09-02 18:22:16,846 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Read task UserA
2013-09-02 18:22:16,868 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Test 2, Assigned task to User Multi-Company with User A
2013-09-02 18:22:16,868 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Assigned companyA in UserAB
2013-09-02 18:22:16,898 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Create task assigned to UserAB with company A create by UserA
2013-09-02 18:22:17,075 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Changed companyA to companyB in UserAB
2013-09-02 18:22:17,105 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Task assigned to UserAB with company B create by UserA
2013-09-02 18:22:17,280 32438 TEST test-yaml-task-multi-company-test-jorge-vauxoo-18987-all openerp.tools.yaml_import: Read task UserAB with companyB
2013-09-02 18:22:17,299 32438 ERROR test-yaml-task-multi-c...

Read more...

Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

Hi,

Based on your description and the video linked in it, this does not appear to be a bug, but rather the expected behavior. The way multicompany works is very simple:
  "At any time, a user will see the records that are visible the company
  that is selected in her user preferences"

This is not different for users who work for multiple companies! They do not see a mix of records from all their companies, they only see the records for their *current company*. This is very important otherwise these users would mix records that cannot be mixed, for example they would be able to select a G/L Account from company A with a Period from Company B, and they would get errors all the time. The "company_ids" m2m is only used to set the companies the user can switch to, but *never* for access control.

This can be confusing in some cases, like the "Inbox" which will mix messages about both companies, but there is a big warning message about it already when you switch companies, and it is a very important part to have a safe multi-company environment.

There are many workarounds for situations where this is too confusing:
 - create 2 users for the employees working for 2 sister companies, so these users will have 2 completely separate environments -> less confusion for them
 - or change the company hierarchy so that UserAB instead belong to company "Root" which is the parent of A and B. According to your ir.rules this will normally allow UserAB to see records from A and B all the time, but they will have to be 2x more careful to avoid mixing them (+use distinct names for periods, accounts, etc.)
 - or if appropriate, modify the default ir.rules to allow some level of sharing of data between the companies, so that users from company A can see tasks from company B ... in some cases this might make sense on the business side.
 - or you could even change all the rules to use the `company_ids` field instead of `company_id`, and allow multi-company users to see a mix of records. But that would require users to be very knowledgable about multi-company issues, and it would be very error-prone.
 - etc..

PS: If the part that is most confusing to you is the fact that some notifications link to records that cannot be viewed, you could try to customize messages and add a company_id field to filter the Inbox based on the current user company. This means the user has multiple Inboxes, and might require some core changes in the messaging system.

Changed in openobject-addons:
importance: Medium → Undecided
status: New → Invalid
Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

Sorry, in my previous comment, the rule should obviously read:
  "At any time, a user will see the records that are visible *for* the company
  that is selected in her user preferences"

Revision history for this message
Moisés López - http://www.vauxoo.com (moylop260) wrote :

Hello Oliver,
I sent you a message in MP
https://code.launchpad.net/~vauxoo/openobject-addons/7.0-project_task_test_yaml_multi-company/+merge/183530/comments/420261

Thank you for your reply.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.