Also according to the content of openerp.log file :
<< 2013-02-20 18:36:39,023 8916 INFO gsctest werkzeug: 41.107.104.239 - - [20/Feb/2013 18:36:39] "POST /web/dataset/call_kw HTTP/1.1" 200 -
2013-02-20 18:36:49,286 8916 WARNING gsctest openerp.osv.orm: Access Denied by record rules for operation: create, uid: 12, model: res.partner
2013-02-20 18:36:49,286 8916 ERROR gsctest openerp.netsvc: Access Denied
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: Partner, Operation: create)
Traceback (most recent call last):
File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\netsvc.py", line 289, in dispatch_rpc
File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\service\web_services.py", line 614, in dispatch
File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\osv\osv.py", line 169, in execute_kw
File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\osv\osv.py", line 125, in wrapper
except_osv: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: Partner, Operation: create)')
2013-02-20 18:36:49,349 8916 INFO gsctest werkzeug: 41.107.104.239 - - [20/Feb/2013 18:36:49] "POST /web/dataset/call_kw HTTP/1.1" 200 - >>
We can see that this issue is related to access rights on the Model "res.partner" (also called Object in v6.0).
So what have changed since in Record Rules since v7.0 on res.partner ?
Searching in Record Rules for v6.0, v6.1, v7.0 and trunk, and comparing between the rules found,we will see:
1- there is one common rule: "res.partner company" on Partner Model with exactly the same rightsCRUD and Global
and exactly the same definition - ['|','|',('company_id.child_ids','child_of',[user.company_id.id]),('company_id','child_of',[user.company_id.id]),('company_id','=',False)]
2- There is a second rule for v7.0 and trunk: "res_partner: read access on my partner" on the same Model (res.partner)
with just "READ" Access right and defined for "Portal" and Anonymous" groups.
3- There is also another rule for v6.0 and 6.1: " Account Followup Statistics by Partner Rule" , but this is not important, cause it is on the object " Followup Statistics by Partner " and not the object "res.partner"
4- and the last rule: "Partner Bank company rule" whish also seems to be not important in our case cause it's related to res.partner.bank and not directly to res.partner
Conclusion:
The second rule (above) seems to be the cause of this issue.
Solution:
1- Put CRUD and Global rughts on this rule
2- Removing the access rights of users on "Portal" and "Anonymous" (Unchecking both)
Tested on runbot: the two solutions are not working
Tested on my development platform: the second solution is working fine
Hi Everybody;
Further Investigations
You can verify by yourself that this issue exist on the latest runbot releases for 7.0 and trunk but not for 6.0 and 6.1 trunk-4253. runbot. openerp. com 7-0-4260. runbot. openerp. com 6-1-4257. runbot. openerp. com
http://
http://
.
.
.
http://
Also according to the content of openerp.log file : call_kw HTTP/1.1" 200 -
<< 2013-02-20 18:36:39,023 8916 INFO gsctest werkzeug: 41.107.104.239 - - [20/Feb/2013 18:36:39] "POST /web/dataset/
2013-02-20 18:36:49,286 8916 WARNING gsctest openerp.osv.orm: Access Denied by record rules for operation: create, uid: 12, model: res.partner
2013-02-20 18:36:49,286 8916 ERROR gsctest openerp.netsvc: Access Denied
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: Partner, Operation: create) 20130107- 000101\ Server\ server\ .\openerp\ netsvc. py", line 289, in dispatch_rpc 20130107- 000101\ Server\ server\ .\openerp\ service\ web_services. py", line 614, in dispatch 20130107- 000101\ Server\ server\ .\openerp\ osv\osv. py", line 169, in execute_kw 20130107- 000101\ Server\ server\ .\openerp\ osv\osv. py", line 125, in wrapper \n\n(Document type: Partner, Operation: create)') call_kw HTTP/1.1" 200 - >>
Traceback (most recent call last):
File "F:\Program Files (x86)\OpenERP 7.0alpha-
File "F:\Program Files (x86)\OpenERP 7.0alpha-
File "F:\Program Files (x86)\OpenERP 7.0alpha-
File "F:\Program Files (x86)\OpenERP 7.0alpha-
except_osv: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
2013-02-20 18:36:49,349 8916 INFO gsctest werkzeug: 41.107.104.239 - - [20/Feb/2013 18:36:49] "POST /web/dataset/
We can see that this issue is related to access rights on the Model "res.partner" (also called Object in v6.0).
So what have changed since in Record Rules since v7.0 on res.partner ?
Searching in Record Rules for v6.0, v6.1, v7.0 and trunk, and comparing between the rules found,we will see: ',('company_ id.child_ ids','child_ of',[user. company_ id.id]) ,('company_ id','child_ of',[user. company_ id.id]) ,('company_ id','=' ,False) ]
1- there is one common rule: "res.partner company" on Partner Model with exactly the same rightsCRUD and Global
and exactly the same definition - ['|','|
2- There is a second rule for v7.0 and trunk: "res_partner: read access on my partner" on the same Model (res.partner)
with just "READ" Access right and defined for "Portal" and Anonymous" groups.
3- There is also another rule for v6.0 and 6.1: " Account Followup Statistics by Partner Rule" , but this is not important, cause it is on the object " Followup Statistics by Partner " and not the object "res.partner"
4- and the last rule: "Partner Bank company rule" whish also seems to be not important in our case cause it's related to res.partner.bank and not directly to res.partner
Conclusion:
The second rule (above) seems to be the cause of this issue.
Solution:
1- Put CRUD and Global rughts on this rule
2- Removing the access rights of users on "Portal" and "Anonymous" (Unchecking both)
Tested on runbot: the two solutions are not working
Tested on my development platform: the second solution is working fine
please, could someone test and confirm
best regards.