Merge lp:~camptocamp/openerp-product-attributes/7.0-fix-field-acl-lep into lp:~product-core-editors/openerp-product-attributes/7.0
Proposed by
Leonardo Pistone
Status: | Needs review |
---|---|
Proposed branch: | lp:~camptocamp/openerp-product-attributes/7.0-fix-field-acl-lep |
Merge into: | lp:~product-core-editors/openerp-product-attributes/7.0 |
Diff against target: |
8 lines (+1/-0) 1 file modified
base_custom_attributes/security/ir.model.access.csv (+1/-0) |
To merge this branch: | bzr merge lp:~camptocamp/openerp-product-attributes/7.0-fix-field-acl-lep |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Laetitia Gangloff (Acsone) (community) | Needs Resubmitting | ||
Yannick Vaucher @ Camptocamp | code review, no test | Needs Fixing | |
Review via email: mp+218470@code.launchpad.net |
To post a comment you must log in.
Unmerged revisions
- 243. By Leonardo Pistone
-
[fix] allow attributes to be written by non-admin users
Seems very dangerous to me.
You shouldn't never trust all sale managers. Any sale manager could break the database.
Maybe we could add a boolean on ir model field to know if this is a custom attribute.
Then add a record rule to let CRUD access only on ir_model_fields that belongs to a custom attribute.