OpenERP Management System

Merge lp:~invitu/openerp-mgmtsystem/7-0_fix_security into lp:openerp-mgmtsystem

7-0_fix_security
Merge into 7.0

Proposed by invitu on 2014-02-25

Status:	Merged
Approved by:	Guewen Baconnier @ Camptocamp on 2014-02-28
Approved revision:	93
Merged at revision:	94
Proposed branch:	lp:~invitu/openerp-mgmtsystem/7-0_fix_security
Merge into:	lp:openerp-mgmtsystem
Diff against target:	30 lines (+22/-2) 1 file modified mgmtsystem_hazard/security/ir.model.access.csv (+22/-2)
To merge this branch:	bzr merge lp:~invitu/openerp-mgmtsystem/7-0_fix_security
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Daniel Reis	code review no test		Approve on 2014-02-26
Pedro Manuel Baeza	code review	2014-02-25	Approve on 2014-02-25
Maxime Chambreuil (http://www.savoirfairelinux.com)			Approve on 2014-02-25
invitu (community)			Needs Resubmitting on 2014-02-25
Review via email: mp+208239@code.launchpad.net

Description of the change

fix security for objects

Revision history for this message

Pedro Manuel Baeza (pedro.baeza) wrote on 2014-02-25:

Hi, I think you have forgotten some access rules:

- risk_computation_manager
- hazard_probability_manager
- hazard_severity_manager
- hazard_usage_manager
- hazard_risk_type_user
- hazard_hazard_user
- hazard_hazard_test_user
- hazard_control_measure_user
- hazard_residual_risk_user
- hazard_type_manager

Thanks.

Regards-

review: Needs Fixing (code review)

Revision history for this message

invitu (invitu) wrote on 2014-02-25:

thanks for your comment
missing rules have been added
regards

review: Needs Resubmitting

Revision history for this message

Maxime Chambreuil (http://www.savoirfairelinux.com) (max3903) on 2014-02-25:

review: Approve

Revision history for this message

Pedro Manuel Baeza (pedro.baeza) wrote on 2014-02-25:

Thanks for the changes.

Regards.

review: Approve (code review)

Revision history for this message

Daniel Reis (dreis-pt) wrote on 2014-02-26:

Shouldn't "base.group_user" in L5,L6 be "mgmtsystem.group_mgmtsystem_user" instead?

BTW, there's no need to "resubmit proposal". Just pushing the additional changes is enough, and the additional revision will be displayed in the discussion history.

review: Needs Information

lp:~invitu/openerp-mgmtsystem/7-0_fix_security updated on 2014-02-26

93. By invitu on 2014-02-26: [FIX] fix security for some objects

Revision history for this message

invitu (invitu) wrote on 2014-02-26:

I just added missing rules but it seems that the existing ones needed to be improved too
--> branch updated

regards

Revision history for this message

Daniel Reis (dreis-pt) on 2014-02-26:

review: Approve (code review no test)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Admilson Afonso

Antonio Martin

Ariel E. Figueroa - http://www.humanytek.com

Csaba TOTH

Daniel Reis

Davor Bojkić

Jose Espinoza

Marco Di Francesco

Med Said BARA

OpenERP Committers

invitu

 === modified file 'mgmtsystem_hazard/security/ir.model.access.csv'
 --- mgmtsystem_hazard/security/ir.model.access.csv	2012-08-20 18:34:19 +0000
 +++ mgmtsystem_hazard/security/ir.model.access.csv	2014-02-26 18:13:15 +0000
@@ -1,4 +1,24 @@
  "id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
--"access_mgmtsystem_hazard","mgmtsystem.hazard.user","model_mgmtsystem_hazard","base.group_user",1,1,1,0
--"access_mgmtsystem_hazard_origin_user","mgmtsystem.hazard.origin.user","model_mgmtsystem_hazard_origin","base.group_user",1,0,0,0
++"access_mgmtsystem_hazard","mgmtsystem.hazard.user","model_mgmtsystem_hazard","mgmtsystem.group_mgmtsystem_user",1,1,1,0
++"access_mgmtsystem_hazard_origin_user","mgmtsystem.hazard.origin.user","model_mgmtsystem_hazard_origin","mgmtsystem.group_mgmtsystem_user",1,0,0,0
  "access_mgmtsystem_hazard_origin_manager","mgmtsystem.hazard.origin.manager","model_mgmtsystem_hazard_origin","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
++"access_mgmtsystem_hazard_risk_computation_user","mgmtsystem.hazard.risk_computation.user","model_mgmtsystem_hazard_risk_computation","mgmtsystem.group_mgmtsystem_user",1,0,0,0
++"access_mgmtsystem_hazard_risk_computation_manager","mgmtsystem.hazard.risk_computation.manager","model_mgmtsystem_hazard_risk_computation","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
++"access_mgmtsystem_hazard_probability_user","mgmtsystem.hazard.probability.user","model_mgmtsystem_hazard_probability","mgmtsystem.group_mgmtsystem_user",1,0,0,0
++"access_mgmtsystem_hazard_probability_manager","mgmtsystem.hazard.probability.manager","model_mgmtsystem_hazard_probability","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
++"access_mgmtsystem_hazard_severity_user","mgmtsystem.hazard.severity.user","model_mgmtsystem_hazard_severity","mgmtsystem.group_mgmtsystem_user",1,0,0,0
++"access_mgmtsystem_hazard_severity_manager","mgmtsystem.hazard.severity.manager","model_mgmtsystem_hazard_severity","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
++"access_mgmtsystem_hazard_usage_user","mgmtsystem.hazard.usage.user","model_mgmtsystem_hazard_usage","mgmtsystem.group_mgmtsystem_user",1,0,0,0
++"access_mgmtsystem_hazard_usage_manager","mgmtsystem.hazard.usage.manager","model_mgmtsystem_hazard_usage","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
++"access_mgmtsystem_hazard_risk_type_user","mgmtsystem.hazard.risk_type.user","model_mgmtsystem_hazard_risk_type","mgmtsystem.group_mgmtsystem_user",1,0,0,0
++"access_mgmtsystem_hazard_risk_type_manager","mgmtsystem.hazard.risk_type.manager","model_mgmtsystem_hazard_risk_type","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
++"access_mgmtsystem_hazard_hazard_user","mgmtsystem.hazard.hazard.user","model_mgmtsystem_hazard_hazard","mgmtsystem.group_mgmtsystem_user",1,0,0,0
++"access_mgmtsystem_hazard_hazard_manager","mgmtsystem.hazard.hazard.manager","model_mgmtsystem_hazard_hazard","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
++"access_mgmtsystem_hazard_test_user","mgmtsystem.hazard.test.user","model_mgmtsystem_hazard_test","mgmtsystem.group_mgmtsystem_user",1,0,0,0
++"access_mgmtsystem_hazard_test_manager","mgmtsystem.hazard.test.manager","model_mgmtsystem_hazard_test","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
++"access_mgmtsystem_hazard_control_measure_user","mgmtsystem.hazard.control_measure.user","model_mgmtsystem_hazard_control_measure","mgmtsystem.group_mgmtsystem_user",1,0,0,0
++"access_mgmtsystem_hazard_control_measure_manager","mgmtsystem.hazard.control_measure.manager","model_mgmtsystem_hazard_control_measure","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
++"access_mgmtsystem_hazard_residual_risk_user","mgmtsystem_hazard.residual_risk.user","model_mgmtsystem_hazard_residual_risk","mgmtsystem.group_mgmtsystem_user",1,0,0,0
++"access_mgmtsystem_hazard_residual_risk_manager","mgmtsystem_hazard.residual_risk.manager","model_mgmtsystem_hazard_residual_risk","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
++"access_mgmtsystem_hazard_type_user","mgmtsystem.hazard.type.user","model_mgmtsystem_hazard_type","mgmtsystem.group_mgmtsystem_user",1,0,0,0
++"access_mgmtsystem_hazard_type_manager","mgmtsystem.hazard.type.manager","model_mgmtsystem_hazard_type","mgmtsystem.group_mgmtsystem_manager",1,1,1,1

OpenERP Management System

Merge lp:~invitu/openerp-mgmtsystem/7-0_fix_security into lp:openerp-mgmtsystem

Commit message

Description of the change

Preview Diff

Subscribers