Merge lp:~invitu/openerp-mgmtsystem/7-0_fix_security into lp:openerp-mgmtsystem

Proposed by invitu on 2014-02-25
Status: Merged
Approved by: Guewen Baconnier @ Camptocamp on 2014-02-28
Approved revision: 93
Merged at revision: 94
Proposed branch: lp:~invitu/openerp-mgmtsystem/7-0_fix_security
Merge into: lp:openerp-mgmtsystem
Diff against target: 30 lines (+22/-2)
1 file modified
mgmtsystem_hazard/security/ir.model.access.csv (+22/-2)
To merge this branch: bzr merge lp:~invitu/openerp-mgmtsystem/7-0_fix_security
Reviewer Review Type Date Requested Status
Daniel Reis code review no test Approve on 2014-02-26
Pedro Manuel Baeza code review 2014-02-25 Approve on 2014-02-25
Maxime Chambreuil (http://www.savoirfairelinux.com) Approve on 2014-02-25
invitu (community) Resubmit on 2014-02-25
Review via email: mp+208239@code.launchpad.net

Description of the change

fix security for objects

To post a comment you must log in.
Pedro Manuel Baeza (pedro.baeza) wrote :

Hi, I think you have forgotten some access rules:

- risk_computation_manager
- hazard_probability_manager
- hazard_severity_manager
- hazard_usage_manager
- hazard_risk_type_user
- hazard_hazard_user
- hazard_hazard_test_user
- hazard_control_measure_user
- hazard_residual_risk_user
- hazard_type_manager

Thanks.

Regards-

review: Needs Fixing (code review)
invitu (invitu) wrote :

thanks for your comment
missing rules have been added
regards

review: Resubmit
Pedro Manuel Baeza (pedro.baeza) wrote :

Thanks for the changes.

Regards.

review: Approve (code review)
Daniel Reis (dreis-pt) wrote :

Shouldn't "base.group_user" in L5,L6 be "mgmtsystem.group_mgmtsystem_user" instead?

BTW, there's no need to "resubmit proposal". Just pushing the additional changes is enough, and the additional revision will be displayed in the discussion history.

review: Needs Information
93. By invitu on 2014-02-26

[FIX] fix security for some objects

invitu (invitu) wrote :

I just added missing rules but it seems that the existing ones needed to be improved too
--> branch updated

regards

Daniel Reis (dreis-pt) :
review: Approve (code review no test)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'mgmtsystem_hazard/security/ir.model.access.csv'
2--- mgmtsystem_hazard/security/ir.model.access.csv 2012-08-20 18:34:19 +0000
3+++ mgmtsystem_hazard/security/ir.model.access.csv 2014-02-26 18:13:15 +0000
4@@ -1,4 +1,24 @@
5 "id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink"
6-"access_mgmtsystem_hazard","mgmtsystem.hazard.user","model_mgmtsystem_hazard","base.group_user",1,1,1,0
7-"access_mgmtsystem_hazard_origin_user","mgmtsystem.hazard.origin.user","model_mgmtsystem_hazard_origin","base.group_user",1,0,0,0
8+"access_mgmtsystem_hazard","mgmtsystem.hazard.user","model_mgmtsystem_hazard","mgmtsystem.group_mgmtsystem_user",1,1,1,0
9+"access_mgmtsystem_hazard_origin_user","mgmtsystem.hazard.origin.user","model_mgmtsystem_hazard_origin","mgmtsystem.group_mgmtsystem_user",1,0,0,0
10 "access_mgmtsystem_hazard_origin_manager","mgmtsystem.hazard.origin.manager","model_mgmtsystem_hazard_origin","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
11+"access_mgmtsystem_hazard_risk_computation_user","mgmtsystem.hazard.risk_computation.user","model_mgmtsystem_hazard_risk_computation","mgmtsystem.group_mgmtsystem_user",1,0,0,0
12+"access_mgmtsystem_hazard_risk_computation_manager","mgmtsystem.hazard.risk_computation.manager","model_mgmtsystem_hazard_risk_computation","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
13+"access_mgmtsystem_hazard_probability_user","mgmtsystem.hazard.probability.user","model_mgmtsystem_hazard_probability","mgmtsystem.group_mgmtsystem_user",1,0,0,0
14+"access_mgmtsystem_hazard_probability_manager","mgmtsystem.hazard.probability.manager","model_mgmtsystem_hazard_probability","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
15+"access_mgmtsystem_hazard_severity_user","mgmtsystem.hazard.severity.user","model_mgmtsystem_hazard_severity","mgmtsystem.group_mgmtsystem_user",1,0,0,0
16+"access_mgmtsystem_hazard_severity_manager","mgmtsystem.hazard.severity.manager","model_mgmtsystem_hazard_severity","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
17+"access_mgmtsystem_hazard_usage_user","mgmtsystem.hazard.usage.user","model_mgmtsystem_hazard_usage","mgmtsystem.group_mgmtsystem_user",1,0,0,0
18+"access_mgmtsystem_hazard_usage_manager","mgmtsystem.hazard.usage.manager","model_mgmtsystem_hazard_usage","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
19+"access_mgmtsystem_hazard_risk_type_user","mgmtsystem.hazard.risk_type.user","model_mgmtsystem_hazard_risk_type","mgmtsystem.group_mgmtsystem_user",1,0,0,0
20+"access_mgmtsystem_hazard_risk_type_manager","mgmtsystem.hazard.risk_type.manager","model_mgmtsystem_hazard_risk_type","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
21+"access_mgmtsystem_hazard_hazard_user","mgmtsystem.hazard.hazard.user","model_mgmtsystem_hazard_hazard","mgmtsystem.group_mgmtsystem_user",1,0,0,0
22+"access_mgmtsystem_hazard_hazard_manager","mgmtsystem.hazard.hazard.manager","model_mgmtsystem_hazard_hazard","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
23+"access_mgmtsystem_hazard_test_user","mgmtsystem.hazard.test.user","model_mgmtsystem_hazard_test","mgmtsystem.group_mgmtsystem_user",1,0,0,0
24+"access_mgmtsystem_hazard_test_manager","mgmtsystem.hazard.test.manager","model_mgmtsystem_hazard_test","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
25+"access_mgmtsystem_hazard_control_measure_user","mgmtsystem.hazard.control_measure.user","model_mgmtsystem_hazard_control_measure","mgmtsystem.group_mgmtsystem_user",1,0,0,0
26+"access_mgmtsystem_hazard_control_measure_manager","mgmtsystem.hazard.control_measure.manager","model_mgmtsystem_hazard_control_measure","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
27+"access_mgmtsystem_hazard_residual_risk_user","mgmtsystem_hazard.residual_risk.user","model_mgmtsystem_hazard_residual_risk","mgmtsystem.group_mgmtsystem_user",1,0,0,0
28+"access_mgmtsystem_hazard_residual_risk_manager","mgmtsystem_hazard.residual_risk.manager","model_mgmtsystem_hazard_residual_risk","mgmtsystem.group_mgmtsystem_manager",1,1,1,1
29+"access_mgmtsystem_hazard_type_user","mgmtsystem.hazard.type.user","model_mgmtsystem_hazard_type","mgmtsystem.group_mgmtsystem_user",1,0,0,0
30+"access_mgmtsystem_hazard_type_manager","mgmtsystem.hazard.type.manager","model_mgmtsystem_hazard_type","mgmtsystem.group_mgmtsystem_manager",1,1,1,1