Odoo Server (MOVED TO GITHUB)

Merge lp:~openerp-dev/openobject-server/trunk-bug-1021378-aja into lp:openobject-server

  1. trunk-bug-1021378-aja
  2. Merge into trunk
Proposed by ajay javiya (OpenERP)
Status: Merged
Merge reported by: Olivier Dony (Odoo)
Merged at revision: not available
Proposed branch: lp:~openerp-dev/openobject-server/trunk-bug-1021378-aja
Merge into: lp:openobject-server
Diff against target: 18 lines (+1/-1)
1 file modified
openerp/osv/orm.py (+1/-1)
To merge this branch: bzr merge lp:~openerp-dev/openobject-server/trunk-bug-1021378-aja
Reviewer Review Type Date Requested Status
Nicholas Riegel (community) Needs Fixing
Olivier Dony (Odoo) Approve
Yannick Vaucher @ Camptocamp (community) tests Approve
Review via email: mp+121995@code.launchpad.net

Description of the change

Bug fix

To post a comment you must log in.
Revision history for this message
Alexandre Fayolle - camptocamp (alexandre-fayolle-c2c) wrote :

hello,

I agree this needs to be fixed in trunk, but more importantly it needs to be fixed in the 7.0 branch.
Could you resubmit the MP against that branch please ?

Revision history for this message
Yannick Vaucher @ Camptocamp (yvaucher-c2c) wrote :

Preparation:
With admin
- Create a user test

Case 1:
With admin
- Set right Administration / Access Rights on user test
With test
- create a user test111

Result: user test111 is created -> OK

Case 2:
With admin
- Set right Administration / Settings on user test
With test
- create a user test222

Result: user test222 is created -> OK

Case 3: (No rights)
With test
- Open a user creation form and define name field test

With admin
- Remove right Administration on user test

With test
- Press save button

Result: Error Access denied -> OK

review: Approve (tests)
Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

Marking as merged because it was merged in 7.0 at rev 4894 revision-id: <email address hidden>, and will be forward-ported to trunk soon. Thanks for the reviews!

review: Approve
Revision history for this message
Nicholas Riegel (nriegel) wrote :

These bugs are still not fixed. After creating a new user and assigning them to the Access Rights group, the following error occurs when that new user tries to add a user:

Access Denied

The requested operation cannot be completed due to security restrictions. Please contact your system administrator.

(Document type: Note Stage, Operation: read)

The same error occurs when Note Stage read access is enabled in the Groups / Administration / Access Rights settings.

review: Needs Fixing

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'openerp/osv/orm.py'
2--- openerp/osv/orm.py 2012-08-14 13:06:56 +0000
3+++ openerp/osv/orm.py 2012-08-30 07:01:18 +0000
4@@ -4276,7 +4276,6 @@
5 upd1 += ",%s,(now() at time zone 'UTC')"
6 upd2.append(user)
7 cr.execute('insert into "'+self._table+'" (id'+upd0+") values ("+str(id_new)+upd1+')', tuple(upd2))
8- self.check_access_rule(cr, user, [id_new], 'create', context=context)
9 upd_todo.sort(lambda x, y: self._columns[x].priority-self._columns[y].priority)
10
11 if self._parent_store and not context.get('defer_parent_store_computation'):
12@@ -4329,6 +4328,7 @@
13 self.name_get(cr, user, [id_new], context=context)[0][1] + \
14 "' " + _("created.")
15 self.log(cr, user, id_new, message, True, context=context)
16+ self.check_access_rule(cr, user, [id_new], 'create', context=context)
17 self._workflow_trigger(cr, user, [id_new], 'trg_create', context=context)
18 return id_new
19