Odoo Server (MOVED TO GITHUB)

Merge lp:~openerp-dev/openobject-server/trunk-bug-917524-mtr into lp:openobject-server

trunk-bug-917524-mtr
Merge into trunk

Proposed by Meera Trambadia (OpenERP) on 2012-01-27

Status:

Work in progress

Proposed branch:

lp:~openerp-dev/openobject-server/trunk-bug-917524-mtr

Merge into:

lp:openobject-server

Diff against target:

18 lines (+8/-0)

1 file modified

openerp/addons/base/security/base_security.xml (+8/-0)

To merge this branch:

bzr merge lp:~openerp-dev/openobject-server/trunk-bug-917524-mtr

Low

Fix Committed

Link a bug report

Reviewer	Date Requested	Status
Raphael Collet (OpenERP) (community)	2012-01-27	Needs Fixing on 2012-01-31
qdp (OpenERP)	2012-01-27	Pending
Review via email: mp+90431@code.launchpad.net

Description of the change

base/security: added and modify record rule for ir.values for configuration and employee groups --fixes=lp:917524

Revision history for this message

Raphael Collet (OpenERP) (rco-openerp) wrote on 2012-01-31:

Be careful, with this change all users have full access to ir.values!

Before you had a *global* ir.model.access (access_ir_values_group_all) with a *global* ir.rule (ir_values_default_rule) that restricts write, create and delete accesses with a domain. Now that the ir.rule becomes local, the global ir.model.access gives all users full access without a domain! In other words, the local ir.rule has no effect in this situation.

I suggest the following change:
- make the ir.model.access 'access_ir_values_group_all' global, but with *read* permission only;
- create an ir.model.access for group 'group_system' with all permissions;
- create an ir.model.access for group 'group_user', with all permissions;
- make the ir.rule 'ir_values_default_rule' local to 'group_user'.

With that change, we have the expected access rights:
- all users have read access to ir.values;
- users of 'group_user' have write, create, and delete access limited to "their" values;
- users of 'group_system' have full access to all ir.values.

Thanks,
Raphael

review: Needs Fixing

lp:~openerp-dev/openobject-server/trunk-bug-917524-mtr updated on 2012-02-14

3985. By Meera Trambadia (OpenERP) on 2012-02-13: [MERGE] branch merged with lp:openobject-server
3986. By Meera Trambadia (OpenERP) on 2012-02-14: [MERGE] branch merged with lp:openobject-server

Unmerged revisions

3986. By Meera Trambadia (OpenERP) on 2012-02-14: [MERGE] branch merged with lp:openobject-server
3985. By Meera Trambadia (OpenERP) on 2012-02-13: [MERGE] branch merged with lp:openobject-server
3984. By Meera Trambadia (OpenERP) on 2012-01-27: [FIX] base: added and modify record rule for ir.values for configuration and employee groups

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

AE2I

Ajay Patel (OpenERP)

Alle (ADSOFT)

Amit Onkar

Arif

Arista Technologies Pvt. Ltd

Arys Eric

Belkacem Mohammed

Bharat Devnani (Open ERP)

Bob Muller

CH LAU

Carlos Llamacho

Chatchai

Christophe CHAUVET

Csaba TOTH

Cuong

Daivaras

Daniel Dico (oerp.ca)

DavidHuttlestonJr

Dragan Gregurec

Eva P.

Federico Manuel Echeverri Choux

Florent

Gideoni Silva

Gino Rivera

Hao Fu

Hobbysta

Husen Daudi

JAE58

John B

Jose Antonio Morales Ponce(vauxoo) - - http://www.vauxoo.com

Joshua Jan(SHINEIT)

Kalariya Hardik(Tech Receptives)

Krisztian Eyssen

Larry Horsley

Massimiliano Brasile

Mathieu Leduc-Hamel

Michael Meierhoff

MiteshPatel (OpenERP)

Mohsin Khan

Mukhtar Dheyab

Nhomar - Vauxoo

Nicolas DS

OpenBMS JSC

OpenERP Core Team

OpenERP Findis

OpenERP R&D Team

Osess

Outsourceit International

Pereerro

Rafael Sales - http://www.tompast.com.br

Ravi Gadhia (OpenERP)

Raymond Lee

Riken Bhorania (OpenERP)

Robson Gonçalves

Roxly Rivero

Ruchir Shukla(BizzAppDev)

Rudy

Saad Zaher

Simon

Sunil http://techreceptives.com

Synconics Technologies Pvt. Ltd.

Tech-Receptives Monitor

Thierry T

Turkesh Patel (openERP)

amari hamza

fitrah ahmad

fshahy

geyunfei

giudalo

gpa(OpenERP)

jacques

jeffery chen fan

lambdasoftware

makka

olefoxe

padam raj gurung

rvo(Open ERP)

tossp

zakaria makrelouf

to status/vote changes:

Jean-Philippe Gal

José Vicente Blasco

Rui Andrada

kalmen

teodor alexandru

 === modified file 'openerp/addons/base/security/base_security.xml'
 --- openerp/addons/base/security/base_security.xml	2011-12-02 16:14:56 +0000
 +++ openerp/addons/base/security/base_security.xml	2012-02-14 05:14:18 +0000
@@ -72,6 +72,14 @@
              <field name="model_id" ref="model_ir_values"/>
              <field name="domain_force">[('key','=','default'),('user_id','=',user.id)]</field>
              <field name="perm_read" eval="False"/>
++            <field name="groups" eval="[(4,ref('group_user'))]"/>
++        </record>
++
++        <record model="ir.rule" id="ir_values_all_rule">
++            <field name="name">All: alter all values</field>
++            <field name="model_id" ref="model_ir_values"/>
++            <field name="domain_force">[(1,'=',1)]</field>
++            <field name="groups" eval="[(4,ref('group_system'))]"/>
          </record>
          <!-- Used for dashboard customizations, users should only be able to edit their own dashboards -->