Merge lp:~sbi/openobject-addons/trunk-sbi-timesheet-checks-as-su into lp:openobject-addons

Proposed by Stéphane Bidoul (Acsone) on 2012-11-05
Status: Rejected
Rejected by: Fabien (Open ERP) on 2012-11-14
Proposed branch: lp:~sbi/openobject-addons/trunk-sbi-timesheet-checks-as-su
Merge into: lp:openobject-addons
Diff against target: 46 lines (+5/-4)
1 file modified
hr_timesheet_sheet/hr_timesheet_sheet.py (+5/-4)
To merge this branch: bzr merge lp:~sbi/openobject-addons/trunk-sbi-timesheet-checks-as-su
Reviewer Review Type Date Requested Status
Fabien (Open ERP) 2012-11-05 Disapprove on 2012-11-14
Review via email: mp+132984@code.launchpad.net

Description of the change

This merge proposal changes some timesheets data validity checks to be executed as super user.

The idea is to avoid giving too many access to the user ony for performing validity checks that need to be satisfied in all cases, independently of user permissions.

In particular, I needed this change in a situation where a project manager can see and change timesheet lines of his own projects, but can not see the timesheet sheets of the corresponding users.

To post a comment you must log in.
Fabien (Open ERP) (fp-tinyerp) wrote :

We try to limit the usage of SUPERUSER_ID only for secific cases where it's required.
I prefer to reject this one as it's not very important added feature.

review: Disapprove
Stéphane Bidoul (Acsone) (sbi) wrote :

Hi Fabien,

On Wed, Nov 14, 2012 at 1:33 PM, Fabien (Open ERP) <email address hidden> wrote:

> Review: Disapprove
>
> We try to limit the usage of SUPERUSER_ID only for secific cases where
> it's required.
> I prefer to reject this one as it's not very important added feature.

I fully understand we want to limit usage of SUPERUSER_ID.

However in general, checks and invariant have to be satisfied independently
of the permissions of the user doing the operations.

In this specifc case, doing these checks under the user's identity require
granting the user unnessary rights.

-sbi

Unmerged revisions

7954. By Stéphane Bidoul (Acsone) on 2012-11-05

[IMP] hr_timesheet_sheet: make some data validity checks as superuser

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hr_timesheet_sheet/hr_timesheet_sheet.py'
2--- hr_timesheet_sheet/hr_timesheet_sheet.py 2012-10-30 05:03:23 +0000
3+++ hr_timesheet_sheet/hr_timesheet_sheet.py 2012-11-05 22:18:25 +0000
4@@ -23,6 +23,7 @@
5 from datetime import datetime, timedelta
6 from dateutil.relativedelta import relativedelta
7
8+from openerp import SUPERUSER_ID
9 from osv import fields, osv
10 from tools.translate import _
11 import netsvc
12@@ -292,7 +293,7 @@
13 def _check_sheet_state(self, cr, uid, ids, context=None):
14 if context is None:
15 context = {}
16- for timesheet_line in self.browse(cr, uid, ids, context=context):
17+ for timesheet_line in self.browse(cr, SUPERUSER_ID, ids, context=context):
18 if timesheet_line.sheet_id and timesheet_line.sheet_id.state not in ('draft', 'new'):
19 return False
20 return True
21@@ -308,7 +309,7 @@
22 return super(hr_timesheet_line,self).unlink(cr, uid, ids,*args, **kwargs)
23
24 def _check(self, cr, uid, ids):
25- for att in self.browse(cr, uid, ids):
26+ for att in self.browse(cr, SUPERUSER_ID, ids):
27 if att.sheet_id and att.sheet_id.state not in ('draft', 'new'):
28 raise osv.except_osv(_('Error!'), _('You cannot modify an entry in a confirmed timesheet.'))
29 return True
30@@ -403,14 +404,14 @@
31 self._check(cr, uid, ids)
32 res = super(hr_attendance,self).write(cr, uid, ids, vals, context=context)
33 if 'sheet_id' in context:
34- for attendance in self.browse(cr, uid, ids, context=context):
35+ for attendance in self.browse(cr, SUPERUSER_ID, ids, context=context):
36 if context['sheet_id'] != attendance.sheet_id.id:
37 raise osv.except_osv(_('User Error!'), _('You cannot enter an attendance ' \
38 'date outside the current timesheet dates.'))
39 return res
40
41 def _check(self, cr, uid, ids):
42- for att in self.browse(cr, uid, ids):
43+ for att in self.browse(cr, SUPERUSER_ID, ids):
44 if att.sheet_id and att.sheet_id.state not in ('draft', 'new'):
45 raise osv.except_osv(_('Error!'), _('You cannot modify an entry in a confirmed timesheet'))
46 return True

Subscribers

People subscribed via source and target branches

to all changes: