[trunk/7.0] Access rights not correctly taken into account for reports
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Odoo Addons (MOVED TO GITHUB) |
Fix Committed
|
Medium
|
OpenERP R&D Addons Team 3 | ||
Bug Description
Go on a runbot DB all
1. Select the "Invoices" report in Settings > Technical > Action > Reports
2. Modify the security on the second tab by adding "Fleet / User" in the security (That's stupid but it's for the sake of the demo)
3. Change the access rights of the demo user so that he has accounting manager rights, but not fleet / user rights
4. Connect with demo user
5. Go on an invoice that's validated. That's ok for the "print top" button: the report dissapeared. but:
6. You'll see the print button in the status bar is still available and usable while Demo user shouldn't have access to it.
7. Moreover, if you use the invoice report and that this report created an attachment, the attachment would be downloadable (less important here but still wrong)
Related branches
- OpenERP Core Team: Pending requested
-
Diff: 26 lines (+9/-0)1 file modifiedaccount/account_invoice.py (+9/-0)
| Antoine(OpenERP) (ahu-openerp) wrote | #1 |
| summary: |
- [7.0] Access right report + [7.0] Access rights not correctly taken into account for reports |
| Changed in openobject-addons: | |
| assignee: | nobody → OpenERP R&D Addons Team 3 (openerp-dev-addons3) |
| importance: | Undecided → Medium |
| status: | New → Confirmed |
| summary: |
- [7.0] Access rights not correctly taken into account for reports + [trunk/7.0] Access rights not correctly taken into account for reports |
| summary: |
- [trunk/7.0] Access rights not correctly taken into account for reports + [7.0] Access rights not correctly taken into account for reports |
| summary: |
- [7.0] Access rights not correctly taken into account for reports + [trunk/7.0] Access rights not correctly taken into account for reports |
| Changed in openobject-addons: | |
| status: | Confirmed → In Progress |
| Chirag Dodiya(OpenERP) (chirag.dodiya-openerp) wrote | #2 |
| Changed in openobject-addons: | |
| status: | In Progress → Fix Committed |
Hello,
It has been Fixed in this branch: https:/
revision-id: <email address hidden>
revno: 9032.
It will be available in trunk soon.