[7.0]Same object and same group assigned the multiple times then last one is override the first created access

Bug #1125216 reported by Alexander Koch

This bug report was converted into a question: question #238464: [7.0]Same object and same group assigned the multiple times then last one is override the first created access.

12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Odoo Server (MOVED TO GITHUB)
Invalid
Undecided
Unassigned

Bug Description

Hello!

We tried to grant access to an external customer to some parts of our OpenERP instance via the portal. During this we encountered a strange behaviour of the access rights and rules. I hope the description of the problem is understandable.

What we did:

- Settings → Users → Groups created a new user group “portal new”
- Access Rights → Added a rule for Object Invoice → granted all access for this group
- Rules → Add new rule
  - New rule belongs to Invoice
  - Domain Filter: [('message_follower_ids','in',[user.partner_id.id])]
  - Access Rights: All
  - Groups: new group “portal new”
  - Save the rule
-Rules → add a second new rule
  - Everything the same as the first rule

Everything works as expected.

Problems occur if we change the second rule: If we modify the access rights of the rule, the access rights of the second rule override the rules of the first one. For example if the first one grants read+write access and the second one grants read access only read access is granted to the logged in portal user and vice versa. If only a single rule is present non of the selected access rights for the rules grant or restrict any access. In this case only the Access Rights (in the Access Rights Tab) grant or restrict the access. The domain filter of the rule is still working.

Although mentioned in the release notes for V7 that no button is present if the user has no right for the action buttons are still present if the access is granted via the Access Right-Tab. It seems as if you have to define a basic set of rights at the Access Right-Tab which displays all the necessary buttons too. The rules restrict these rights if there is more than one rule present but buttons are still present (an error message appears if the user tries to save a change if he has no right – not the button is hidden).

Second big problem: As the second rule can override the first rules access rights it is important to know which rule is the first and which is the second one. Nothing indicates which one is which. Not even the view's order indicates it. Only try and error can tell you that.

Greets

OpenERP V7
Webclient
Server: Ubuntu 12.04 Server

Amit Parik (amit-parik)
affects: openerp-web → openobject-addons
Revision history for this message
Amit Parik (amit-parik) wrote :

Hello Alexander,

This is not the problem but its desired behavior of the openerp framework when you used the same object and same group then always last created and last loaded rights/record will be override the first created access.

Normally this is not feasible that we have used the same group , same object and assigned the different rights manytimes, So at this time last created or loaded access will be considered and old one will be override because there is no possibility that both rights will be work together.
Here you can see that you have created 2nd rule will be last one. So It will be apply and first one will be override that's the normal.

This is not a bug rather then a question, So let me convert into question!

Thank you!

affects: openobject-addons → openobject-server
summary: - [7.0] Access rights for portal do not work properly
+ [7.0]Same object and same group assigned the multiple times then last
+ one is override the first created access
Changed in openobject-server:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.