Odoo Addons (MOVED TO GITHUB)

[trunk/7.0]On the Anonymous portal you are able to list dashboards

Bug #1157896 reported by Csaba TOTH on 2013-03-20

16

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Odoo Addons (MOVED TO GITHUB)	Fix Released	Medium	OpenERP R&D Addons Team 1

Bug Description

Try this:

* install portal_anonymus module
* logout, the portal will come up
* you are on the "News" page for example
* open the search window on the top right
* open the "Add to Dashboard"

Now you are able to see the created dashboards in the system, and you can click on the Add button, what is gone to error:

Client Traceback (most recent call last):
File "c:\oefwt3\Lib\site-packages\openerp-7.0-py2.7.egg\openerp\addons\web\http.py", line 203, in dispatch
response["result"] = method(self, **self.params)
TypeError: add_to_dashboard() takes at least 7 arguments (7 given)

Another thing is with the save custom filters (in the same search window).

Related branches

lp:openobject-addons/7.0

lp:~openerp-dev/openobject-addons/7.0-bug-1157896-chs (Merged)

lp:~ocb/ocb-addons/rs-ocb-70

Revision history for this message

Rajesh Prajapati (OpenERP) (rpr-tinyerp) wrote on 2013-03-21:

#1

portal.ogv Edit (4.4 MiB, video/ogg)

Changed in openobject-addons:
status:	New → Confirmed

Twinkle Christian(OpenERP) (tch-openerp) on 2013-03-21

Changed in openobject-addons:
assignee:	nobody → OpenERP R&D Addons Team 1 (openerp-dev-addons1)
importance:	Undecided → Medium
summary:	- On the Anonymous portal you are able to list dashboards + [trunk/7.0]On the Anonymous portal you are able to list dashboards

Revision history for this message

Csaba TOTH (tsabi) wrote on 2013-03-21:

#2

Hi,
on the video i see you didn't logged out. Originally i mean "you are able to see the list of dashboards" when you are logged out, and browsing the anonymous portal.
best regards,
Csaba

Revision history for this message

Olivier Dony (Odoo) (odo-openerp) wrote on 2013-03-26:

#3

Note: The error "TypeError: add_to_dashboard() takes at least 7 arguments (7 given)" was caused by having the Add To Dashboard option shown on screens where it should not have been visible.
This is fixed in addons 7.0 at revision 8910 (revision-id: <email address hidden>).

There is still an issue with the fact that the list of dashboards is readable for the anonymous user. This is not much of a disclosure but some might consider it a security problem nevertheless. The `board` module should enforce better security by default and hide the "Add to Dashboard" option when access to the list of dashboards is not permitted.

Revision history for this message

Csaba TOTH (tsabi) wrote on 2013-03-26:

#4

Hi, exactly this privacy concern was my original purpose to create this bug report!

Revision history for this message

Christophe Simonis (OpenERP) (kangol) wrote on 2013-10-30:

#5

Fixed by 9549 <email address hidden>

Changed in openobject-addons:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

portal.ogv Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.