Error loading logo within mulit-company setup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Web (MOVED TO GITHUB) |
New
|
Undecided
|
Unassigned |
Bug Description
This is a minor bug which only occurs in a very specific setup, but it is a bug all the same and should be fixed at some point.
To replicate: (using version 7.0-20130313-
- Run server in debug mode and create a new DB
- Go to Users > Adminstrator and update the access rights to the following: Multi-Companies
- Refresh and then go to Companies and create a new company, 'Company B'
- Go to Users and create a new user, 'User B' with the following access rights: company='Your Company'. Allowed Companies='Your Company', 'Company B'. Adminstration=
- Change User B 's password
- Sign in as User B.
- Go to Preferences in top right corner
- Change Company from 'Your Company' to 'Company B'.
- Click Save and watch the log. The following error is thrown:
'Access Denied', The requested operation cannot be completed due to security restrictions.
- No logo is loaded where it normally would be, on the left menu
From the stack trace it is clear the issue stems from loading the web_logo field:
2013-03-27 21:10:59,564 15266 ERROR TestBug openerp.
Traceback (most recent call last):
File "/usr/lib/
r = method(self, **self.params)
File "/usr/lib/
if user.company_
File "/usr/lib/
return self[name]
File "/usr/lib/
field_values = self._table.
File "/usr/lib/
res = super(users_view, self).read(cr, uid, ids, fields, context=context, load=load)
File "/usr/lib/
result = super(res_users, self).read(cr, uid, ids, fields=fields, context=context, load=load)
File "/usr/lib/
result = self._read_flat(cr, user, select, fields, context, load)
File "/usr/lib/
res2 = self.pool.
File "/usr/lib/
result = self._read_flat(cr, user, select, fields, context, load)
File "/usr/lib/
self.
File "/usr/lib/
(self.
except_orm: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
After some investigation, it is clear the "Access Denied" is caused by trying to access the partner_id field of User. This fails as UserB's partner_id is linked to company "Your Company", while the user only has access to view "CompanyB".
To avoid this problem I have proposed a fix (see related branch above) which only retrieves the fields immeditely required to get logo_web and will now display the logo without error.