Odoo Addons (MOVED TO GITHUB)

wrong logic in module Project in field parent_id

Bug #718890 reported by Normunds (Alistek)
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Odoo Addons (MOVED TO GITHUB)
Confirmed
Wishlist
OpenERP R&D Addons Team 1

Bug Description

OpenERP stable 6.0.1

As ver. 6.0 openerp project object was linked to account.analytic.account there are logical inconsistence. When user opens parent project, analytic account view is displayed instead of parent project view (not like in project.tasks project.project relation, what is ok).
This is wrong, because it is NOT desirable, that project users view analytic accounts, even if project is almost the same as analytic account in ver.6 now.
This will also lead to browse problems in parent project for users with limited rights in certain multicompany setups for example:
Define project structure like:

instead setting one root "All Projects":
set:
Company A Root Project (Appropriate Analytic Account belongs to Company A)
Company B Root Project (Appropriate Analytic Account belongs to Company B)

It will lead for limited user, when browsing for parent project an error:
"
AccessError
Operation prohibited by access rules, or performed on an already deleted document (Operation: read, Document type: Analytic Account).
"
What is theorethically is right, because we do not want limited user see Analytic Accounts for another company. But then limited user cannot browse on projects - and this leads to broken functionality.

Tags: project
Amit Parik (amit-parik)
Changed in openobject-addons:
assignee: nobody → OpenERP R&D Addons Team 1 (openerp-dev-addons1)
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Sébastien BEAU - http://www.akretion.com (sebastien.beau) wrote :

I face to the same problem, when i use multicompany and project, I can not select the project_parent_id in the project view.

Indeed if you take a look in the code of the module analytic you see an ugly sql request line 226 of file analytic.py

        if context.get('current_model') == 'project.project':
            cr.execute("select analytic_account_id from project_project")
            project_ids = [x[0] for x in cr.fetchall()]

This request return all project ids without checking if the project is in the same company as the user. The problem is the same user can not read the information of this project due to the ir.rule, and so OpenERP raise an error.

I will be better to remove this sql request and getting the list of project according to the ir.rule.

For that you just need to replace this sql request by a search and read method.

I join a path which work for us.

Best Regards

Revision history for this message
samirdouichi (samirdouichi) wrote :

I face to the same problem, when i use multicompany and project, I can not select the project_parent_id in the project view.

Twinkle Christian(OpenERP) (tch-openerp)
tags: added: project
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.