Error loading logo within mulit-company setup

Bug #1161115 reported by Dawn Richardson on 2013-03-27
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Odoo Web (MOVED TO GITHUB)
New
Undecided
Unassigned

Bug Description

This is a minor bug which only occurs in a very specific setup, but it is a bug all the same and should be fixed at some point.

To replicate: (using version 7.0-20130313-002537)
- Run server in debug mode and create a new DB
- Go to Users > Adminstrator and update the access rights to the following: Multi-Companies=True. Technical Features = True.
- Refresh and then go to Companies and create a new company, 'Company B'
- Go to Users and create a new user, 'User B' with the following access rights: company='Your Company'. Allowed Companies='Your Company', 'Company B'. Adminstration='Settings'. Multi Companies= True.
- Change User B 's password
- Sign in as User B.
- Go to Preferences in top right corner
- Change Company from 'Your Company' to 'Company B'.
- Click Save and watch the log. The following error is thrown:
'Access Denied', The requested operation cannot be completed due to security restrictions.
- No logo is loaded where it normally would be, on the left menu

From the stack trace it is clear the issue stems from loading the web_logo field:
2013-03-27 21:10:59,564 15266 ERROR TestBug openerp.addons.web.http.HttpRequest.dispatch: An error occurred while handling a json request
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/openerp/addons/web/http.py", line 284, in dispatch
    r = method(self, **self.params)
  File "/usr/lib/pymodules/python2.7/openerp/addons/web/controllers/main.py", line 1371, in company_logo
    if user.company_id.logo_web:
  File "/usr/lib/pymodules/python2.7/openerp/osv/orm.py", line 485, in __getattr__
    return self[name]
  File "/usr/lib/pymodules/python2.7/openerp/osv/orm.py", line 400, in __getitem__
    field_values = self._table.read(self._cr, self._uid, ids, field_names, context=self._context, load="_classic_write")
  File "/usr/lib/pymodules/python2.7/openerp/addons/base/res/res_users.py", line 799, in read
    res = super(users_view, self).read(cr, uid, ids, fields, context=context, load=load)
  File "/usr/lib/pymodules/python2.7/openerp/addons/base/res/res_users.py", line 272, in read
    result = super(res_users, self).read(cr, uid, ids, fields=fields, context=context, load=load)
  File "/usr/lib/pymodules/python2.7/openerp/osv/orm.py", line 3605, in read
    result = self._read_flat(cr, user, select, fields, context, load)
  File "/usr/lib/pymodules/python2.7/openerp/osv/orm.py", line 3681, in _read_flat
    res2 = self.pool.get(table).read(cr, user, [x[col] for x in res], cols, context, load)
  File "/usr/lib/pymodules/python2.7/openerp/osv/orm.py", line 3605, in read
    result = self._read_flat(cr, user, select, fields, context, load)
  File "/usr/lib/pymodules/python2.7/openerp/osv/orm.py", line 3660, in _read_flat
    self._check_record_rules_result_count(cr, user, sub_ids, result_ids, 'read', context=context)
  File "/usr/lib/pymodules/python2.7/openerp/osv/orm.py", line 3863, in _check_record_rules_result_count
    (self._description, operation))
except_orm: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: Partner, Operation: read)')

Dawn Richardson (r-dawn) wrote :

After some investigation, it is clear the "Access Denied" is caused by trying to access the partner_id field of User. This fails as UserB's partner_id is linked to company "Your Company", while the user only has access to view "CompanyB".

To avoid this problem I have proposed a fix (see related branch above) which only retrieves the fields immeditely required to get logo_web and will now display the logo without error.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers