[7.0] Access control: allow create, disable write

Bug #1081375 reported by Li Wee, Ong on 2012-11-21

This bug report was converted into a question: question #214854: [7.0] Access control: allow create, disable write.

6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Odoo Addons (MOVED TO GITHUB)
Invalid
Undecided
Unassigned

Bug Description

In 6.1, I am able to restrict the user's access privileges, i.e. allow product creation, disallow product modification

Implementation steps in 6.1
1. Install CRM, Sales module
2. Add test user
3. Settings->user->edit test user->Access Rights tab->Under sales, set "User - own leads only"
4. Settings->group->edit "User - own leads only"->Access Rights tab
5. Check "create permission" for product.product sale use
6. Check "create permission" for product.template sale use
7. Add new access rights based on model "stock.warehouse.orderpoint / Minimum Inventory Rule"
8. Check "read permission" for Minimum Inventory Rule
9. Save

With these steps, the test user is able to create products but unable to edit existing products.

However, when I try to follow these steps in 7.0, I am unable to find module "stock.warehouse.orderpoint / Minimum Inventory Rule". Furthermore, the error message also seem to indicate that there is now no distinction between create and write accesss? Please see error below

2012-11-21 00:38:45,785 2234 WARNING None openerp.addons.base.ir.ir_model: Access Denied by ACLs for operation: write, uid: 321, model: product.product
2012-11-21 00:38:45,786 2234 ERROR None openerp.netsvc: Access Denied
Sorry, you are not allowed to modify this document. Only users with the following access level are currently allowed to do that:
- Sales/Manager

(Document model: product.product)
Traceback (most recent call last):
  File "/opt/openerp/server/openerp/netsvc.py", line 361, in dispatch_rpc
    result = ExportService.getService(service_name).dispatch(method, params)
  File "/opt/openerp/server/openerp/service/web_services.py", line 596, in dispatch
    res = fn(db, uid, *params)
  File "/opt/openerp/server/openerp/osv/osv.py", line 167, in execute_kw
    return self.execute(db, uid, obj, method, *args, **kw or {})
  File "/opt/openerp/server/openerp/osv/osv.py", line 123, in wrapper
    raise except_osv(inst.name, inst.value)
except_osv: ('Access Denied', u'Sorry, you are not allowed to modify this document. Only users with the following access level are currently allowed to do that:\n- Sales/Manager\n\n(Document model: product.product)')

Li Wee, Ong (liwee-ong) wrote :
Changed in openobject-addons:
status: New → Invalid

Hello Li Wee,

For that you must have to assign the write's rights to your user then you can successfully create the product.
It's not a bug cause its our Framework architecture, when ever you are going to create any of the record then write method will automatically called.

It's not a bug rather than a questions to I am converting it you can see the answer on question.

Thanks for the understanding!

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions