Odoo Addons (MOVED TO GITHUB)

[7.0]Access error on project task work (Document type: hr analytic timesheet, Operation: create)

Bug #1094135 reported by El Hadji Dem (http://www.savoirfairelinux.com) on 2012-12-27

This bug affects 5 people

	Status	Importance	Assigned to
Odoo Addons (MOVED TO GITHUB)	Status tracked in Trunk
7.0	Fix Released	Low	OpenERP Publisher's Warranty Team
Trunk	Confirmed	Medium	OpenERP R&D Addons Team 1

Bug Description

When I create a task work in Project -> Tasks, I have this message

The requested operation cannot be completed due to security restrictions. Please contact your system administrator.

(Document type: hr analytic timesheet, Operation: create)

See original description

Tags:

Related branches

lp:~openerp-dev/openobject-addons/trunk-bug-1094135-vaishali

lp:~openerp-dev/openobject-addons/7.0-opw-593517-rha

Approved for merging into lp:openobject-addons/7.0

Rifakat Husen (OpenERP) (community): Disapprove on 2013-12-09

Naresh(OpenERP) (community): Approve on 2013-08-29

Revision history for this message

Amit Bhavsar (Open ERP) (amb-openerp) wrote on 2013-01-03:

projectTask.png Edit (99.7 KiB, image/png)

Hello,

I have faced the same problem on 7.0 and 6.1 when create a task line with project user rights. so I have attched the screensort for reference. please give look.. .

Thanks!

Changed in openobject-addons:
status:	New → Confirmed
importance:	Undecided → Medium
assignee:	nobody → OpenERP R&D Addons Team 1 (openerp-dev-addons1)

Revision history for this message

Amit Parik (amit-parik) wrote on 2013-01-03: Re: [7.0]Operation prohibited by access rules, or performed on an already deleted document (Operation: write, Document type: hr analytic timesheet)

Hello,

On trunk this issue is working fine, problem only occurs up tp 7.0

Thank you!

summary:

- Operation prohibited by access rules, or performed on an already deleted
- document (Operation: write, Document type: hr analytic timesheet)
+ [7.0]Operation prohibited by access rules, or performed on an already
+ deleted document (Operation: write, Document type: hr analytic
+ timesheet)

Revision history for this message

El Hadji Dem (http://www.savoirfairelinux.com) (eh-dem) wrote on 2013-01-03:

error page.png Edit (80.7 KiB, image/png)

Hello Amit, I tested but I have the same message .I have attached a screenshot for reference.

Revision history for this message

Amit Parik (amit-parik) wrote on 2013-01-04:

Hello,

Tried with http://trunk_1317.runbot.openerp.com but didn't get the problem.
Additionally problem only faced on 7.0 only.

Thank you!

Amit Parik (amit-parik) on 2013-01-10

description:	updated
summary:	- [7.0]Operation prohibited by access rules, or performed on an already - deleted document (Operation: write, Document type: hr analytic - timesheet) + [7.0]Access error on project task work (Document type: hr analytic + timesheet, Operation: create)

Revision history for this message

El Hadji Dem (http://www.savoirfairelinux.com) (eh-dem) wrote on 2013-02-27:

Hello , I got the same problem .

Anyone has an idea to resolve this bug.

I tested but the bug persists in openerp6.1 and OpenErp7.0.

Revision history for this message

Amit Bhavsar (Open ERP) (amb-openerp) wrote on 2013-03-07:

stillProduce.png Edit (132.3 KiB, image/png)

Hello Folks,

I have double check this Issue. It's still presist. That's why I have attached the screen capture for reference.

for more info :- lp:1136289

Thanks!

Revision history for this message

El Hadji Dem (http://www.savoirfairelinux.com) (eh-dem) wrote on 2013-03-07:

Hello Amit, I got the same problem. I am still waiting for a solution.

Revision history for this message

Rifakat Husen (OpenERP) (rha-openerp) wrote on 2013-06-17:

Hi guys,

I think this is record rule problem. Task work entry of any user should not be seen by other users and this is not been taken care.

Technically the problem is,
Project - "project1" (team= administrator, user1, user2)
Task - "task1", Assigned to = No one

- user1 logs in and enter task work entry.
- user2 logs in, able to see task work entry of user1(problem)
- user2 adds his new entry
- try to save task, raises access warning(either hr.analytic.timesheet or Timesheet Line)

It is because when user2 tries to save record, project.task.write() call for for o2m task work(work_ids), it adds new dict for
user2 entry([0, False, {}]) as well as keep the link of user1's task entry(by [4, id, False]), this ultimately means,
when a user tries to save his record, another's user's record is also getting linked in write() call(web client architecture).

I am going to add a record rule for object project.task.work so entry should be seen by a user himself.
Please correct me if I am wrong.

Revision history for this message

Rifakat Husen (OpenERP) (rha-openerp) wrote on 2013-06-17:

Hi eh.dem,

Does this branch solve the problem, could you please check?
lp:~openerp-dev/openobject-addons/7.0-opw-593517-rha
rev 4295

Thanks.

Revision history for this message

Rifakat Husen (OpenERP) (rha-openerp) wrote on 2013-07-29:

#10

Hi, I just tested this on runbot http://trunk-16181.runbot.openerp.com/ and this bug is reproduceable on Trunk too.
I reproduce it wrt #8.

Revision history for this message

Rifakat Husen (OpenERP) (rha-openerp) wrote on 2013-07-29:

#11

Fixed for 7.0 in,
lp:~openerp-dev/openobject-addons/7.0-opw-593517-rha
r9327, <email address hidden>

Thanks for reporting,
Rifakat

Revision history for this message

Rifakat Husen (OpenERP) (rha-openerp) wrote on 2013-12-09:

#12

This has been taken care from server 7.0,
Revision 5162, Revision ID: <email address hidden>

Thanks Martin for your fix,
Rifakat

Twinkle Christian(OpenERP) (tch-openerp) on 2014-01-06

tags:

added: project

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1136289

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.