Odoo Addons (MOVED TO GITHUB)

[7.0] The admin account is the only allowed to create menu entries in document_page module

Bug #1312665 reported by Franck BRET
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Odoo Addons (MOVED TO GITHUB)
Fix Released
Low
OpenERP Publisher's Warranty Team

Bug Description

Summary:
The admin user is the only one allowed to create menu entries for knowledge pages.

Version:
7-0-32520

(Build 32520)
server (5288)
addons (10014)
web (4180)

Error:
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: ir.values, Operation: create)

Steps to reproduce:

AS THE ADMIN USER
1. Install Knowledge and document management
2. Enable : Settings/Knowledge/Static pages
3. Go to Knowledge/Pages
4. Click Create
5. Enter a page name 'My page'
6. Enter a category name 'My category'
7. Save
8. Go back to page list clicking on "knowledge/pages/pages"
9. Edit the page entry 'My category'
10. Use the "More" drop-down menu to access the create menu option.
11. A wizard pops up with the menu name and a "parent menu"
12. Set "Messaging/Messaging" as the parent menu
13. Click "Create Menu"
14. Check that the new menu entry linked to the new page is displayed

In this case, as the admin user, it works as expected

Now create a new user.

Create "my_user" as a new user
Set its access right to :
knowledge: User
Human ressource : Employee
Administration : Settings (if not the "more/create a menu" will not appear for the new user)

Now with "my_user" connected reproduce the above steps.
On step 13 you'll have the following error :

"Access Denied

The requested operation cannot be completed due to security restrictions. Please contact your system administrator.

(Document type: ir.values, Operation: create)"

Related branches

lp:~openerp-dev/openobject-addons/7.0-opw-607160-rgo
Martin Trigaux (OpenERP) (community): Approve
Diff: 20 lines (+2/-1)
1 file modified
document_page/wizard/document_page_create_menu.py (+2/-1)
Revision history for this message
Franck BRET (franckbret) wrote :
Vinay Rana (OpenERP) (vra-openerp)
Changed in openobject-addons:
assignee: nobody → OpenERP Publisher's Warranty Team (openerp-opw)
tags: added: maintenance
Revision history for this message
Ravi Gohil (OpenERP) (rgo-openerp) wrote :

Hello,

This issue's been fixed in the branch: lp:~openerp-dev/openobject-addons/7.0-opw-607160-rgo by revision-id: <email address hidden> and revision#: 10037.

Fix will soon be reviewed by our experts and will be merged with main stable branch after it gets their approval.

Thanks.

Changed in openobject-addons:
importance: Undecided → Low
status: New → Fix Committed
Revision history for this message
Martin Trigaux (OpenERP) (mat-openerp) wrote :

Hello,

We have merged a fix for this issue, thanks for the report

revno: 10039 [merge]
revision-id: <email address hidden>

Changed in openobject-addons:
status: Fix Committed → Fix Released
Revision history for this message
Franck BRET (franckbret) wrote :

Hi,

Thanks for your work but your fix doesn't change anything. In the patch you force the id to be the SUPERUSER_ID, but that's exactly what we don't want...

The problem is still that no other account than the admin one can create a new menu account, so the error with a non admin account is still the same.

"""
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: ir.values, Operation: create)
"""

I think the only way to let non SUPERUSER create a menu, is to add some more access rules in the knowledge module and maybe in the base access rules.

What we want is to let a manager create a menu entry.

Is that more clear for you ?

Thanks in advance

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.