Odoo Server (MOVED TO GITHUB)

fields with write attribute should be readonly

Bug #1243142 reported by Cedric Le Brouster(OpenFire)
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Odoo Server (MOVED TO GITHUB)
New
Undecided
Unassigned

Bug Description

When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.

I think the field should be set as readonly through orm fields_get method.

I think this could partially solve problem in lp:983018

I join a patch for v7.0.

Edit : Updated patch to include :
- No check for superuser
- Raise exception instead of simply ignoring field

Edit : Updated patch to include :
- Same changes for create() method
- Moved the chek in create() method before the call of _add_missing_default_values() because a user that has the rights to create an object should not get stopped by this

See original description
Cedric Le Brouster(OpenFire) (cedric-lebrouster)
description: updated
description: updated
description: updated
Cedric Le Brouster(OpenFire) (cedric-lebrouster)
description: updated
Revision history for this message
Cedric Le Brouster(OpenFire) (cedric-lebrouster) wrote :
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.