fields with write attribute should be readonly
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Server (MOVED TO GITHUB) |
New
|
Undecided
|
Unassigned |
Bug Description
When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.
I think the field should be set as readonly through orm fields_get method.
I think this could partially solve problem in lp:983018
I join a patch for v7.0.
Edit : Updated patch to include :
- No check for superuser
- Raise exception instead of simply ignoring field
Edit : Updated patch to include :
- Same changes for create() method
- Moved the chek in create() method before the call of _add_missing_
description: | updated |
description: | updated |
description: | updated |
description: | updated |