2013-10-22 10:03:12 |
Cedric Le Brouster(OpenFire) |
bug |
|
|
added bug |
2013-10-22 10:03:12 |
Cedric Le Brouster(OpenFire) |
attachment added |
|
OpenERP_write_attribute_readonly_v7.0.diff https://bugs.launchpad.net/bugs/1243142/+attachment/3887265/+files/OpenERP_write_attribute_readonly_v7.0.diff |
|
2013-10-22 10:05:28 |
Cedric Le Brouster(OpenFire) |
description |
When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.
I think the field should be set as readonly through orm fields_get method.
I think this could partially solve problem in https://bugs.launchpad.net/openobject-server/+bug/983018
I join a patch for v7.0. |
When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.
I think the field should be set as readonly through orm fields_get method.
I think this could partially solve problem in https://bugs.launchpad.net/bugs/969198
I join a patch for v7.0. |
|
2013-10-22 10:05:47 |
Cedric Le Brouster(OpenFire) |
description |
When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.
I think the field should be set as readonly through orm fields_get method.
I think this could partially solve problem in https://bugs.launchpad.net/bugs/969198
I join a patch for v7.0. |
When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.
I think the field should be set as readonly through orm fields_get method.
I think this could partially solve problem in lp:969198
I join a patch for v7.0. |
|
2013-10-22 10:07:22 |
Cedric Le Brouster(OpenFire) |
description |
When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.
I think the field should be set as readonly through orm fields_get method.
I think this could partially solve problem in lp:969198
I join a patch for v7.0. |
When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.
I think the field should be set as readonly through orm fields_get method.
I think this could partially solve problem in lp:983018
I join a patch for v7.0. |
|
2013-10-23 15:42:28 |
Cedric Le Brouster(OpenFire) |
attachment removed |
OpenERP_write_attribute_readonly_v7.0.diff https://bugs.launchpad.net/openobject-server/+bug/1243142/+attachment/3887265/+files/OpenERP_write_attribute_readonly_v7.0.diff |
|
|
2013-10-23 15:44:05 |
Cedric Le Brouster(OpenFire) |
attachment added |
|
OpenERP_write_attribute_readonly_v7.0.diff https://bugs.launchpad.net/openobject-server/+bug/1243142/+attachment/3888756/+files/OpenERP_write_attribute_readonly_v7.0.diff |
|
2013-10-23 15:47:22 |
Cedric Le Brouster(OpenFire) |
description |
When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.
I think the field should be set as readonly through orm fields_get method.
I think this could partially solve problem in lp:983018
I join a patch for v7.0. |
When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.
I think the field should be set as readonly through orm fields_get method.
I think this could partially solve problem in lp:983018
I join a patch for v7.0.
Edit : Updated patch to include :
- No check for superuser
- Raise exception instead of simply ignoring field |
|
2013-10-24 12:29:28 |
Cedric Le Brouster(OpenFire) |
attachment removed |
OpenERP_write_attribute_readonly_v7.0.diff https://bugs.launchpad.net/openobject-server/+bug/1243142/+attachment/3888756/+files/OpenERP_write_attribute_readonly_v7.0.diff |
|
|
2013-10-24 12:30:01 |
Cedric Le Brouster(OpenFire) |
attachment added |
|
OpenERP_write_attribute_readonly_v7.0.diff https://bugs.launchpad.net/openobject-server/+bug/1243142/+attachment/3889667/+files/OpenERP_write_attribute_readonly_v7.0.diff |
|
2013-10-24 12:34:08 |
Cedric Le Brouster(OpenFire) |
description |
When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.
I think the field should be set as readonly through orm fields_get method.
I think this could partially solve problem in lp:983018
I join a patch for v7.0.
Edit : Updated patch to include :
- No check for superuser
- Raise exception instead of simply ignoring field |
When a field is defined in .py file with attribute write=[some user groups], users that don't belong to these groups can edit this field and save.
The write right is only checked in the write() method and doesn't raise an exception, so if the user is not aware he doesn't see the field hasn't changed.
I think the field should be set as readonly through orm fields_get method.
I think this could partially solve problem in lp:983018
I join a patch for v7.0.
Edit : Updated patch to include :
- No check for superuser
- Raise exception instead of simply ignoring field
Edit : Updated patch to include :
- Same changes for create() method
- Moved the chek in create() method before the call of _add_missing_default_values() because a user that has the rights to create an object should not get stopped by this |
|