Odoo Addons (MOVED TO GITHUB)

Permission error on notes when creating user

Bug #1156215 reported by Steven Segers on 2013-03-17

This bug affects 7 people

	Status	Importance	Assigned to	Milestone
Odoo Addons (MOVED TO GITHUB)	Fix Released	Low	OpenERP Publisher's Warranty Team	Odoo Addons (MOVED TO GITHUB) 7.0
OpenERP Community Backports (Addons)	Status tracked in 7.0
7.0	Fix Released	Undecided	Holger Brunn (Therp)

Bug Description

I'm just getting started with OpenERP, so forgive me if I'm missing something obvious.

Some time ago I ran into this bug: https://bugs.launchpad.net/openobject-server/+bug/1021378 concerning access rights issues when creating a user.
After applying the patch, I could still not create a new user. I thought I still had the same issue, but on closer inspection I found that the error now concerned a different object: Notes instead of Users.

So, just as with the other bug, the issue is I can only create new users as the default admin user, not as any other user that has administrative permissions.

At first I got this exception:
2013-03-17 12:52:14,878 5200 ERROR segrey openerp.netsvc: Access Denied
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.

(Document type: Note Stage, Operation: read)
Traceback (most recent call last):
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\netsvc.py", line 293, in dispatch_rpc
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\service\web_services.py", line 626, in dispatch
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\osv\osv.py", line 188, in execute_kw
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\osv\osv.py", line 144, in wrapper
except_osv: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: Note Stage, Operation: read)')

I modified osv.py to not eat-up the exception. Then I got this:
Server Traceback (most recent call last):
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\openerp\addons\web\session.py", line 90, in send
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\netsvc.py", line 293, in dispatch_rpc
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\service\web_services.py", line 626, in dispatch
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\osv\osv.py", line 189, in execute_kw
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\osv\osv.py", line 131, in wrapper
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\osv\osv.py", line 198, in execute
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\osv\osv.py", line 186, in execute_cr
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\openerp\addons\crm\crm_meeting.py", line 76, in create
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\openerp\addons\auth_signup\res_users.py", line 274, in create
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\openerp\addons\note\note.py", line 194, in create
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\osv\orm.py", line 5023, in copy
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\osv\orm.py", line 4914, in copy_data
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\osv\orm.py", line 3604, in read
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\osv\orm.py", line 3659, in _read_flat
  File "C:\Program Files (x86)\OpenERP 7.0\Server\server\.\openerp\osv\orm.py", line 3862, in _check_record_rules_result_count
except_orm: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: Note Stage, Operation: read)')

So as far as I understand there seems to be an issue copying notes to the new user. But my knowledge does not stretch far enough to interpret this further.

Tags:

Related branches

lp:~openerp-dev/openobject-addons/7.0-bug-1156215-rha

Rejected for merging into lp:openobject-addons/7.0

Christophe Simonis (OpenERP): Disapprove on 2013-10-09

Naresh(OpenERP): Pending requested 2013-05-15

lp:~ocb/ocb-addons/7.0-1156215

Merged into lp:ocb-addons at revision 9472

Guewen Baconnier @ Camptocamp: Approve on 2013-08-30

Stefan Rijnhart (Opener): Approve on 2013-08-08

lp:~openerp-dev/openobject-addons/7.0-fix-1156215-chs (Merged)

lp:ocb-addons

lp:~ocb/ocb-addons/rs-ocb-70

Revision history for this message

Steven Segers (steven-segers) wrote on 2013-03-24:

I believe this is the same issue as mentioned in this question: http://help.openerp.com/question/5735/cant-create-new-users-with-id-that-has-admin-rights/

tags:

added: v7

Revision history for this message

Jignesh Rathod(OpenERP) (jir-openerp) wrote on 2013-04-09:

Hello Steven ,

I have checked this issue with latest 7.0 as well as trunk.
Currently it's working fine with latest code so would you please
try with latest code and give information regarding this issue.

Thanks and waiting for reply!

Changed in openobject-server:
status:	New → Incomplete

Revision history for this message

Rifakat Husen (OpenERP) (rha-openerp) wrote on 2013-04-18:

Hi,

I think problem lies in module note.
create() is overridden in note module which is root of the issue I think.

Thanks.

Revision history for this message

Carlos Pueyo (cpueyo) wrote on 2013-04-18:

I have this error in all modules that have rules. I delete all rules and i work perfectly.

Changed in openobject-server:
status:	Incomplete → Confirmed

Revision history for this message

Rifakat Husen (OpenERP) (rha-openerp) wrote on 2013-04-18:

I think the problem is due to xml id usage in create(). Static xml records are being
used to create copy of the stage but those xml stages have user as root and not the
current logged in user, so it restricts the creation of new stage.

Need to search() for logged in user's stages and use there stages to create new stages
for the newly created user.

Please let me know if I misunderstood it.
Thanks,
Rifakat

Rifakat Husen (OpenERP) (rha-openerp) on 2013-04-19

Changed in openobject-server:
status:	Confirmed → In Progress
assignee:	nobody → OpenERP Publisher's Warranty Team (openerp-opw)
importance:	Undecided → Low
affects:	openobject-server → openobject-addons

Revision history for this message

Nhomar - Vauxoo (nhomar) wrote on 2013-04-21:

Hello All

http://www.youtube.com/watch?v=DV1bz_yHiz8

I think this video show part of the problem, with inherited models the company is not correctly passed trought context.

REgards.

Revision history for this message

Rifakat Husen (OpenERP) (rha-openerp) wrote on 2013-04-22:

opw_notestage_access.patch Edit (1.4 KiB, text/plain)

Hi Nhomar,

Thanks for your video. I think the problem you explained in the video is a different than
this bug report. This bug report is for the access warning regarding Note Stage object
and as explained above that is solely due to module note and res.users' overridden method
create() , please have a look at that.

The problem you shown has been discussed in the bug report lp:1073087 on #29 , when
an administrator creates any new user then automatically created partner(related to this user)
is having admin's company by default.(yes you show that in video). So it might be taken care by
configuration.(or may be we should discuss it further on the respective bug report).

Now, for this bug report I have created a patch could you please check it?
I will soon commit it as soon as I finish my tests.

Thanks a lot for testing it and provide your feedback.

Regards,
Rifakat

Revision history for this message

Rifakat Husen (OpenERP) (rha-openerp) wrote on 2013-05-15:

Commited fix in this branch,
lp:~openerp-dev/openobject-addons/7.0-bug-1156215-rha
r9125, <email address hidden>

Please let me know if further problem arise.

Regards,
Rifakat

Changed in openobject-addons:
status:	In Progress → Fix Committed

Revision history for this message

Christophe Simonis (OpenERP) (kangol) wrote on 2013-10-09:

fixed by 9513 <email address hidden>

@rha your patch is not correct as it copy the stages of the currently connected user instead of the ones specified in data.

Changed in openobject-addons:
status:	Fix Committed → Fix Released

Serpent Consulting Services (serpent-consulting-services) on 2013-10-10

Changed in openobject-addons:
milestone:	none → 7.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

opw_notestage_access.patch Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.