as security rules evolved a lot, I don't think it's a good idea.
** Changed in: openobject-server
Status: Confirmed => Invalid
--
Security overwrite manual settings when update base
https://bugs.launchpad.net/bugs/397741
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
Status in OpenObject Server: Invalid
Bug description:
Hi,
I'm using: Last stable branch of openerp server, addons and extra-addons
(lp/*/5.0/, just extra-addons is trunk). I'm sure the problem is also in the
trunk branch...
I do the following:
1. Allow the group "Human Ressources / User" to delete account analytic lines
(via Administration -> Security -> Access control -> Access control list) and
save.
2. Make an update of base module from client side, via the menu "Administration
-> Module management -> ..." (for any kind of reason, I did it for updating
instance from base source code)
3. Return to "Administration -> Security -> Access control -> Access control
list" and the group "Human Ressources / User" don't have the right to delete
account analytic line anymore !!!
This is why:
The group "Human Ressources / User" has no right for that in the
"ir.model.access.csv", here the concerned line:
"access_hr_account_analytic_line","account.account.analytic.line","account.model_account_analytic_line","hr.group_hr_user",1,1,1,0
AND the file is in the "update" part of the related __terp__.py file...
Anyway : OpenERP should not replace the manual settings made by the
administrator by the default settings !!!!!!!!!! Otherwise, you will just reset
every manual settings on each update => you cannot work with that...
I don't really know how is the best way to fix it, but please, let's have a
discussion and find a solution quickly !
Regards,
Joël
_______________________________________________
Mailing list: https://launchpad.net/~c2c-oerpscenario
Post to : [email protected]
Unsubscribe : https://launchpad.net/~c2c-oerpscenario
More help : https://help.launchpad.net/ListHelp
