HI Tadeus, of course that makes sense, hiding menus doesn't guarantee that the user won't access the hidden content. If he has the URL (or guess it) he would access
I'm stuck thinking the best way to implement this. How you deny read access (any access at all) to Accounts and Analytic Accounts to users that you want to report hours (create tasks work) in the system? cheers On Tue, Jul 3, 2012 at 6:12 AM, Tadeus Prastowo < [email protected]> wrote: > But, IMO, hiding menus are not a good idea because for a determined > user, he can still craft a HTTP request to read those objects that he > should not. > > The above is pointless if OpenERP will not allow read access to an > object when the related menu item is not visible. > > Just a quick comment, mistakes on my side are to be expected & > corrected. > > Thank you. > > -- > Best regards, > Tadeus Prastowo (Free Software specialist and developer) > > i n f i n i t y . s o l u t i o n > PT. Vikasa Infinity Anugrah (www.infi-nity.com) > BSD City Sektor 14, Ruko Golden Madrid 2 blok G/9, Tangerang Selatan > 15321 - INDONESIA > t: +62 (21) 5316 4796 f: +62 (21) 5316 4797 m:+62 878 08305292 > > On Mon, 2012-07-02 at 18:00 +0200, Luciano Spiegel wrote: > > Hi, I want to set up roles and permissions for users who can only > > create tasks works and edit tasks (kind of freelancers users who > > report hours worked to us). I have Analytic Account modules installed > > I added the user to Project Manager / User (slightly customized so the > > freelancer can access only to his Projects / Tasks assigned) and Human > > Resources / Employee groups, both needed to create tasks works. > > > > > > The issue is when I assigned the user to the group HR / > > Employee, automatically that user sees the menu Project / Invoicing / > > Contracts to Renew and Project / Invoicing / Invoice Tasks Work. > > Even if those menus are not assigned to the configuration of the group > > HR Employee nor PM /User. > > > > > > So the "freelancers" has access to the page where all the contracts > > are (Analytic Accounts) and to Analytic Account Lines (Analytic > > Journal Items), in those views. > > I cannot deny read access for both objects because it's needed to > > create task work. > > > > > > Any idea how can I hide those menus / views for this case? > > > > > > thanks in advance > > > > > > _______________________________________________ > > Mailing list: https://launchpad.net/~openerp-community > > Post to : [email protected] > > Unsubscribe : https://launchpad.net/~openerp-community > > More help : https://help.launchpad.net/ListHelp > > > -- *Luciano Spiegel* iXiam Global Solutions e: [email protected] m: +34 662 131 618 www.ixiam.com
_______________________________________________ Mailing list: https://launchpad.net/~openerp-community Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-community More help : https://help.launchpad.net/ListHelp
