Review: Needs Fixing Be careful, with this change all users have full access to ir.values!
Before you had a *global* ir.model.access (access_ir_values_group_all) with a *global* ir.rule (ir_values_default_rule) that restricts write, create and delete accesses with a domain. Now that the ir.rule becomes local, the global ir.model.access gives all users full access without a domain! In other words, the local ir.rule has no effect in this situation. I suggest the following change: - make the ir.model.access 'access_ir_values_group_all' global, but with *read* permission only; - create an ir.model.access for group 'group_system' with all permissions; - create an ir.model.access for group 'group_user', with all permissions; - make the ir.rule 'ir_values_default_rule' local to 'group_user'. With that change, we have the expected access rights: - all users have read access to ir.values; - users of 'group_user' have write, create, and delete access limited to "their" values; - users of 'group_system' have full access to all ir.values. Thanks, Raphael -- https://code.launchpad.net/~openerp-dev/openobject-server/trunk-bug-917524-mtr/+merge/90431 Your team OpenERP R&D Team is subscribed to branch lp:~openerp-dev/openobject-server/trunk-bug-917524-mtr. _______________________________________________ Mailing list: https://launchpad.net/~openerp-dev-gtk Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-dev-gtk More help : https://help.launchpad.net/ListHelp
