Hi Everybody; Further Investigations
You can verify by yourself that this issue exist on the latest runbot releases for 7.0 and trunk but not for 6.0 and 6.1 http://trunk-4253.runbot.openerp.com http://7-0-4260.runbot.openerp.com . . . http://6-1-4257.runbot.openerp.com Also according to the content of openerp.log file : << 2013-02-20 18:36:39,023 8916 INFO gsctest werkzeug: 41.107.104.239 - - [20/Feb/2013 18:36:39] "POST /web/dataset/call_kw HTTP/1.1" 200 - 2013-02-20 18:36:49,286 8916 WARNING gsctest openerp.osv.orm: Access Denied by record rules for operation: create, uid: 12, model: res.partner 2013-02-20 18:36:49,286 8916 ERROR gsctest openerp.netsvc: Access Denied The requested operation cannot be completed due to security restrictions. Please contact your system administrator. (Document type: Partner, Operation: create) Traceback (most recent call last): File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\netsvc.py", line 289, in dispatch_rpc File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\service\web_services.py", line 614, in dispatch File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\osv\osv.py", line 169, in execute_kw File "F:\Program Files (x86)\OpenERP 7.0alpha-20130107-000101\Server\server\.\openerp\osv\osv.py", line 125, in wrapper except_osv: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: Partner, Operation: create)') 2013-02-20 18:36:49,349 8916 INFO gsctest werkzeug: 41.107.104.239 - - [20/Feb/2013 18:36:49] "POST /web/dataset/call_kw HTTP/1.1" 200 - >> We can see that this issue is related to access rights on the Model "res.partner" (also called Object in v6.0). So what have changed since in Record Rules since v7.0 on res.partner ? Searching in Record Rules for v6.0, v6.1, v7.0 and trunk, and comparing between the rules found,we will see: 1- there is one common rule: "res.partner company" on Partner Model with exactly the same rightsCRUD and Global and exactly the same definition - ['|','|',('company_id.child_ids','child_of',[user.company_id.id]),('company_id','child_of',[user.company_id.id]),('company_id','=',False)] 2- There is a second rule for v7.0 and trunk: "res_partner: read access on my partner" on the same Model (res.partner) with just "READ" Access right and defined for "Portal" and Anonymous" groups. 3- There is also another rule for v6.0 and 6.1: " Account Followup Statistics by Partner Rule" , but this is not important, cause it is on the object " Followup Statistics by Partner " and not the object "res.partner" 4- and the last rule: "Partner Bank company rule" whish also seems to be not important in our case cause it's related to res.partner.bank and not directly to res.partner Conclusion: The second rule (above) seems to be the cause of this issue. Solution: 1- Put CRUD and Global rughts on this rule 2- Removing the access rights of users on "Portal" and "Anonymous" (Unchecking both) Tested on runbot: the two solutions are not working Tested on my development platform: the second solution is working fine please, could someone test and confirm best regards. -- You received this bug notification because you are a member of OpenERP Indian Team, which is subscribed to OpenERP Server. https://bugs.launchpad.net/bugs/1021378 Title: "create" permission in res.users dont work with other users, not admin Status in OpenERP Community Backports (Server): Fix Released Status in OpenERP Community Backports (Server) 7.0 series: Fix Released Status in OpenERP Server: Fix Committed Status in Therp Backports: Fix Released Status in Therp Backports server-6.1 series: Fix Released Bug description: When you create a new user and give permissions: Administration: "access rights". This group "access rights" has create permission to res.users table. Then login with this new user and try to create a new user, it dont work, the message is "Access Error Operation:Prohibited by the rules of access to or held in a document already removed (Operation: create, document type: res.users)" The result I expected was create a new user, by using a user different to admin, that has "access rights" permissions. The platform is ubuntu The Openerp Version is 6.1 rev. 4196 To manage notifications about this bug go to: https://bugs.launchpad.net/ocb-server/+bug/1021378/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~openerp-india Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-india More help : https://help.launchpad.net/ListHelp
