Skip to Content
This question has been flagged
2 Replies
1806 Views
Avatar
Surendra Nekkanti

Hi there,

We recently migrated from Odoo 13 to 15. We observed that on triggering a server action in Odoo 15, it is checking if the user has 'write' access on the selected contacts.

In our case, the server action is used to send out emails to the contacts and doesn't have the 'write' privilege on the contacts. But, because of this restriction, the server action is failing.


May I know the reason why this 'write' acess check is added in the execution of a server action.

Here is the related code I found from ir_actions.py


eval_context = self._get_eval_context(action)
records = eval_context.get('record') or eval_context['model']
records |= eval_context.get('records') or eval_context['model']
if records:
    try:
        records.check_access_rule('write')
    except AccessError:
        _logger.warning("Forbidden server action %r executed while the user %s does not have access to %s.",
            action.name, self.env.user.login, records,
        )
        raise


Avatar
Discard
Avatar
Surendra Nekkanti
Author Best Answer

I don't know why this was done in Odoo 15. But to unblock myself, I inherited the class and overrode the method  by copying the whole of it and commented out the part where it does the write check.


Avatar
Discard
Avatar
Waleed Ali Mohsen
Best Answer

As per the below link, In case a user has access to a model but not to a specific record, he should not be able to execute a server action on it.

[FIX] base: verify the rights on individual records too · odoo/odoo@5152798 (github.com)

Your action is used to send email to contacts but you don't mention when this action is triggered as the action need a model and record(s) on which the action is triggered so if the user doesn't have write access to the record(s) which trigger the action then it raise this error.

Avatar
Discard
Surendra Nekkanti
Author

Hi, Thanks for the response. The user doesn't have write access, but he has read access, so he can see the records, select them and trigger the action. I don't understand why he would need to have write access to trigger the action, though.

JoshK

Heya,
I have the same issue.
I have a server action on Stock.Quant.
Noone Has access to stock.quant unless context has "Inventory_mode".

The action works fine, when i trigger it for example from "Product" and then search the quants from there and write with with_context(inventory_mode=True).

But when I want to give the user the option to select specific quants and not all of a product, it wont work because it checks for "write".