Odoo Help


httprequest problem

Tarek Mohamed Ibrahim
on 4/25/16, 6:02 AM 747 views

I created a normal users, with no 'Technical Features' access rights granted. I logged in with this user, and opened some screen. 

Now I logged in using the admin user, opened the 'users' list view and got the 'action' # from the url of this view,

From the user's url I changed the action # of the current view to be 76 same as that of the 'users' list view.

The user, which has no access rights to the 'Technical Features' was able to see the 'users' list view

Moreover, he can access groups and other technical features by changing the action id from the url

I don't need this user to see these data.

How to prevent this behavior or work around it?

Moreover, I need to prevent anyone from accessing view using the URL, how to do that?

Tarek Mohamed Ibrahim
on 4/28/16, 5:45 AM

Isn't there anyone tried to resolve this problem ?

Tarek Mohamed Ibrahim
on 5/1/16, 2:38 AM

About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.


Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now

Question tools

1 follower(s)


Asked: 4/25/16, 6:02 AM
Seen: 747 times
Last updated: 5/12/16, 3:06 AM