This question has been flagged
4 Replies
9659 Views

Brand new Odoo 9 installation (in Ubuntu 14.04). Success

Installed all 31 Apps. Success

Defined email settings. Success

Enabled Google login in Settings. Success

Enabled multiple companies in Settings. Success

Sent (email) invitation to first new user using admin account. Success

Logged in using the new user account (that's supposed to be a clone of admin account.) Success

Checked the new user account security settings (they are the same as admin's.) Success


Here comes the problem. The new user (that is supposed to have exact same security settings that admin has) can't send an invitation.

I have triple checked all the Security settings using Developer mode and they are exactly the same.

What am I missing?

Did the user cloning process fail?


Here is the exact error message...

Odoo Warning - Access Error
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: mail.message, Operation: read)


Sam

Avatar
Discard
Author

As only users in Administrator group (ie. Technical Managers) can access Settings page it would be logical that they can send invitations from there by default.

Author

This did not help. http://dl.dropbox.com/u/49702772/Selection_062.jpg

Author

These are the default settings for Administrator... http://dl.dropbox.com/u/49702772/Selection_064.jpg

Best Answer

hi there, it is 2024 and i am also facing this issue in version 16 of odoo.

i have tried to change permissions for a couple of relate Models such as message, mail, etc. but i still can get rid of the permission error when sending emails.

interestingly, only the very first invitation email is not sent out properly (maybe because it has an attachment ?? ) but all other update emails are sent out properly. 

here some stack:

(Document type: Message, Operation: read) - (Records: [3906], User: 2)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/opt/bitnami/odoo/lib/odoo-16.0.post20221115-py3.10.egg/odoo/addons/mail/models/mail_mail.py", line 448, in _send
attachments = mail.attachment_ids
File "/opt/bitnami/odoo/lib/odoo-16.0.post20221115-py3.10.egg/odoo/fields.py", line 2773, in __get__
return super().__get__(records, owner)
File "/opt/bitnami/odoo/lib/odoo-16.0.post20221115-py3.10.egg/odoo/fields.py", line 1187, in __get__
self.compute_value(record)
File "/opt/bitnami/odoo/lib/odoo-16.0.post20221115-py3.10.egg/odoo/fields.py", line 1344, in compute_value
records._compute_field_value(self)
File "/opt/bitnami/odoo/lib/odoo-16.0.post20221115-py3.10.egg/odoo/models.py", line 4187, in _compute_field_value
field.compute(self)


Avatar
Discard
Best Answer

Sam,

Please check at Access rules(Settings->Technical -> Security -> Record Rules) for object mail.message, which is blocking the read access for your user(trying making it inactive for testing your functionality).

Regards,

Pawan    

Avatar
Discard
Author

http://dl.dropbox.com/u/49702772/Selection_062.jpg

Author

I added those full permissions for Administrator group but that did not help. I'm not sure if it's a good idea to have everyone full access.

Sami, this type of error correspond to Access rules, For ex: There is a access rule defined on mail.message object with domain(filter) that logged in user can access only those messages which are create by him, so domain would be like [('create_uid','=',user.id)] and we can define operatons(CRUD) to be applied on this domain filter. Suppose we have defined all four (Read/Write/Delete/Create) rights, Now if anyhow user tries to Read/Write/Delete/Create any message which is not created by him, he will get exactly the same message as u got :
Odoo Warning - Access Error
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: mail.message, Operation: read)
So, at your access rule(defined path above) please check for any such rules existance. and try disabling it.

Author

It seems that even though I have added Administrator group full permissions to mail.message.all the default mail.message.all without any group defined over-rules the administrator groups rule. Or maybe it's the "Outgoing Mails" rule that needs to be changed/added? What would be the result if I added full rights to the default/non-group settings?

Best Answer

There is many times used in Odoo code check of SUPERUSER_ID (which is 1) as a security measure. it means only one user can be a SUPERUSER, which is the user with the same ID as SUPERUSER_ID constant (i.e. one), as a result of such check, user with database ID  different then 1, will be limited in some way or another, compared to superuser (user with database id=1). AND as database ID is unique for every record, you can't have more then one superuser, but you can have several admins (slightly limited then superuser, as an user copied by you, that has different ID then 1). However, I've to include disclaimer, I never checked if the above statement about unique superuser is true or not, it's just a guess that comes from frequently used SUPERUSER_ID check in the code, but most probably it's the case.
Other hand, you can overcome the above error, by using sudo() function (scroll up a bit) in the code, thus enable other users to make same operation with superuser privileges(in better case, you should replace security measure with other security rules, instead of simply avoiding it with sudo function). so you can overcome the above error with a small customization of python code for failing operation.

Avatar
Discard
Author

Thank you for your response, Temur. Your solution seems overly complex to allow admin user to send email invitation.

Actually I was focused on explaining that this is an expected behavior, and I answered the two questions in your post... I'll summarize my answer as: cloning process does not fail, but that's possibly an expected behavior. regarding your error message, it should be a solution to edit permissions on mail.message model from settings and allow your cloned user to read this model. you tried it? or checked if it was allowed to read mail.message model?

I think it can be solved by editing permissions of "mail.message" model at "/Settings/Technical/Database Structure/Models" page

And there should be more options to give this user read/write access to mail.message model at Settings page. As I explained, it's quite possible that firs user has permission because of it's id, but you can enable the copied user as well to have access to mail.message, by explicitly granting such permission to it's own group or to it, etc... there should be multiple solutions

Author

Administrator group all ready has full rights to mail.message model. There should be no need to edit it or Administrator group.

... Can you update your question with full error message?

Author

Here is the exact error message... Odoo Warning - Access Error The requested operation cannot be completed due to security restrictions. Please contact your system administrator. (Document type: mail.message, Operation: read)

Author Best Answer

Thank you for your response, Temur.

Your solution seems overly complex to allow admin user to send email invitation.


Sam

Avatar
Discard