Hi Evans Bernier
The issue is related that the ir.attachment model has an override of the check method to add extra security checks and the particular one that you are hitting is that the user that you are using doesn't have the group Employee that it's not an HR security group, it's a base group assigned by default to pretty much all the users created, seems that your user was created using the signup feature of Odoo that use the Public User as a template and that way the new users does not get the Employee group since the template user doesn't have it neither. You could find the Employee group in the Human Resources group selection field in the user form, where all of the other values for that selection field are groups that inherit from the Employee group. You could also put your new group to inherit from the Employee group (ID is base.group_user) or manually add that group to the user and you will be ok
*** Update ***
The easiest way to solve that without giving aditional permissions to your users is doing this:
from openerp import models
class ir_attachment_check(models.Model)
_inherit = 'ir.attachment'
def check(self, cr, uid, ids, mode, context=None, values=None):
res_ids = {}
if ids:
if isinstance(ids, (int, long)):
ids = [ids]
cr.execute('SELECT DISTINCT res_model, res_id, create_uid FROM ir_attachment WHERE id = ANY (%s)', (ids,))
for rmod, rid, create_uid in cr.fetchall():
if not (rmod and rid):
continue
res_ids.setdefault(rmod,set()).add(rid)
if values:
if values.get('res_model') and values.get('res_id'):
res_ids.setdefault(values['res_model'],set()).add(values['res_id'])
ima = self.pool.get('ir.model.access')
for model, mids in res_ids.items():
# ignore attachments that are not attached to a resource anymore when checking access rights
# (resource was deleted but attachment was not)
if not self.pool.get(model):
continue
existing_ids = self.pool[model].exists(cr, uid, mids)
ima.check(cr, uid, model, mode)
self.pool[model].check_access_rule(cr, uid, existing_ids, mode, context=context)
Just override the check method to remove the code that checks for the Employee group in the user