This question has been flagged
1 Reply
19692 Views

I have developed small module to make relation with product manager and partner in odoo-8 (this is my need). I have inherited "res.partner" and added "'user_ids':fields.one2many('res.users','res_partner_id','Users', readonly=True)," filed. I have inhrited "res.users" and added "'res_partner_id':fields.many2one('res.partner','Partner'),". It's working fine.

 

I duplicated sales manager group and removed all inherited groups. I have added some Rules to this new group.

object :sale.order.line   rule:[('product_id.product_tmpl_id.product_manager.res_partner_id.id','=',user.res_partner_id.id)]
object :sale.order  rule:[('order_line.product_id.product_tmpl_id.product_manager.res_partner_id.id','=',user.res_partner_id.id)]
object :product.product   rule:[('product_tmpl_id.product_manager.res_partner_id.id','=',user.res_partner_id.id)]
object :product.template  rule:[('product_manager.res_partner_id.id','=',user.res_partner_id.id)]
object :res.users         rule:[('res_partner_id.id','=',user.res_partner_id.id)].

I have given this group to a user. When i login with this user credentials and try to create invoice for sales order, then it is showing doument error for (product.product, read) and (res.users, read ). I can deliver the product with this user credentials, but unable to creating a invoice for sales order. I have added all access rights(read, write, create, delete) for product.produc and res.users model to this group. Can any one help me please.  

Avatar
Discard
Best Answer

Your rules states that a user can only read any user whose res_partner_id is the same as the login user's res_partner_id (assuming that you set the rules for Read as well).  So, there may be cases where a record (e.g. product) is created or updated by user that does not falls into that criteria.  AFAIK, putting domain on res.users via Record Rules is not a good idea.  It is better to use domain in views so that the filtering is localized.

Avatar
Discard
Author

Thank you Ivan. That product created by the user itself who log in to system. I have removed record rule on the res.users model. Now user can able to create invoice. But it is showing (document type: "product.product", read) wiazrd when the user click on "create invoice" button of the sales order . It's not stop the user from creating the invoice, user can able to create the invoice. Can you please tell me why this error showing?.

@samba, it is most probably still caused by access configuration. First, make sure that the user have access control list to read that product.product or any models that is related to product.product. Next, make sure that there is no Record Rules that prevented the user from reading the given product.product or underlying models. Easy way to check is to go to a menu that shows Products, and see if this user can display the products used in sale.order in Form View. If the user can view the products, then maybe the error is somewhere else. If the user cannot view the product, then it is most probably access configuration (either access control or record rules). Either way, it is better if you can provide the log that correspond to that error.

Thank you Ivan,
Here is the log.
AccessError: ('AccessError', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: product.product, Operation: read)')
2015-01-07 11:54:38,297 1524 WARNING vendor-login openerp.models: Access Denied by record rules for operation: read on record ids: [55], uid: 9, model: product.product
2015-01-07 11:54:38,298 1524 ERROR vendor-login openerp.http: Exception during JSON request handling.
Traceback (most recent call last):
  File "/opt/odoo/odoo-server/openerp/http.py", line 518, in _handle_exception
    return super(JsonRequest, self)._handle_exception(exception)
  File "/opt/odoo/odoo-server/openerp/http.py", line 539, in dispatch
    result = self._call_function(**self.params)
  File "/opt/odoo/odoo-server/openerp/http.py", line 295, in _call_function
    return checked_call(self.db, *args, **kwargs)
  File "/opt/odoo/odoo-server/openerp/service/model.py", line 113, in wrapper
    return f(dbname, *args, **kwargs)
  File "/opt/odoo/odoo-server/openerp/http.py", line 292, in checked_call
    return self.endpoint(*a, **kw)
  File "/opt/odoo/odoo-server/openerp/http.py", line 755, in __call__
    return self.method(*args, **kw)
  File "/opt/odoo/odoo-server/openerp/http.py", line 388, in response_wrap
    response = f(*args, **kw)
  File "/opt/odoo/odoo-server/addons/web/controllers/main.py", line 949, in call_kw
    return self._call_kw(model, method, args, kwargs)
  File "/opt/odoo/odoo-server/addons/web/controllers/main.py", line 941, in _call_kw
    return getattr(request.registry.get(model), method)(request.cr, request.uid, *args, **kwargs)
  File "/opt/odoo/odoo-server/openerp/api.py", line 237, in wrapper
    return old_api(self, *args, **kwargs)
  File "/opt/odoo/odoo-server/addons/product/product.py", line 1032, in name_get
    self.check_access_rule(cr, user, ids, "read", context=context)
  File "/opt/odoo/odoo-server/openerp/api.py", line 237, in wrapper
    return old_api(self, *args, **kwargs)
  File "/opt/odoo/odoo-server/openerp/models.py", line 3460, in check_access_rule
    self._check_record_rules_result_count(cr, uid, sub_ids, returned_ids, operation, context=context)
  File "/opt/odoo/odoo-server/openerp/api.py", line 237, in wrapper
    return old_api(self, *args, **kwargs)
  File "/opt/odoo/odoo-server/openerp/models.py", line 3409, in _check_record_rules_result_count
    (self._description, operation))
except_orm: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: Product, Operation: read)')

On Wed, Jan 7, 2015 at 5:07 PM, Ivan <niecw@mail.odoo.com> wrote:

@samba, it is most probably still caused by access configuration. First, make sure that the user have access control list to read that product.product or any models that is related to product.product. Next, make sure that there is no Record Rules that prevented the user from reading the given product.product or underlying models. Easy way to check is to go to a menu that shows Products, and see if this user can display the products used in sale.order in Form View. If the user can view the products, then maybe the error is somewhere else. If the user cannot view the product, then it is most probably access configuration (either access control or record rules). Either way, it is better if you can provide the log that correspond to that error.

--
Ivan
Sent by Odoo Inc. using Odoo about Forum Post False



--
--

Thanks and Regards,

Sambasiva rao,

Skype: samba.guduru2(skype)
The user can able to view and edit the product of sales order.

On Wed, Jan 7, 2015 at 5:25 PM, Samba Odoo <sambaodoo@gmail.com> wrote:
Thank you Ivan,
Here is the log.
AccessError: ('AccessError', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: product.product, Operation: read)')
2015-01-07 11:54:38,297 1524 WARNING vendor-login openerp.models: Access Denied by record rules for operation: read on record ids: [55], uid: 9, model: product.product
2015-01-07 11:54:38,298 1524 ERROR vendor-login openerp.http: Exception during JSON request handling.
Traceback (most recent call last):
  File "/opt/odoo/odoo-server/openerp/http.py", line 518, in _handle_exception
    return super(JsonRequest, self)._handle_exception(exception)
  File "/opt/odoo/odoo-server/openerp/http.py", line 539, in dispatch
    result = self._call_function(**self.params)
  File "/opt/odoo/odoo-server/openerp/http.py", line 295, in _call_function
    return checked_call(self.db, *args, **kwargs)
  File "/opt/odoo/odoo-server/openerp/service/model.py", line 113, in wrapper
    return f(dbname, *args, **kwargs)
  File "/opt/odoo/odoo-server/openerp/http.py", line 292, in checked_call
    return self.endpoint(*a, **kw)
  File "/opt/odoo/odoo-server/openerp/http.py", line 755, in __call__
    return self.method(*args, **kw)
  File "/opt/odoo/odoo-server/openerp/http.py", line 388, in response_wrap
    response = f(*args, **kw)
  File "/opt/odoo/odoo-server/addons/web/controllers/main.py", line 949, in call_kw
    return self._call_kw(model, method, args, kwargs)
  File "/opt/odoo/odoo-server/addons/web/controllers/main.py", line 941, in _call_kw
    return getattr(request.registry.get(model), method)(request.cr, request.uid, *args, **kwargs)
  File "/opt/odoo/odoo-server/openerp/api.py", line 237, in wrapper
    return old_api(self, *args, **kwargs)
  File "/opt/odoo/odoo-server/addons/product/product.py", line 1032, in name_get
    self.check_access_rule(cr, user, ids, "read", context=context)
  File "/opt/odoo/odoo-server/openerp/api.py", line 237, in wrapper
    return old_api(self, *args, **kwargs)
  File "/opt/odoo/odoo-server/openerp/models.py", line 3460, in check_access_rule
    self._check_record_rules_result_count(cr, uid, sub_ids, returned_ids, operation, context=context)
  File "/opt/odoo/odoo-server/openerp/api.py", line 237, in wrapper
    return old_api(self, *args, **kwargs)
  File "/opt/odoo/odoo-server/openerp/models.py", line 3409, in _check_record_rules_result_count
    (self._description, operation))
except_orm: (u'Access Denied', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: Product, Operation: read)')

On Wed, Jan 7, 2015 at 5:07 PM, Ivan <niecw@mail.odoo.com> wrote:

@samba, it is most probably still caused by access configuration. First, make sure that the user have access control list to read that product.product or any models that is related to product.product. Next, make sure that there is no Record Rules that prevented the user from reading the given product.product or underlying models. Easy way to check is to go to a menu that shows Products, and see if this user can display the products used in sale.order in Form View. If the user can view the products, then maybe the error is somewhere else. If the user cannot view the product, then it is most probably access configuration (either access control or record rules). Either way, it is better if you can provide the log that correspond to that error.

--
Ivan
Sent by Odoo Inc. using Odoo about Forum Post False



--
--

Thanks and Regards,

Sambasiva rao,

Skype: samba.guduru2(skype)



--
--

Thanks and Regards,

Sambasiva rao,

Skype: samba.guduru2(skype)

Can you elaborate what do you mean by "The user can able to view and edit the product of sales order."? How are they viewing and editing the product? From which menu?

From sales -> products -> products screen.

On Thu, Jan 8, 2015 at 5:42 PM, Ivan <niecw@mail.odoo.com> wrote:

Can you elaborate what do you mean by "The user can able to view and edit the product of sales order."? How are they viewing and editing the product? From which menu?

--
Ivan
Sent by Odoo Inc. using Odoo about Forum Post False



--
--

Thanks and Regards,

Sambasiva rao,

Skype: samba.guduru2(skype)