pos icon indicating copy to clipboard operation
pos copied to clipboard
verified publisher icon OCA

[RFC] 14.0 pos_user_restriction access rights issues

Open francesco-ooops opened this issue 3 years ago • 7 comments

Steps to reproduce the bug:

open oca/pos-14 runboat install pos_cache (odoo module) set access right "User: Assigned POS Only" for user "marc demo" log in with marc demo > open pos Error:

You are not allowed to access 'Point of Sale Cache' (pos.cache) records.

This operation is allowed for the following groups: - Point of Sale/User

Exit pos interface > click "close" on the dashboard Error You are not allowed to access 'PoS - Move In / Out Reason' (pos.move.reason) records.

This operation is allowed for the following groups: - Point of Sale/User

Issue

pos_user_restriction adds group "User: Assigned POS Only", but several modules require "Pos: user" as access right to complete actions

Possible solutions

  • create bridge modules allowing pos_user_restriction with other modules requiring "user" access right
  • making group "Assigned POS only" based on "POS: user" (if that's technically possible)
  • changing "Assigned POS only" from access right to extra right (user will have access right "POS: user" and flag "Assigned POS only" activated)

@OCA/pos-maintainers @legalsylvain what would you suggest? Thanks!

francesco-ooops avatar Aug 09 '22 08:08 francesco-ooops

No Idea, I don't use pos restriction module. However what you suggest makes senses.

legalsylvain avatar Aug 09 '22 08:08 legalsylvain

@legalsylvain ok, so IMO

  • solution 1 is cumbersome and doesn't really fixes the issue for the future
  • solutions 2 and 3 would require a major change in the module, we can do that but would PSC approve it?

francesco-ooops avatar Aug 09 '22 09:08 francesco-ooops

solutions 2 and 3 would require a major change in the module, we can do that but would PSC approve it?

No, it's a change of design of the module. The better approach is to contact maintainers / authors of the module.

@eLBati : do you have a point of view regarding that limitation.

making group "Assigned POS only" based on "POS: user" (if that's technically possible)

It will not be easy at all, for the time being, it's the reverse, and it's done on purpose. See :

https://github.com/OCA/pos/blob/14.0/pos_user_restriction/security/pos_security.xml#L11

But immediately, you can make a PR against V14 Pos repo, to add a section in the ROADMAP.rst to mention that the module is currently incompatible with other module. (like pos_cache, etc...) Could you do that ?

thanks.

legalsylvain avatar Aug 09 '22 09:08 legalsylvain

@eLBati could you provide a feedback? thanks!

francesco-ooops avatar Aug 11 '22 09:08 francesco-ooops

@eLBati can you take a look please?

francesco-ooops avatar Aug 23 '22 11:08 francesco-ooops

@francesco-ooops do you know if this is also reproducible on v12?

eLBati avatar Sep 06 '22 08:09 eLBati

@eLBati for sure the part related to pos_cache, as I see this module was created for v12: https://github.com/OCA/pos/tree/12.0/pos_cache_user_restriction

in general, this module is very prone to having any feature restricted to "POS: user" provide an access right error, while it could be managed differently

francesco-ooops avatar Sep 06 '22 08:09 francesco-ooops

There hasn't been any activity on this issue in the past 6 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days. If you want this issue to never become stale, please ask a PSC member to apply the "no stale" label.

github-actions[bot] avatar Mar 05 '23 12:03 github-actions[bot]