server-ux icon indicating copy to clipboard operation
server-ux copied to clipboard

Published 20 hours ago verified publisher icon OCA

[15.0][FIX]date_range: Fixed portal access denied

Open ChristophAbenthungCibex opened this issue 1 year ago • 8 comments

The module "date_range" is not usable for portal users. This fix adds the needed permissions to access the date_range for portal users. The added permissions are the same as a regular user.

Base Odoo module "portal" is required to login to the portal. Another module which uses the date_range module is needed. For example the base Odoo module "project".

Current behavior: The portal user accesses a project he got shared editable. When he tries to open the filter menu he gets an access denied error.

Steps to reproduce:

  1. Login as portal user
  2. open a project that got shared "editable" (the portal user can edit/ write on that project)
  3. Click on button "filter"
  4. The access denied error appears

Date_Range_Project_access_denied.webm

ChristophAbenthungCibex avatar Nov 09 '23 10:11 ChristophAbenthungCibex

Hi @lmignon, some modules you are maintaining are being modified, check this out!

OCA-git-bot avatar Nov 09 '23 10:11 OCA-git-bot

I don't get why the portal requires this permission. I have just tried on runboat before this PR (http://oca-server-ux-15-0-e81102ffd3d5.runboat.odoo-community.org/my/tasks?) using portal/portal, and no problem found. This can be something on your side.

pedrobaeza avatar Nov 09 '23 12:11 pedrobaeza

The portal user only needs the access rights to date_range when the portal user has write rights on the project. See http://oca-server-ux-15-0-e81102ffd3d5.runboat.odoo-community.org/my/project/1? Is it possible that date range is not active for the read-only view? access_denied_date_range

ChristophAbenthungCibex avatar Nov 09 '23 12:11 ChristophAbenthungCibex

Tested and no problem on my side:

Peek 2023-11-09 13-34

If you don't put exact steps to reproduce the problem, it's hard to reproduce it. It's true that the full project sharing is a special case of "backend" view in portal.

pedrobaeza avatar Nov 09 '23 12:11 pedrobaeza

Sorry if I described the steps to little. I thought it was clear enough. updated the pull request description.

Steps to reproduce:

  1. Login as portal user
  2. open a project that got shared "editable" (the portal user can edit/ write on that project)
  3. Click on button "filter"
  4. The access denied error appears

ChristophAbenthungCibex avatar Nov 09 '23 12:11 ChristophAbenthungCibex

It was clear for you, but not for the rest. Thanks for telling and editing the main comment including them.

Indeed that case is not covered. As said, this only happens because the project sharing is adding a backend view in portal. Not sure if adding such read permission is "too much". The only other path I see is to not show ranges on that special case (can it be detected?).

I let the usual collaborators of this module to give their opinion.

pedrobaeza avatar Nov 09 '23 12:11 pedrobaeza

There hasn't been any activity on this pull request in the past 4 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days. If you want this PR to never become stale, please ask a PSC member to apply the "no stale" label.

github-actions[bot] avatar Mar 10 '24 12:03 github-actions[bot]

Any news?

ChristophAbenthungCibex avatar Nov 20 '24 12:11 ChristophAbenthungCibex