[FIX] account, point_of_sale: remove force_allow feature due to security issue on opening account cash statement
bzr revid: hmo@tinyerp.com-20101028071827-2nap7ev4f6w8n1fy
This commit is contained in:
parent
b2dabaed39
commit
2cf297f028
|
@ -328,8 +328,7 @@ class account_cash_statement(osv.osv):
|
|||
statement_pool = self.pool.get('account.bank.statement')
|
||||
for statement in statement_pool.browse(cr, uid, ids, context=context):
|
||||
vals = {}
|
||||
force_allow = context.get('force_allow',False)
|
||||
if not force_allow and not self._user_allow(cr, uid, statement.id, context=context):
|
||||
if not self._user_allow(cr, uid, statement.id, context=context):
|
||||
raise osv.except_osv(_('Error !'), _('User %s does not have rights to access %s journal !' % (statement.user_id.name, statement.journal_id.name)))
|
||||
|
||||
if statement.name and statement.name == '/':
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
I clicked on Open CashBox button to open the cashbox
|
||||
-
|
||||
!python {model: account.bank.statement}: |
|
||||
self.button_open(cr, uid, [ref("account_bank_statement_1")], {"force_allow":True, "lang": "en_US", "tz": False, "active_model": "account.bank.statement", "active_ids": [ref("account_bank_statement_1")], "active_id": ref("account_bank_statement_1"), })
|
||||
self.button_open(cr, uid, [ref("account_bank_statement_1")], {"lang": "en_US", "tz": False, "active_model": "account.bank.statement", "active_ids": [ref("account_bank_statement_1")], "active_id": ref("account_bank_statement_1"), })
|
||||
|
||||
-
|
||||
I check that now bank statement is in the "Open" state
|
||||
|
|
|
@ -57,6 +57,7 @@ class account_cash_statement(osv.osv):
|
|||
res = False
|
||||
uids = []
|
||||
statement = self.browse(cr, uid, statement_id, context=context)
|
||||
if (not statement.journal_id.journal_users) and uid == 1: return True
|
||||
for user in statement.journal_id.journal_users:
|
||||
uids.append(user.id)
|
||||
if uid in uids:
|
||||
|
@ -93,4 +94,4 @@ class account_cash_statement(osv.osv):
|
|||
|
||||
account_cash_statement()
|
||||
|
||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
Loading…
Reference in New Issue