[FIX] product_cost_security: ORM-level security #1538
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @sergio-teruel, |
yajo
force-pushed
the
16.0-product_cost_security-real_security
branch
from
95d1f34
to
b56309b
Compare
yajo
force-pushed
the
16.0-product_cost_security-real_security
branch
from
b56309b
to
0803eae
Compare
Before this patch, inheriting modules had to manually add some logic related to guessing wether the user can access cost information. Also, smartypants users could still obtain the desired information through API calls. Now: - You can't read/write cost fields via API anymore. - Views automatically set those fields to readonly if the user has only read permissions (and the model inherits from the new mixin). - You don't need to enable debug mode anymore to follow configuration instructions. - Instructions improved. @moduon MT-5158
yajo
force-pushed
the
16.0-product_cost_security-real_security
branch
from
0803eae
to
d53def1
Compare
|
Oops... I forgot to drop the security on sudo mode. Fixed now, please review again. |
yajo
added a commit
to moduon/margin-analysis
that referenced
this pull request
Mar 8, 2024
Both modules do essentially the same thing: apply a restriction over product costs. Thus, it makes sense to share the same permission groups. This refactor, that depends on OCA/product-attribute#1538, improves the module readme and makes `sale_margin_security` auto-installable addon when `product_cost_security` is found. A migration script is provided to make sure the same users still retain the same permissions. @moduon MT-5158
yajo
added a commit
to moduon/margin-analysis
that referenced
this pull request
Mar 8, 2024
Following OCA/product-attribute#1538, the security is now done via mixin and the view can be removed. @moduon MT-5158
|
Now OCA/margin-analysis#198 depends on this PR to also unify the permissions interface with |
yajo
added a commit
to moduon/margin-analysis
that referenced
this pull request
Mar 8, 2024
Both modules do essentially the same thing: apply a restriction over product costs. Thus, it makes sense to share the same permission groups. This refactor, that depends on OCA/product-attribute#1538, improves the module readme and makes `sale_margin_security` auto-installable addon when `product_cost_security` is found. A migration script is provided to make sure the same users still retain the same permissions. @moduon MT-5158
yajo
added a commit
to moduon/margin-analysis
that referenced
this pull request
Mar 8, 2024
Following OCA/product-attribute#1538, the security is now done via mixin and the view can be removed. @moduon MT-5158
|
/ocabot merge minor |
|
What a great day to merge this nice PR. Let's do it! |
|
Congratulations, your PR was merged at ecd45b1. Thanks a lot for contributing to OCA. ❤️ |
yajo
added a commit
to moduon/margin-analysis
that referenced
this pull request
Mar 13, 2024
Both modules do essentially the same thing: apply a restriction over product costs. Thus, it makes sense to share the same permission groups. This refactor, that depends on OCA/product-attribute#1538, improves the module readme and makes `sale_margin_security` auto-installable addon when `product_cost_security` is found. A migration script is provided to make sure the same users still retain the same permissions. @moduon MT-5158
yajo
added a commit
to moduon/margin-analysis
that referenced
this pull request
Mar 13, 2024
Following OCA/product-attribute#1538, the security is now done via mixin and the view can be removed. @moduon MT-5158
yajo
added a commit
to moduon/margin-analysis
that referenced
this pull request
Mar 25, 2024
Following OCA/product-attribute#1538, the security is now done via mixin and the view can be removed. @moduon MT-5158
jdidderen-nsi
pushed a commit
to jdidderen-nsi/margin-analysis
that referenced
this pull request
Jul 12, 2024
Both modules do essentially the same thing: apply a restriction over product costs. Thus, it makes sense to share the same permission groups. This refactor, that depends on OCA/product-attribute#1538, improves the module readme and makes `sale_margin_security` auto-installable addon when `product_cost_security` is found. A migration script is provided to make sure the same users still retain the same permissions. @moduon MT-5158
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Before this patch, inheriting modules had to manually add some logic related to guessing wether the user can access cost information. Also, smartypants users could still obtain the desired information through API calls.
Now:
@moduon MT-5158