CODEWITHSUNDEEP
odoo
m3asmi
m3asmi

Reputation: 1262

odoo: user cannot read from an object


In odoo a user cannot read from an object sale.order
he is in the group Warehouse/manager has rights: read and write on sale.order
I got this in the shell:

[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
(Console)
>>> so=self.pool.get('sale.order').browse(self._cr, 60, 100)
>>> so.name
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/opt/odoo/odoo/openerp/fields.py", line 820, in __get__
    self.determine_value(record)
  File "/opt/odoo/odoo/openerp/fields.py", line 913, in determine_value
    record._prefetch_field(self)
  File "/opt/odoo/odoo/openerp/api.py", line 266, in wrapper
    return new_api(self, *args, **kwargs)
  File "/opt/odoo/odoo/openerp/models.py", line 3246, in _prefetch_field
    result = self.read(list(fnames), load='_classic_write')
  File "/opt/odoo/odoo/openerp/api.py", line 266, in wrapper
    return new_api(self, *args, **kwargs)
  File "/opt/odoo/odoo/openerp/models.py", line 3191, in read
    values[name] = field.convert_to_read(record[name], use_name_get)
  File "/opt/odoo/odoo/openerp/models.py", line 5641, in __getitem__
    return self._fields[key].__get__(self, type(self))
  File "/opt/odoo/odoo/openerp/fields.py", line 813, in __get__
    return record._cache[self]
  File "/opt/odoo/odoo/openerp/models.py", line 6024, in __getitem__
    return value.get() if isinstance(value, SpecialValue) else value
  File "/opt/odoo/odoo/openerp/fields.py", line 55, in get
    raise self.exception
AccessError: ('AccessError', u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: sale.order, Operation: read)')

do you have any idea about this problem ?

Upvotes: 2

Views: 1719

Answers (1)

gdaramouskas
gdaramouskas

Reputation: 3747

These are the following rules for Access Rights in Odoo.

Global rules are subtractive, they must all be matched for a record to be accessible

Group rules are additive, if any of them matches (and all global rules match) then the record is accessible

So what you basically need to do here is the following:

Head to Settings -> Security -> Record Rules use search to search for "object contains sale.order"

Now try activating/de-activating certain rules to see which one of them causes the issue. From what I remember there is a rule that does not allow a user to see orders he has not created.

Start from there

Upvotes: 2

Related Questions