[FIX] account: Migrate security groups #2260
Conversation
[In v10][10]: - group_account_user implied group_account_invoice - group_account_manager implied group_account_user [In v11][11]: - group_account_user implied no other groups - group_account_manager implied group_account_invoice These one2many changes are not automigrated, so here's the script. @Tecnativa TT23168 [10]: https://github.com/odoo/odoo/blob/91807404e7d5c314ea30926b44bd16e878417ec1/addons/account/security/account_security.xml#L16-L26 [11]: https://github.com/odoo/odoo/blob/45eaa164e24ffec79f7b2be4093630f595e80565/addons/account/security/account_security.xml#L11-L20
|
Aren't this noupdate data? |
|
If so, please use the usual method through noupdate_records.xml file. |
|
No, it is updatable, just check the links. |
|
This affects also stock_account, should I make a separate PR or can I push that here too? |
|
OK, then the problem seems to be that no field means no deletion of previous one. That is getting into a common problem. @MiquelRForgeFlow how did you solve this previously? I think your solution was to make a PR to Odoo, isn't it? Maybe we can perform this check also on the noupdate script. @yajo put it here if related. |
|
Oh it seems the stock_account problem is in v8: #2261 |
where? which previous case are you thinking?
but this case is unrelated to noupdate script because that is updatable data |
|
@MiquelRForgeFlow I remember some missing I know that is not noupdate cases, but we can use the same engine to detect them and prepare noupdate_records.xml files that handle these cases (maybe we can rename then to |
In [v7 `stock.group_stock_manager` implies `account.group_account_user`][1], which [is no longer implied in v8][2]. Related to OCA#2260. @Tecnativa TT23168 [1]: https://github.com/odoo/odoo/blob/01279359b9e5340d5ecb15f0fee186f039356374/addons/stock/security/stock_security.xml#L13 [2]: https://github.com/odoo/odoo/blob/9e8f70e4849b0eeaca8b5cf51372ecfa23dc561b/addons/stock_account/security/stock_account_security.xml#L5
|
so, you mean, doing a PR to Odoo like: <record id="group_account_user" model="res.groups">
<...>
+ <field name="implied_ids" eval="[(3, ref('group_account_invoice'))]"/>
</record>
<record id="group_account_manager" model="res.groups">
<...>
- <field name="implied_ids" eval="[(4, ref('group_account_invoice'))]"/>
+ <field name="implied_ids" eval="[(3, ref('group_account_user')),(4, ref('group_account_invoice'))]"/>
</record>then, yeah, it's doable, but I don't know if they will accept. |
|
For v11 maybe... But that wouldn't fix it here because OU is out of sync with Odoo, right? |
|
@yajo your fix here makes sense. If done PR to Odoo, then when odoo accepts it, then we can update upstream again and delete your patch here. Don't worry. |
|
I think odoo won't accept that kind of PR because they can say "that's updatable data, so if somebody customize those two groups (i.e., by adding group_account_invoice to group_account_user and group_account_user to group_account_manager) and then they do an update of |
|
Although I agree with the change, I think we should provide continuity with the expected permissions: if a user in v10 with one permission have access to certain parts, on v11 it should be the same without changing anything. What this means? That you have to complement this with a direct assignation of the previous group to all the users that were in the other. Do you understand me? |
|
@yajo please check my last comment |
|
I understand, but it's not going to be fast or easy to find out that. I think we should merge this now, as it doesn't conflict with that and it's fixing a bug experienced in a real world scenario, and improve that later when we face it. |
In v10:
In v11:
These one2many changes are not automigrated, so here's the script.
@Tecnativa TT23168