Skip to content
Permalink
Browse files

🚑 errors on some actions of attendance manager

  • Loading branch information...
KolushovAlexandr committed Apr 17, 2019
1 parent 9ae3175 commit cfd04b27e267623403292665ceb87b3db0180da0
@@ -7,7 +7,7 @@
"category": "Extra Tools",
# "live_test_url": "",
"images": [],
"version": "11.0.1.1.0",
"version": "11.0.1.1.1",
"application": False,

"author": "IT-Projects LLC, Kolushov Alexandr",
@@ -1,3 +1,8 @@
`1.1.1`
-------

- **Fix:** Security issues for ``Attendance Manager`` group on opening the **Kiosk Mode**

`1.1.0`
-------

@@ -17,8 +17,9 @@ In order to set access rights for users

* ``Read-Only`` may see only *Attendances* menu
* ``Manual Attendance`` may create and update partner attendances, but not delete
* ``Officer`` may also delete partners attendances, has access to *Partners*, *Reports* menus and *Kiosk Mode*
* ``Manager`` like Officer, but also has access to *Configuration* menu
* ``Manager`` may also delete partners attendances, has access to *Partners*, *Reports* menus and *Kiosk Mode*

* In order to get access to ``Configuration`` menu user has to have **Administration** ``Settings`` rights

Barcode
-------
@@ -24,7 +24,7 @@ def set_values(self):
config_parameters = self.env["ir.config_parameter"].sudo()
for record in self:
config_parameters.set_param("base_attendance.shift_autocheckout",
record.shift_autocheckout or '0')
record.shift_autocheckout or '0')
config_parameters.set_param("base_attendance.hex_scanner_is_used", record.hex_scanner_is_used)
self.checkout_shifts()

@@ -1,5 +1,5 @@
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_hr_attendance_readonly_attendance,res.partner.attendance.user,model_res_partner_attendance,base_attendance.group_res_attendance,1,0,0,0
access_hr_attendance_manual_attendance,res.partner.attendance.user,model_res_partner_attendance,base_attendance.group_manual_attendance,1,1,1,0
access_hr_attendance_officer,res.partner.attendance.user,model_res_partner_attendance,base_attendance.group_hr_attendance_user,1,1,1,1
access_hr_attendance_officer,res.partner.attendance.user,model_res_partner_attendance,base_attendance.group_hr_attendance_manager,1,1,1,1
access_hr_attendance_attendance,res.partner.attendance.user,model_res_partner_attendance,,0,0,0,0
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2004-2015 Odoo S.A.
Copyright 2018 Kolushov Alexandr <https://it-projects.info/team/KolushovAlexandr>
Copyright 2018-2019 Kolushov Alexandr <https://it-projects.info/team/KolushovAlexandr>
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).-->
<odoo>
<record model="ir.module.category" id="module_category_attendance">
@@ -22,16 +22,10 @@
<field name="comment">The user will gain access to manage partners attendance.</field>
</record>

<record id="group_hr_attendance_user" model="res.groups">
<field name="name">Officer</field>
<field name="category_id" ref="module_category_attendance"/>
<field name="implied_ids" eval="[(4, ref('group_manual_attendance'))]"/>
</record>

<record id="group_hr_attendance_manager" model="res.groups">
<field name="name">Manager</field>
<field name="category_id" ref="module_category_attendance"/>
<field name="implied_ids" eval="[(4, ref('base_attendance.group_hr_attendance_user'))]"/>
<field name="implied_ids" eval="[(4, ref('group_manual_attendance'))]"/>
<field name="users" eval="[(4, ref('base.user_root'))]"/>
</record>

@@ -51,7 +45,7 @@
<field name="name">attendance officer: full access</field>
<field name="model_id" ref="model_res_partner_attendance"/>
<field name="domain_force">[(1,'=',1)]</field>
<field name="groups" eval="[(4,ref('base_attendance.group_hr_attendance_user'))]"/>
<field name="groups" eval="[(4,ref('base_attendance.group_hr_attendance_manager'))]"/>
</record>

</data>
@@ -27,7 +27,7 @@ var GreetingMessage = Widget.extend({
// to the (likely) appropriate menu, according to the user access rights
if(!action.attendance) {
this.activeBarcode = false;
this.getSession().user_has_group('base_attendance.group_hr_attendance_user').then(function(has_group) {
this.getSession().user_has_group('base_attendance.group_hr_attendance_manager').then(function(has_group) {
if(has_group) {
self.next_action = 'base_attendance.hr_attendance_action_kiosk_mode';
} else {
@@ -130,7 +130,7 @@
<field name="model_id" ref="model_res_partner_attendance"/>
<field name="state">code</field>
<field name="code">
hex_scanner_is_used = model.env["ir.config_parameter"].get_param("base_attendance.hex_scanner_is_used",default=False)
hex_scanner_is_used = model.env["ir.config_parameter"].sudo().get_param("base_attendance.hex_scanner_is_used",default=False)
action = {
'type': 'ir.actions.client',
'tag': 'base_attendance_kiosk_mode',
@@ -273,11 +273,11 @@ action = {

<menuitem id="menu_hr_attendance_view_attendances" name="Attendances" parent="menu_hr_attendance_manage_attendances" sequence="10" groups="base_attendance.group_res_attendance" action="hr_attendance_action"/>

<menuitem id="menu_hr_attendance_view_partners_kanban" name="Partners" parent="menu_hr_attendance_manage_attendances" sequence="15" groups="base_attendance.group_hr_attendance_user" action="base.action_partner_form"/>
<menuitem id="menu_hr_attendance_view_partners_kanban" name="Partners" parent="menu_hr_attendance_manage_attendances" sequence="15" groups="base_attendance.group_hr_attendance_manager" action="base.action_partner_form"/>

<menuitem id="menu_hr_attendance_kiosk_mode" name="Kiosk Mode" parent="menu_hr_attendance_manage_attendances" sequence="20" groups="base_attendance.group_hr_attendance_user" action="hr_attendance_action_kiosk_mode"/>
<menuitem id="menu_hr_attendance_kiosk_mode" name="Kiosk Mode" parent="menu_hr_attendance_manage_attendances" sequence="20" groups="base_attendance.group_hr_attendance_manager" action="hr_attendance_action_kiosk_mode"/>

<menuitem id="menu_hr_attendance_report" name="Reports" parent="menu_base_attendance_root" sequence="30" groups="base_attendance.group_hr_attendance_user" action="hr_attendance_action_graph"/>
<menuitem id="menu_hr_attendance_report" name="Reports" parent="menu_base_attendance_root" sequence="30" groups="base_attendance.group_hr_attendance_manager" action="hr_attendance_action_graph"/>

<!--IR CRON-->

@@ -31,5 +31,5 @@
</record>

<menuitem id="base_attendance.menu_hr_attendance_settings" name="Configuration" parent="menu_base_attendance_root"
sequence="99" action="action_hr_attendance_settings" groups="base_attendance.group_hr_attendance_manager"/>
sequence="99" action="action_hr_attendance_settings" groups="base.group_system"/>
</odoo>

0 comments on commit cfd04b2

Please sign in to comment.
You can’t perform that action at this time.