Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Product admins are required be sitewide admin to print: [ERROR] You are not allowed to access #99437

Open
adamflorizone opened this issue Sep 1, 2022 · 3 comments
Open

Product admins are required be sitewide admin to print: [ERROR] You are not allowed to access #99437

adamflorizone opened this issue Sep 1, 2022 · 3 comments

Comments

@adamflorizone
Copy link

adamflorizone commented Sep 1, 2022
edited

Impacted versions:
Odoo 15.0-20211119 (Community Edition)
ALL THE WAY TO
Odoo 15.0-20220826 (Community Edition)

Steps to reproduce:
User Access Rights:

Inventory: Administrator
Administration: (BLANK)

Navigate to: Product -> Any Product -> Print Labels

Current behavior:
[ERROR MESSAGE]

You are not allowed to access 'Choose the sheet layout to print the labels' (product.label.layout) records.

This operation is allowed for the following groups:
   - Administration/Settings

Contact your administrator to request access if necessary.

Workaround:
The "workaround" is to give site wide admin to all users that want to print. This BY DESIGN requirement is a security issue and gains users full site manipulation. This is not a Vulnerability. Full site Admin should NOT be a requirement to print a label.

Expected behavior:
"Normal users" should be able to print without site wide Administration rights

Video/Screenshot link (optional):

Support ticket number submitted via odoo.com/help (optional):
@adamflorizone adamflorizone changed the title Product Admins MUST be sitewide admins: [ERROR] You are not allowed to access 'Choose the sheet layout to print the labels' (product.label.layout) records. Product Admins MUST be sitewide admins to print: [ERROR] You are not allowed to access Sep 1, 2022
@adamflorizone adamflorizone changed the title Product Admins MUST be sitewide admins to print: [ERROR] You are not allowed to access Product admins are required be sitewide admin to print: [ERROR] You are not allowed to access Sep 1, 2022
@niyasraphy
Copy link
Contributor

Seems this has been already resolved.

@adamflorizone
Copy link
Author

Can you please link to resolution?

@niyasraphy
Copy link
Contributor

@adamflorizone tested in runbot and in my local with the given scenario and was not able to reproduce the case.
also checked the security for the model: product.label.layout and seems internal users have access to it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@niyasraphy @adamflorizone