Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FW][FIX] website: prevent crash for non admin publisher when click on form #109112

Closed
wants to merge 1 commit into from
Closed

[FW][FIX] website: prevent crash for non admin publisher when click on form #109112

wants to merge 1 commit into from

Conversation

fw-bot
Copy link
Contributor

@fw-bot fw-bot commented Jan 4, 2023

When editing a website form, a search_read request is fired on
ir.model model to get the list of possible form actions (create
ticket, create opportunity, etc.).
But since commit 1 in Odoo 15, non-admin users don't have read access
anymore on this model, leading to a traceback when clicking on a form in
edit mode.

Steps to reproduce (as designer):

  • Install only website and login as admin
  • Make "portal" user an internal user and give him "Editor and Designer"
    rights
  • Login as "portal" user
  • Enter edit mode on any page and drag & drop the form snippet, or
    simply go to /contactus page which already has one
  • Click on the form -> Traceback

Steps to reproduce (as publisher/restricted editor):

  • Install website_hr_recruitment
  • Make "portal" user an internal user and give him the following rights:
    • Website: Restricted Editor
    • Recruitment: Administrator
  • Login as "portal" user
  • Go to a job page like /jobs/detail/experienced-developer-4
  • Enter edit mode and drag & drop the form snippet
  • It will crash

opw-3098097
opw-3101884

Forward-Port-Of: #108680

@rdeodoo
[FIX] website: prevent crash for non admin publisher when click on form
7f3e029 
When editing a website form, a `search_read` request is fired on
`ir.model` model to get the list of possible form actions (create
ticket, create opportunity, etc.).
But since commit [1] in Odoo 15, non-admin users don't have read access
anymore on this model, leading to a traceback when clicking on a form in
edit mode.

Steps to reproduce (as designer):
- Install only website and login as admin
- Make "portal" user an internal user and give him "Editor and Designer"
  rights
- Login as "portal" user
- Enter edit mode on any page and drag & drop the form snippet, or
  simply go to /contactus page which already has one
- Click on the form -> Traceback

Steps to reproduce (as publisher/restricted editor):
- Install website_hr_recruitment
- Make "portal" user an internal user and give him the following rights:
  - Website: Restricted Editor
  - Recruitment: Administrator
- Login as "portal" user
- Go to a job page like /jobs/detail/experienced-developer-4
- Enter edit mode and drag & drop the form snippet
- It will crash

[1]: odoo@5dc4cff

opw-3098097
opw-3101884

X-original-commit: 0b439de
@robodoo
Copy link
Contributor

robodoo commented Jan 4, 2023

Pull request status dashboard.

@fw-bot
Copy link
Contributor Author

fw-bot commented Jan 4, 2023

This PR targets saas-15.3 and is part of the forward-port chain. Further PRs will be created up to master.

More info at https://github.com/odoo/odoo/wiki/Mergebot#forward-port

@robodoo robodoo added the forwardport This PR was created by @fw-bot label Jan 4, 2023
@C3POdoo C3POdoo added the OE the report is linked to a support ticket (opw-...) label Jan 4, 2023
@rdeodoo
Copy link
Contributor

rdeodoo commented Jan 5, 2023

@fw-bot r+ next version is to be fixed due to group name change

robodoo pushed a commit that referenced this pull request Jan 5, 2023
@rdeodoo
[FIX] website: prevent crash for non admin publisher when click on form
90156d7 
When editing a website form, a `search_read` request is fired on
`ir.model` model to get the list of possible form actions (create
ticket, create opportunity, etc.).
But since commit [1] in Odoo 15, non-admin users don't have read access
anymore on this model, leading to a traceback when clicking on a form in
edit mode.

Steps to reproduce (as designer):
- Install only website and login as admin
- Make "portal" user an internal user and give him "Editor and Designer"
  rights
- Login as "portal" user
- Enter edit mode on any page and drag & drop the form snippet, or
  simply go to /contactus page which already has one
- Click on the form -> Traceback

Steps to reproduce (as publisher/restricted editor):
- Install website_hr_recruitment
- Make "portal" user an internal user and give him the following rights:
  - Website: Restricted Editor
  - Recruitment: Administrator
- Login as "portal" user
- Go to a job page like /jobs/detail/experienced-developer-4
- Enter edit mode and drag & drop the form snippet
- It will crash

[1]: 5dc4cff

opw-3098097
opw-3101884

closes #109112

X-original-commit: 0b439de
Signed-off-by: Quentin Smetz (qsm) <qsm@odoo.com>
Signed-off-by: Romain Derie (rde) <rde@odoo.com>
@robodoo robodoo temporarily deployed to merge January 5, 2023 11:02 Inactive
@robodoo robodoo closed this Jan 5, 2023
@fw-bot fw-bot deleted the saas-15.3-15.0-opw-3098097-website-forms-access--bugfix-IEL-_55Z-fw branch January 19, 2023 11:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
forwardport This PR was created by @fw-bot OE the report is linked to a support ticket (opw-...)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@fw-bot @robodoo @rdeodoo @C3POdoo