[FW][FIX] account: allow users to see products after configuring taxes #151639
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
|
@yajo @csnauwaert cherrypicking of pull request #146787 failed. stdout: stderr: Either perform the forward-port manually (and push to this branch, proceeding as usual) or close this PR (maybe?). In the former case, you may want to edit this PR message as well. More info at https://github.com/odoo/odoo/wiki/Mergebot#forward-port |
robodoo
added
forwardport
The `account` module adds the `tax_string` field to product forms: https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/views/product_view.xml#L76 That field calls `Model(account.tax).compute_all()`: https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/models/product.py#L71 That method needs access to `account.account.tag` records: https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/models/account_tax.py#L563 https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/models/account_tax.py#L632 https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/models/account_tax.py#L648 https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/models/account_tax.py#L671 Internal users were able to read `account.tax` and `account.tax.repartition.line` records, but they couldn't read `account.account.tag` records. So, this lead to the absurd situation where a user with permissions to read products (like stock, PoS or event users) couldn't be able to see the product form anymore whenever that product happened to have a tax with a repartition line with a tag. This is a regression from Odoo 14, introduced in odoo#74138 and odoo#73602. I'm granting all internal users read permission over `account.account.tag`, just like the one they have for `account.tax` and `account.tax.repartition.line`. BTW that's the fix suggested by Odoo helpdesk. Funny enough, while exercising the test, I also noticed that a similar situation happens with MRP. When installed, other users that would normally be able to browse products, would no longer have access. The fix is incouded too; otherwise the test wouldn't pass. @moduon MT-4390 OPW-3636032 X-original-commit: 9c7028b
csnauwaert
force-pushed
the
saas-16.2-15.0-account-fix_tag_access-eaw0-fw
branch
from
ac76ab2 to
b39ba3f
Compare
|
@robodoo r+ |
robodoo
pushed a commit
that referenced
this pull request
Jan 31, 2024
The `account` module adds the `tax_string` field to product forms: https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/views/product_view.xml#L76 That field calls `Model(account.tax).compute_all()`: https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/models/product.py#L71 That method needs access to `account.account.tag` records: https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/models/account_tax.py#L563 https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/models/account_tax.py#L632 https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/models/account_tax.py#L648 https://github.com/odoo/odoo/blob/ceb8b785fba1055deeff8d9075ccc707f2317278/addons/account/models/account_tax.py#L671 Internal users were able to read `account.tax` and `account.tax.repartition.line` records, but they couldn't read `account.account.tag` records. So, this lead to the absurd situation where a user with permissions to read products (like stock, PoS or event users) couldn't be able to see the product form anymore whenever that product happened to have a tax with a repartition line with a tag. This is a regression from Odoo 14, introduced in #74138 and #73602. I'm granting all internal users read permission over `account.account.tag`, just like the one they have for `account.tax` and `account.tax.repartition.line`. BTW that's the fix suggested by Odoo helpdesk. Funny enough, while exercising the test, I also noticed that a similar situation happens with MRP. When installed, other users that would normally be able to browse products, would no longer have access. The fix is incouded too; otherwise the test wouldn't pass. @moduon MT-4390 OPW-3636032 closes #151639 X-original-commit: 9c7028b Signed-off-by: Cedric Snauwaert <csn@odoo.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
accountmodule adds thetax_stringfield to product forms:odoo/addons/account/views/product_view.xml
Line 76 in ceb8b78
That field calls
Model(account.tax).compute_all():odoo/addons/account/models/product.py
Line 71 in ceb8b78
That method needs access to
account.account.tagrecords:odoo/addons/account/models/account_tax.py
Line 563 in ceb8b78
odoo/addons/account/models/account_tax.py
Line 632 in ceb8b78
odoo/addons/account/models/account_tax.py
Line 648 in ceb8b78
odoo/addons/account/models/account_tax.py
Line 671 in ceb8b78
Internal users were able to read
account.taxandaccount.tax.repartition.linerecords, but they couldn't readaccount.account.tagrecords.So, this lead to the absurd situation where a user with permissions to read products (like stock, PoS or event users) couldn't be able to see the product form anymore whenever that product happened to have a tax with a repartition line with a tag:
2023-12-12.11-59-50.mp4
This is a regression from Odoo 14, introduced in #74138 and #73602.
I'm granting all internal users read permission over
account.account.tag, just like the one they have foraccount.taxandaccount.tax.repartition.line. BTW that's the fix suggested by Odoo helpdesk.@moduon MT-4390
OPW-3636032
I confirm I have signed the CLA and read the PR guidelines at www.odoo.com/submit-pr
Forward-Port-Of: #149306
Forward-Port-Of: #146787