Skip to content
Snippets Groups Projects
Select Git revision
  • 16.0
  • 17.0
  • 18.0
  • 15.0
  • 14.0
  • 14.0-__main__-sbi
  • 16.0-__main__-sbi
  • 12.0-suds
  • 12.0 default protected
  • 13.0
  • renovate/configure
  • 9.0
  • 10.0
  • 7.0
  • 8.0
  • 11.0
  • 9.0-ocabot-merge-pr-1088-by-pedrobaeza-bump-nobump
  • 8.0-ocabot-merge-pr-831-by-pedrobaeza-bump-nobump
  • 12.0-old
  • 11.0-ocabot-merge-pr-882-by-pedrobaeza-bump-nobump
  • 15.0_2025-04-08
  • 16.0_2025-04-08
  • 17.0_2025-03-14
  • 16.0_2025-03-14
  • 16.0_2025-02-14
  • 17.0_2025-02-14
  • 15.0_2025-02-14
  • 15.0_2025-03-14
  • 14.0_2025-02-14
  • 14.0_2025-03-14
  • 16.0_2025-01-14
  • 17.0_2025-01-14
  • 14.0_2025-01-14
  • 16.0_2024-12-14
  • 17.0_2024-12-14
  • 15.0_2024-12-14
  • 15.0_2025-01-14
  • 15.0_2024-11-14
  • 16.0_2024-11-14
  • 17.0_2024-11-14
40 results
Compare
user avatar
[FIX] models, test_access_rights: restore normal ACL check
Nans Lefebvre authored 
Because of 4b1cb41c, we might try to read
the field 'active' on a record on which we can't read fields besides the name.
This thus triggers an access error where there should not have been.

In particular, this is the case for portal users: most often the records they
can access point to records that they can't read
(e.g. the partner of the internal user assigned to the ticket).
As a result, clicking on any link creates an ACL, and thus redirects to the
home page.

It turns out that filtered_domain was primarily used on already loaded records,
typically for the write, so it was assumed that the records could be read
in the first place.
However in the use-case of the portal, there is an explicit check on the read
rights with the portal user, explaining the discrepancy.

Since in the general case filtered_domain should be able to read all fields
to evaluate the domain, we put it in sudo.

fix co-authored with @rco

closes odoo/odoo#38540

X-original-commit: cff5cc8c
Signed-off-by: default avatarNans Lefebvre (len) <len@odoo.com>
60534c65
History
user avatar 60534c65
History
Name Last commit Last update
.github
.tx
addons
debian
doc
odoo
setup
.gitignore
.mailmap
CONTRIBUTING.md
COPYRIGHT
LICENSE
MANIFEST.in
README.md
SECURITY.md
odoo-bin
requirements.txt
setup.cfg
setup.py
README.md

Build Status Tech Doc Help Nightly Builds

Odoo

Odoo is a suite of web based open source business apps.

The main Odoo Apps include an Open Source CRM, Website Builder, eCommerce, Warehouse Management, Project Management, Billing & Accounting, Point of Sale, Human Resources, Marketing, Manufacturing, Purchase Management, ...

Odoo Apps can be used as stand-alone applications, but they also integrate seamlessly so you get a full-featured Open Source ERP when you install several Apps.

Getting started with Odoo

For a standard installation please follow the Setup instructions from the documentation.

Then follow the developer tutorials