odoo/odoo#163329
Created by Bugfix, Séna Serge Nshimiyimana (sesn)
Merged
at 3be00fa01ed400c2bd7b4fda49871fd14869a48d
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/template: Contact runbot team on discord for help.
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- label
- odoo-dev:saas-16.4-opw-3858685-sale_admin_invoice_access-sesn
- head
- 8f62c5717ddcc0cdc8d994a8adb45e51bc4e3acf
- merged
- 5 months ago by Platform, Brice Bartoletti (bib)
odoo/odoo | |
---|---|
saas-16.4 | #163329 |
17.0 | #163412 |
saas-17.1 | #163427 |
saas-17.2 | #163439 |
master | #163452 |
[FIX] account_edi: allow users to read account.edi.format/documnet
Steps to Reproduce
- Install
sale_management
andaccount_edi
. - Create a user with admin access in sales but no rights in accounting.
- Log in as the new user.
- Navigate to a Sales Order that has been invoiced and attempt to view its invoice via the 'Invoices' stat button.
Expected Behavior: The user should be able to view the invoice.
Actual Behavior: An access error is encountered when attempting to view the invoice.
Cause
The access error arises due to restricted permissions for account.edi.format
and account.edi.document
. Prior to commit 604a47ead80eb8a07102a978f364d82776f69da3, all users had access to these models. However, this commit restricted access solely to users with the account.group_account_readonly
role, as part of a broader security enhancement to minimize unnecessary access by portal users.