odoo/odoo#189970
Created by fw-bot
Merged
at 9f1d57e3e0b2833d4c61c2a04a41aa82f4ff4f8d
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/template: Contact runbot team on discord for help.
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- label
- odoo-dev:saas-17.4-18.0-opw-4367393-credit_limit_access_rights-sile-WW36-fw
- head
- 87dafaf23e3f5f569d43ad32ffdcff3f1198bf85
- merged
- 1 year ago by Bugfix, Levi Siuzdak
| odoo/odoo | |
|---|---|
| 16.0 | #189209 |
| 17.0 | #189803 |
| saas-17.2 | #189939 |
| saas-17.4 | #189970 |
| 18.0 | #190011 |
| saas-18.2 | |
| saas-18.3 | |
| saas-18.4 | |
| 19.0 | |
| master | #190034 |
[FW][FIX] sale: avoid access error on `credit_limit` field
Versions
- 16.0+
Steps (18.0+)
- Enable credit limits via Accounting settings;
- log in as a user with access to Sales but not Accounting;
- create a Sales Order;
- add a product.
Issue
Access Error.
Cause
Commit de302c2 changed the way company dependent fields are handled. Instead of computing them via _compute_company_dependent, they are now stored in the database.
Before this this change, any groups restriction added to a field wasn't actually checked. After this change, it does get checked, leading to the access error.
Solution
- Use
sudoto accesspartner_id.credit. - When calling the
_build_credit_warning_message, pass the sales order withsudo.