[17.0][ADD] project_create_restriction#30
Conversation
cgarcia-solvos
force-pushed
the
17.0-add-project_create_restriction
branch
2 times, most recently
from
a17bc6a to
4900700
Compare
dalonsod
left a comment
dalonsod
left a comment
There was a problem hiding this comment.
See comments, only code review
|
|
||
| if ( | ||
| operation != "read" | ||
| and self.env.uid != 1 |
There was a problem hiding this comment.
Why this hardcoded id? Other similar addons uses a more deterministic comparison (see: https://github.com/OCA/product-attribute/blob/f60c1ae38c220d7e7c0e4f967895507bae1e8b5a/product_readonly_security/models/product_readonly_security_mixin.py#L27)
|
|
||
| if ( | ||
| operation in ("create", "unlink") | ||
| and self.env.uid != 1 |
There was a problem hiding this comment.
This is because "not self.env.su" checks whether the operation is being executed in a sudo environment, whereas "self.env.uid != 1" checks whether the real user is the system administrator.
In the case of product, using "self.env.su" was sufficient, as record creation is usually not performed with "sudo()". However, in project, project and task creation rely heavily on internal "sudo()" calls, which would bypass this restriction. For this reason, checking "env.su" alone is not sufficient.
There was a problem hiding this comment.
I see, but try to use an XML ID instead an id number anyway.
cgarcia-solvos
force-pushed
the
17.0-add-project_create_restriction
branch
from
4900700 to
e48b87b
Compare
Restrict project and task creation based on user groups
cgarcia-solvos
force-pushed
the
17.0-add-project_create_restriction
branch
from
e48b87b to
4ca971b
Compare
2 participants
Restrict project and task creation based on user groups