Cannot duplicate BR

[elicoidal]

When trying to duplicate a BR I have the following error: AccessError

The requested operation cannot be completed due to security restrictions. Please contact your system administrator.

(Document type: business.requirement, Operation: read)

[rubencabrera]

Have you checked your user's permissions? With the minimum level, Business requirement user, I get the same error but with "Operation: write", which might be right, as I understand it.

[elicoidal]

@rubencabrera I have all proper user rights (estimation + cost control + Project manager)

A user should be able to duplicate any BR with relevant information according to its level of access.

We need to do some more test on the topic

[rubencabrera]

Reviewing permissions everything seems fine for the BR models, might be a restriction on a related model. Going deep to find it is a pain, any permissions you don't have on any other objects (slightly) related to BR?

[victormmtorres]

@rubencabrera the problem starts with BRD and BRDCost modules.

As it's suppose that a BR user group can't see or modify some information about estimation or cost but still should be able to create or duplicate a BR with DL and RL related even if don't have rights to see that information.

The problem AFAIK only have one solution without start to modify write, create,..functions and is to move the groups property to the views.

And see here my PR to fix it: #172

[victormmtorres]

@elicoidal Since I have solved the main problem we had with #172 about functional part.

For the remaining problem that we could have about access through Erppeek script or another there is no solution as the basic requirement of security and functionality wants the opposite.

Security says don't give CRUD access to this computed fields. Functional says give access at least to C,U,D to make it possible compute the value on time.

So the only rational solution is to think how to link one2one BR model to and BR_revenues model. Similar concept to Project task and Time sheet.

Let me know what you think.

[elicoidal]

@victormartinelicocorp true: or use a SUDO for the copy of BR

[victormmtorres]

@elicoidal I know that originally for you just had that issue on duplicate. But for other users I had to give cost access as they couldn't even check (read) or modify their BR because of this.

[elicoidal]

True...

[elicoidal]

Identified the issue to ACL in local database.