[RFC] 14.0 pos_user_restriction access rights issues

[francesco-ooops]

Steps to reproduce the bug:

open oca/pos-14 runboat install pos_cache (odoo module) set access right "User: Assigned POS Only" for user "marc demo" log in with marc demo > open pos Error:

You are not allowed to access 'Point of Sale Cache' (pos.cache) records.

This operation is allowed for the following groups:

• Point of Sale/User

Exit pos interface > click "close" on the dashboard Error You are not allowed to access 'PoS - Move In / Out Reason' (pos.move.reason) records.

This operation is allowed for the following groups:

• Point of Sale/User

---

Issue

pos_user_restriction adds group "User: Assigned POS Only", but several modules require "Pos: user" as access right to complete actions

Possible solutions

• create bridge modules allowing pos_user_restriction with other modules requiring "user" access right
• making group "Assigned POS only" based on "POS: user" (if that's technically possible)
• changing "Assigned POS only" from access right to extra right (user will have access right "POS: user" and flag "Assigned POS only" activated)

@OCA/pos-maintainers @legalsylvain what would you suggest? Thanks!

[legalsylvain]

No Idea, I don't use pos restriction module. However what you suggest makes senses.

[francesco-ooops]

@legalsylvain ok, so IMO

• solution 1 is cumbersome and doesn't really fixes the issue for the future
• solutions 2 and 3 would require a major change in the module, we can do that but would PSC approve it?

[legalsylvain]

solutions 2 and 3 would require a major change in the module, we can do that but would PSC approve it?

No, it's a change of design of the module. The better approach is to contact maintainers / authors of the module.

@eLBati : do you have a point of view regarding that limitation.

making group "Assigned POS only" based on "POS: user" (if that's technically possible)

It will not be easy at all, for the time being, it's the reverse, and it's done on purpose. See :

https://github.com/OCA/pos/blob/14.0/pos_user_restriction/security/pos_security.xml#L11

But immediately, you can make a PR against V14 Pos repo, to add a section in the ROADMAP.rst to mention that the module is currently incompatible with other module. (like pos_cache, etc...) Could you do that ?

thanks.

[francesco-ooops]

@eLBati could you provide a feedback? thanks!

[francesco-ooops]

@eLBati can you take a look please?

[eLBati]

@francesco-ooops do you know if this is also reproducible on v12?

[francesco-ooops]

@eLBati for sure the part related to pos_cache, as I see this module was created for v12: https://github.com/OCA/pos/tree/12.0/pos_cache_user_restriction

in general, this module is very prone to having any feature restricted to "POS: user" provide an access right error, while it could be managed differently

[github-actions[bot]]

There hasn't been any activity on this issue in the past 6 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days. If you want this issue to never become stale, please ask a PSC member to apply the "no stale" label.