OCA / pos

GNU Affero General Public License v3.0
284 stars 602 forks source link

[RFC] 14.0 pos_user_restriction access rights issues #825

Closed francesco-ooops closed 1 year ago

francesco-ooops commented 2 years ago

Steps to reproduce the bug:

open oca/pos-14 runboat install pos_cache (odoo module) set access right "User: Assigned POS Only" for user "marc demo" log in with marc demo > open pos Error:

You are not allowed to access 'Point of Sale Cache' (pos.cache) records.

This operation is allowed for the following groups:

Exit pos interface > click "close" on the dashboard Error You are not allowed to access 'PoS - Move In / Out Reason' (pos.move.reason) records.

This operation is allowed for the following groups:


Issue

pos_user_restriction adds group "User: Assigned POS Only", but several modules require "Pos: user" as access right to complete actions

Possible solutions

@OCA/pos-maintainers @legalsylvain what would you suggest? Thanks!

legalsylvain commented 2 years ago

No Idea, I don't use pos restriction module. However what you suggest makes senses.

francesco-ooops commented 2 years ago

@legalsylvain ok, so IMO

legalsylvain commented 2 years ago

solutions 2 and 3 would require a major change in the module, we can do that but would PSC approve it?

No, it's a change of design of the module. The better approach is to contact maintainers / authors of the module.

@eLBati : do you have a point of view regarding that limitation.

making group "Assigned POS only" based on "POS: user" (if that's technically possible)

It will not be easy at all, for the time being, it's the reverse, and it's done on purpose. See :

https://github.com/OCA/pos/blob/14.0/pos_user_restriction/security/pos_security.xml#L11

But immediately, you can make a PR against V14 Pos repo, to add a section in the ROADMAP.rst to mention that the module is currently incompatible with other module. (like pos_cache, etc...) Could you do that ?

thanks.

francesco-ooops commented 2 years ago

@eLBati could you provide a feedback? thanks!

francesco-ooops commented 2 years ago

@eLBati can you take a look please?

eLBati commented 2 years ago

@francesco-ooops do you know if this is also reproducible on v12?

francesco-ooops commented 2 years ago

@eLBati for sure the part related to pos_cache, as I see this module was created for v12: https://github.com/OCA/pos/tree/12.0/pos_cache_user_restriction

in general, this module is very prone to having any feature restricted to "POS: user" provide an access right error, while it could be managed differently

github-actions[bot] commented 1 year ago

There hasn't been any activity on this issue in the past 6 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days. If you want this issue to never become stale, please ask a PSC member to apply the "no stale" label.