Skip to content

[FIX] hr: fix access error on language change #94558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[FIX] hr: fix access error on language change #94558

wants to merge 1 commit into from

Conversation

@Williambraecky
Copy link
Contributor

@Williambraecky Williambraecky commented Jun 24, 2022

Backport of #81474
Before #86889 a regular user with employees in multiple
companies was not able to change his own language due to a chain of
event calling onchange on all the employee_ids and employee_ids on
res.users being read as sudo.
The fix does work but was wrong because it gave access to the user's
public employee regardless of the active company_id
A domain was added to employee_ids to make force the security rules even
in sudo.

@Williambraecky
[FIX] hr: fix access error on language change
a8b36d3 
Backport of odoo#81474
Before odoo#86889 a regular user with employees in multiple
companies was not able to change his own language due to a chain of
event calling onchange on all the employee_ids and employee_ids on
res.users being read as sudo.
The fix does work but was wrong because it gave access to the user's
public employee regardless of the active company_id
A domain was added to employee_ids to make force the security rules even
in sudo.
@robodoo
Copy link
Contributor

robodoo commented Jun 24, 2022
edited
Loading

Pull request status dashboard

@kbapt
Copy link
Contributor

kbapt commented Jun 24, 2022

robodoo r+

@C3POdoo C3POdoo added the RD research & development, internal work label Jun 24, 2022
robodoo pushed a commit that referenced this pull request Jun 24, 2022
@Williambraecky
[FIX] hr: fix access error on language change
90cec40 
Backport of #81474
Before #86889 a regular user with employees in multiple
companies was not able to change his own language due to a chain of
event calling onchange on all the employee_ids and employee_ids on
res.users being read as sudo.
The fix does work but was wrong because it gave access to the user's
public employee regardless of the active company_id
A domain was added to employee_ids to make force the security rules even
in sudo.

closes #94558

Signed-off-by: Kevin Baptiste <[email protected]>
@robodoo robodoo closed this Jun 24, 2022
@robodoo robodoo temporarily deployed to merge June 24, 2022 16:38 Inactive
This was referenced Jun 24, 2022
Closed
Closed
Closed
Closed
Closed
Closed
@fw-bot fw-bot deleted the 14.0-fix-public-employee-ir-rule-wbr branch July 8, 2022 16:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

RD research & development, internal work

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Williambraecky @robodoo @kbapt @C3POdoo