You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1- Multi-environment configuration
2- Allow customer ratings on project.
3- Go to Project > Reporting > Customer ratings
4- All customer ratings belong to Company San Francisco.
5- User is current on Company Chicago
6- Tried to access one customer rating
Current behavior:
If I have multi-company environment, all customer ratings tasks are not being filtered by company, it shows all ratings for all companies, independently which company is the user at.
Expected behavior:
If I have multi-company environment, when i go to check customer ratings task as an example, it has to show only task rating for the company that user is logged in.
In this example, when the user is with Company Chicago, when access to Customer ratings, it should be an empty list.
Please note, there is no field company_id on model rating.rating and security rule is missing.
The text was updated successfully, but these errors were encountered:
carolinafernandez-tecnativa
changed the title
[16.0][BUG] Missing multi-company rules on rating
[16.0][BUG] Missing multi-company rule on rating
Apr 23, 2024
I think this can be implemented overriding _check_access and checking if the user have access to the rating related record. This way, it's not only multi-company, but any other restriction through record rules can be checked.
Impacted versions:
15.0, 16.0, 17.0
Steps to reproduce:
1- Multi-environment configuration
2- Allow customer ratings on project.
3- Go to Project > Reporting > Customer ratings
4- All customer ratings belong to Company San Francisco.
5- User is current on Company Chicago
6- Tried to access one customer rating
Current behavior:
If I have multi-company environment, all customer ratings tasks are not being filtered by company, it shows all ratings for all companies, independently which company is the user at.
Expected behavior:
If I have multi-company environment, when i go to check customer ratings task as an example, it has to show only task rating for the company that user is logged in.
In this example, when the user is with Company Chicago, when access to Customer ratings, it should be an empty list.
Please note, there is no field company_id on model rating.rating and security rule is missing.
cc @Tecnativa TT48683
The text was updated successfully, but these errors were encountered: