Odoo Addons (MOVED TO GITHUB)

Access/permissions problem creating Payslip

Asked by Jonathan Vargas

Hi,

I am getting an access/permission error when trying to calculate the sheet for a employee payslip:

This is only reproducible when using normal users, but no by using the 'admin' user. I've tried to assign the most privileged groups to the user with no success.

The error is reproduced on this video:

http://www.youtube.com/watch?v=Svj-sX8N4LY&feature=youtu.be

What kind of things should I check or consider so I can have additional clues to solve it.

I am using OpenERP 6.1.1 version.

Thanks in advance.

Question information

Language:
English Edit question
Status:
Answered
For:
Odoo Addons (MOVED TO GITHUB) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Serpent Consulting Services (serpent-consulting-services) said : 		#1

Jonathan,

Admin user is almost 'invincible' unless you modify the access heavily by record rules. Admin user never gets affected by any rules

Looking at our video, I observe this:
1. The login user is Marium(User) and Employee for whom you create payslip is Johanna(Employee). Are they different or same (employee Johanna has Marium user linked)?
2. If they are different, see the record rule : If the logged in uder is creating his own slip, he is allowed. If the logged in user is the manager of any department, he can create payslips of all employees of that dept.

I am sure this answers your confusion.

Regards,
Serpent Consulting Services.
http://www.serpentcs.com

Revision history for this message
Serpent Consulting Services (serpent-consulting-services) said : 		#2

You can see the Record rule 'Employee Payslip' to know more.
Thanks.

Revision history for this message
Jonathan Vargas (jvargas-alkaid) said : 		#3

Thanks for the tips, they helped me to determine the root of the problem:

I took a look at the corresponding Payslip rule, and it has this:

['|', ('employee_id.user_id', '=', user.id), ('employee_id.department_id.manager_id.user_id', '=', user.id)]

That means, If I interpret it correctly:

A. Allow when the current user is the same than the employee being paid.

OR

B. When I am the manager of the department where this employee belongs to.

And in both of these cases, the current user must have a HR Office rol. This means that only managers of each department are able to pay to employees, neither Human Resources manager can pay to other departments employees.

How can I change this to allow to Human Resources Manager pay the salary of any employee in the organization?

Thanks in advance

Revision history for this message
Serpent Consulting Services (serpent-consulting-services) said : 		#4

Jonathan,

In this case, you can do :

1. Override the search() and check for the relevant group.
2. Allot this record rule to only specific group and not hr manager group.

Thanks.

Can you help with this problem?

Provide an answer of your own, or ask Jonathan Vargas for more information if necessary.

To post a message you must log in.