From 3ae99a6df4d3d1ec4b9d0fee6e82a34a0b2d190b Mon Sep 17 00:00:00 2001 From: nicolasrsande Date: Tue, 8 Nov 2022 17:28:58 -0300 Subject: [PATCH 1/3] [14.0] [IMP] payroll: improve security --- payroll/security/hr_payroll_security.xml | 6 +++++ payroll/security/ir.model.access.csv | 4 +-- payroll/views/hr_salary_rule_views.xml | 32 ++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 2 deletions(-) diff --git a/payroll/security/hr_payroll_security.xml b/payroll/security/hr_payroll_security.xml index 2ccfdcf72..dc323ac71 100644 --- a/payroll/security/hr_payroll_security.xml +++ b/payroll/security/hr_payroll_security.xml @@ -23,6 +23,12 @@ eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]" /> + + + Payroll: Allow to edit python code in rules + + + diff --git a/payroll/security/ir.model.access.csv b/payroll/security/ir.model.access.csv index cf2b51278..506694be3 100644 --- a/payroll/security/ir.model.access.csv +++ b/payroll/security/ir.model.access.csv @@ -9,8 +9,8 @@ access_hr_payslip_input_user,hr.payslip.input.user,model_hr_payslip_input,payrol access_hr_payslip_worked_days_officer,hr.payslip.worked_days.officer,model_hr_payslip_worked_days,payroll.group_payroll_user,1,1,1,1 access_hr_payslip_run,hr.payslip.run,model_hr_payslip_run,payroll.group_payroll_manager,1,1,1,1 access_hr_rule_input_officer,hr.rule.input.office,model_hr_rule_input,payroll.group_payroll_user,1,1,1,1 -access_hr_salary_rule_user,hr.salary.rule user,model_hr_salary_rule,payroll.group_payroll_user,1,0,0,0 -access_hr_salary_rule_manager,hr.salary.rule manager,model_hr_salary_rule,payroll.group_payroll_manager,1,1,1,1 +access_hr_salary_rule_user,hr.salary.rule.user,model_hr_salary_rule,payroll.group_payroll_user,1,0,0,0 +access_hr_salary_rule_manager,hr.salary.rule.manager,model_hr_salary_rule,payroll.group_payroll_manager,1,1,1,1 access_hr_payslip_batch_employees_transient,hr.payslip.employees.batch,model_hr_payslip_employees,hr.group_hr_user,1,1,1,0 access_hr_payslip_lines_contribution_register_transient,payslip.lines.contribution.register,model_payslip_lines_contribution_register,hr.group_hr_user,1,1,1,0 access_hr_payslip_change_state,access_hr_payslip_change_state,model_hr_payslip_change_state,base.group_user,1,1,1,0 diff --git a/payroll/views/hr_salary_rule_views.xml b/payroll/views/hr_salary_rule_views.xml index a559026aa..b5085951b 100644 --- a/payroll/views/hr_salary_rule_views.xml +++ b/payroll/views/hr_salary_rule_views.xml @@ -135,7 +135,23 @@ options="{'mode': 'python'}" id="condition_python" nolabel="1" + groups="payroll.group_payroll_allow_python" /> + + Date: Tue, 8 Nov 2022 18:45:53 -0300 Subject: [PATCH 2/3] [14.0] [IMP] payroll: improve security --- payroll/security/hr_payroll_security.xml | 4 +++- payroll/views/hr_salary_rule_views.xml | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/payroll/security/hr_payroll_security.xml b/payroll/security/hr_payroll_security.xml index dc323ac71..3d2d3df73 100644 --- a/payroll/security/hr_payroll_security.xml +++ b/payroll/security/hr_payroll_security.xml @@ -25,7 +25,9 @@ - Payroll: Allow to edit python code in rules + Payroll: Allow editing python code in salary rules diff --git a/payroll/views/hr_salary_rule_views.xml b/payroll/views/hr_salary_rule_views.xml index b5085951b..bd7f50955 100644 --- a/payroll/views/hr_salary_rule_views.xml +++ b/payroll/views/hr_salary_rule_views.xml @@ -146,9 +146,9 @@

Security Notice


You are NOT allowed to see rule code.
You are NOT allowed to see the rule python code.
- Salary rule code view and editing is only allowed to user with the required access rights. + Salary rule code view and editing is only allowed to users with the required specific access rights. If you think there is an error, ask your system adminsitrator.

@@ -217,9 +217,9 @@

Security Notice


You are NOT allowed to see rule code.
You are NOT allowed to see the rule python code.
- Salary rule code view and editing is only allowed to user with the required access rights. + Salary rule code view and editing is only allowed to users with the required specific access rights. If you think there is an error, ask your system adminsitrator.

From 23b62e0e0b6bf01d76c8964d5704ef94738f61ed Mon Sep 17 00:00:00 2001 From: nicolasrsande Date: Wed, 9 Nov 2022 12:51:34 -0300 Subject: [PATCH 3/3] [14.0] [IMP] payroll: improve security --- payroll/security/hr_payroll_security.xml | 4 +--- payroll/views/hr_salary_rule_views.xml | 28 ++++++++++++------------ 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/payroll/security/hr_payroll_security.xml b/payroll/security/hr_payroll_security.xml index 3d2d3df73..74183b52e 100644 --- a/payroll/security/hr_payroll_security.xml +++ b/payroll/security/hr_payroll_security.xml @@ -25,9 +25,7 @@ - Payroll: Allow editing python code in salary rules + Payroll: Access to python code in salary rules diff --git a/payroll/views/hr_salary_rule_views.xml b/payroll/views/hr_salary_rule_views.xml index bd7f50955..5897f44a0 100644 --- a/payroll/views/hr_salary_rule_views.xml +++ b/payroll/views/hr_salary_rule_views.xml @@ -138,18 +138,18 @@ groups="payroll.group_payroll_allow_python" />