Skip to content

[FIX] product_cost_security: Allow fieldless write() to succeed.#2335

Open
bobslee wants to merge 1 commit into
OCA:18.0from
bobslee:18.0-product_cost_security-fieldless-write
Open

[FIX] product_cost_security: Allow fieldless write() to succeed.#2335
bobslee wants to merge 1 commit into
OCA:18.0from
bobslee:18.0-product_cost_security-fieldless-write

Conversation

@bobslee

@bobslee bobslee commented Jun 23, 2026

Copy link
Copy Markdown

check_field_access_rights raises an AccessError whenever a non cost-editor touches a cost field. However, when fields is empty (e.g. an empty vals dict reaches write), the base ORM expands it to every accessible field, which includes the protected cost fields, and the mixin then wrongly denies the write.

This happens, for instance, when l10n_eu_product_adr pops every value out of the write vals (is_dangerous/adr_goods_id are delegated to the to the variants) and delegates an empty dict to super().write({}).

A field-less, non-superuser write/create targets no cost field, so we bypass the cost-edit restriction and rely on the standard ORM checks. The return value is irrelevant here: write ignores it.

@OCA-git-bot

Copy link
Copy Markdown
Contributor

Hi @rafaelbn, @yajo, @sergio-teruel,
some modules you are maintaining are being modified, check this out!

@OCA-git-bot OCA-git-bot added series:18.0 mod:product_cost_security Module product_cost_security labels Jun 23, 2026
@sergio-teruel

Copy link
Copy Markdown
Contributor

Please review #2254

@yajo

yajo commented Jun 24, 2026

Copy link
Copy Markdown
Member

Why would you call write({}) with an empty dict?

check_field_access_rights raises an AccessError whenever a non
cost-editor touches a cost field. However, when fields is empty
(e.g. an empty vals dict reaches write), the base ORM expands it to
*every* accessible field, which includes the protected cost fields,
and the mixin then wrongly denies the write.

This happens, for instance, when l10n_eu_product_adr pops every value
out of the write vals (is_dangerous/adr_goods_id are delegated to the
to the variants) and delegates an empty dict to super().write({}).

A field-less, non-superuser write/create targets no cost field, so we
bypass the cost-edit restriction and rely on the standard ORM checks.
The return value is irrelevant here: write ignores it.
@bobslee bobslee force-pushed the 18.0-product_cost_security-fieldless-write branch from dfc3533 to cb0d2b0 Compare June 24, 2026 13:46
@bobslee

bobslee commented Jun 24, 2026

Copy link
Copy Markdown
Author

Why would you call write({}) with an empty dict?

This happens, for instance, when ⁠ l10n_eu_product_adr ⁠ pops every value out of the write ⁠ vals ⁠ (⁠ is_dangerous ⁠⁠ / ⁠⁠ adr_goods_id ⁠ are delegated to the variants) and delegates an empty dict to ⁠ super().write({}) ⁠.

@yajo

yajo commented Jun 25, 2026

Copy link
Copy Markdown
Member

However, isn't this opening a problem? You're telling upstream they can write some fields, when they can't.

@pedrobaeza

Copy link
Copy Markdown
Member

Shouldn't it be  l10n_eu_product_adr ⁠ which don't call super if vals is empty?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

mod:product_cost_security Module product_cost_security series:18.0

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants