Module
product_cost_security
Describe the bug
The module prevents produce all on mrp.production when installed for users without read access to product cost fields. MRP users should be able to produce mrp.production even if they are not allowed to see product costs.
amount = - unit_amount * self.product_id.standard_price
Since standard_price required read access on the product cost, this raises an AccessError for users without required rights when product_cost_security is installed.
It seems that this call should likely use sudo() and price saved in cache as it was resolved in issue #2115
However, i am not sure if any other change should be made along this.
To Reproduce
Affected versions: 18.0.1.0.0
Steps to reproduce the behavior:
- Start new odoo18 database
- Login as admin
- Install modules: project_mrp_account, product_cost_security
- Create/edit mrp.production and add project
- Click button "Produce all" on mrp.production
Result:
Produce all fails with an access error when reading product_id.standard_price.
Expected behavior
Produce all on production should succeed for users without product cost access rights. The module should not block standard mrp operations.
Module
product_cost_security
Describe the bug
The module prevents produce all on mrp.production when installed for users without read access to product cost fields. MRP users should be able to produce mrp.production even if they are not allowed to see product costs.
Since standard_price required read access on the product cost, this raises an AccessError for users without required rights when product_cost_security is installed.
It seems that this call should likely use sudo() and price saved in cache as it was resolved in issue #2115
However, i am not sure if any other change should be made along this.
To Reproduce
Affected versions: 18.0.1.0.0
Steps to reproduce the behavior:
Result:
Produce all fails with an access error when reading product_id.standard_price.
Expected behavior
Produce all on production should succeed for users without product cost access rights. The module should not block standard mrp operations.