Discussion:
[Erp5-dev] security problem
Sebastien Robin
2005-02-08 09:20:25 UTC
Permalink
Hi All,

I have an assignee in a module. This assignee has not the right to add
portal cotent (and the acquire setting is off). But when I go to the
module logged in has the assignee, then I do have in actions 'add New
Something', and I'm able to add it. Is it a configuration problem or an
ERP5 problem ?

And also, I don't have the right to delete, copy, paste something, but
there is the delete, cut, copy, paste icons. I think it should be really
great to disable them when we don't have right to do things. Actually, I
can clic on it and then I'm logged off.


Seb.
--
Sebastien Robin, Nexedi Technical Director
Nexedi: Consulting and Development of Free / Open Source Software
http://www.nexedi.com
ERP5: Free / Open Source ERP Software for small and medium companies
http://www.erp5.org
Storever: OpenBrick, WiFi infrastructure, notebooks and servers
http://www.storever.com
Bartłomiej Górny
2005-02-08 09:36:28 UTC
Permalink
Hello

Does anybody know if there is some EU support available, for development
or localisation of open source products for business, like ERP5?

I mean, we (in Poland) are thinking about developing a Polish version
(translation, accounts etc), and since we are already in the EU perhaps
we could get some financial support.

Thx
Bartek
--
"Good evening. Tonight 'Spectrum' looks at one of the major problems in
the world today - that old vexed question of: 'what is going on'. Is
there still time to confront it, let alone solve it, or is it too late?"
Jean-Paul Smets
2005-02-08 09:42:59 UTC
Permalink
Post by Bartłomiej Górny
Hello
Does anybody know if there is some EU support available, for development
or localisation of open source products for business, like ERP5?
I mean, we (in Poland) are thinking about developing a Polish version
(translation, accounts etc), and since we are already in the EU perhaps
we could get some financial support.
Nexedi is part of EDOS EU project (a project related to QA in open source).
The time between applying a projet and getting the cash is between 1 and 2
years. I let you draw all the conclusions you want from that.... (I can not
write it here).

So, if you want a polish version quickly, it is better and cheaper not to
wait for the EU support. If you want to apply for the EU support for a
polish version, maybe you will get it and very likely, the polish support
will be made by someone else by the time the EU cash comes in.

This is why EU support is usually better suited for long term R&D.

JPS.
Post by Bartłomiej Górny
Thx
Bartek
--
Jean-Paul Smets-Solanes, Nexedi CEO - Tel. +33(0)6 62 05 76 14
Nexedi: Consulting and Development of Libre / Open Source Software
http://www.nexedi.com
ERP5: Libre/ Open Source ERP Software for small and medium companies
http://www.erp5.org
Rentalinux: VPN/WiFi infrastructure, Desktop Linux Server
http://www.rentalinux.com
Bartłomiej Górny
2005-02-08 11:07:12 UTC
Permalink
Thanks, pal - that may save us a lot of time and effort :)

Bartek
Post by Jean-Paul Smets
Post by Bartłomiej Górny
Hello
Does anybody know if there is some EU support available, for development
or localisation of open source products for business, like ERP5?
I mean, we (in Poland) are thinking about developing a Polish version
(translation, accounts etc), and since we are already in the EU perhaps
we could get some financial support.
Nexedi is part of EDOS EU project (a project related to QA in open source).
The time between applying a projet and getting the cash is between 1 and 2
years. I let you draw all the conclusions you want from that.... (I can not
write it here).
So, if you want a polish version quickly, it is better and cheaper not to
wait for the EU support. If you want to apply for the EU support for a
polish version, maybe you will get it and very likely, the polish support
will be made by someone else by the time the EU cash comes in.
This is why EU support is usually better suited for long term R&D.
JPS.
Post by Bartłomiej Górny
Thx
Bartek
--
"Good evening. Tonight 'Spectrum' looks at one of the major problems in
the world today - that old vexed question of: 'what is going on'. Is
there still time to confront it, let alone solve it, or is it too late?"
Yoshinori Okuji
2005-02-08 10:02:52 UTC
Permalink
Post by Sebastien Robin
I have an assignee in a module. This assignee has not the right to
add portal cotent (and the acquire setting is off). But when I go to
the module logged in has the assignee, then I do have in actions 'add
New Something', and I'm able to add it. Is it a configuration problem
or an ERP5 problem ?
Are you sure that the account you used for this assignee does not have
any other role? For example, if the account is a Manager (in the ERP5
Site or in the whole Zope), this user can do anything. I think this is
a typical error. If not, I have no idea. I can look at it tomorrow, if
necessary.
Post by Sebastien Robin
And also, I don't have the right to delete, copy, paste something,
but there is the delete, cut, copy, paste icons. I think it should
be really great to disable them when we don't have right to do
things. Actually, I can clic on it and then I'm logged off.
I agree. Do you want to implement it? ;)

YO
--
Yoshinori Okuji, Nexedi Research Director
Nexedi: Consulting and Development of Free / Open Source Software
http://www.nexedi.com
ERP5: Free / Open Source ERP Software for small and medium companies
http://www.erp5.org
Storever: OpenBrick, WiFi infrastructure, notebooks and servers
http://www.storever.com
Loading...