After creating an opportunity, when I click on save, it gives me this warning for some users:
"Operation prohibited by access rules, or performed on an already deleted document (Operation: read, Document type: User Modification)."
What's causing this problem?
Update: I have created a new user of admin type and I added these groups:
Sales/User,Sales/User All Leads,Survey/User,Tools/User. It gives me a warning while creating an opportunity.
I added the following groups to the new user and it's working fine: Employee, PartnerManager, Marketing/User, Accounting/Accountant, Accounting/Invoice, Accounting/Manager, Administration/Access Rights, Human Resource/Manager, Human Resource/User, Knowledge/User, Marketing/Manager, Project/Manager, Sales/Manager, Tools/Manager, trimax/AdminMeeting, Trimax/SalesExecutive, Trimax/Vertical, Trimax/SalesHead, Trimax/SalesManager, Useability/AnalyticAccounting, Useability/Extended, View, Useability/MultiCompanies, Useability/No One, Useability/Product Uos View, Useability/Product Variant, Warehouse/Manager, Warehouse/User, Tools/User, Administration/Configuration
But in already created user if I remove the above groups which give warning ,then also it shows same warning.
The solution I mentioned above was for new users,but for some existing users it was still giving problem. So I removed some unwanted groups, which I didn't needed for those users and it worked, now it does not show warning. Was the warning due to some access right overlap or something else?
Those users probably don't have access rights for the opportunity object, or some child object. Read the access rights documentation for more details.
Update: You said that you're having trouble configuring a new user. As an experiment, try adding permissions to an existing user instead of starting a brand new user. Also, check that you've configured the roles as well as the permissions, that trips me up sometimes.
Another Update: You said that removing some groups stopped the warning. It may be that you have removed all access rules from the object. If no groups are explicitly granted access to something in OpenERP, then everyone is granted access. If you really want to figure out what's going on, I suggest you read the documentation I linked to above. You can also search for the error message in the source code and see exactly what it is complaining about. I find it really helpful to run the OpenERP server in debug mode, and step through the code when I'm trying to understand some weird behaviour like this. You can also try and figure out exactly which change triggers this error by adding and removing groups until you find a single change that makes the problem happen.
Hi these is due to the access right problem .So you give the proper access right to your user(for creating the oppurtunity)
same problem here.I'm using Multi-company, I provid all permistion to the user
Related
I wrote a program that sends the following
to App: 8=FIX.4.4|9=156|35=V|34=2|49=id|52=sometime|56=id1|146=1|55=EURUSD|460=4|167=FOR|262=1|263=1|264=1|265=0|267=2|269=0|269=1|10=114|
I receive this. I get the bid and the offer as expected:
from App 8=FIX.4.4|9=217|35=W|34=4|49=id1|52=sometime|56=id|42=sometime1|55=EURUSD|262=1|268=2|269=0|270=1.12438|271=50000|269=1|270=1.12442|271=50000|10094=sometime2|10=002|
But as I request snapshot + update on full refresh, it sends back the following;
to App: 8=FIX.4.4|9=118|35=j|34=3|49=id|52=sometime|56=id1|45=2|58=Conditionally Required Field Missing (299)|372=W|380=5|10=210|
Data Dictionary of my broker is the following: DataDictionary
UseDataDictionary=Y
ValidateUserDefinedFields=N # tried with Y, same
DataDictionary=C:\Users\Documents\FIX44.xml
Any idea of what I did wrong please?
Thank you folks!
Check your counterparty's documentation for what fields they expect you to send in the MarketDataRequest (35=V) message.
In the default DataDictionary, QuoteEntryID (tag 299) doesn't belong to MarketDataRequest or in any of the repeating groups it contains. This means that your counterparty has made a DD customization and added it somewhere.
So your main mistake is that you are not looking at your counterparty's docs, and your local DD is not in sync with theirs. That latter part is not burning you here in this question, but it will burn you later. Get your DD in sync!
Back to this issue: Sure, you're adding QuoteEntryID to the message, but you're adding it to the top-level of the message body, and your counterparty probably isn't looking for it there. If you look again at the default DataDictionary, QuoteEntryID always belong to a group, so your counterparty probably wants it in in a group also. You just need to read their docs to find out which group it is.
TLDR: Counterparties always customize the DataDictionary -- always read your counterparty's docs!
In the Fogbugz UI, new comments are added to an existing case by clicking "Edit" and then entering your comment.
Is there a way of adding a comment to an existing bug via the Fogbugz API? I've been using the API in conjunction with FogbugzPy and I can't find any mention of adding comments. Retrieving the last comment, yes, but adding a new one, no.
Good old trial and error got me there in the end (aka I'm an idiot).
Adding a comment involves using cmd=edit and sEvent. With FogBugzPy, it would look something like this:
fb.edit(ixBug=145945, sEvent="New comment test")
I am trying to set my viewerProcess option to be 'Show Primary Grade' instead of 'Film' whenever my nuke is booted
However, due to the limiting information I am able to find on the net, I tried inserting the following code nuke.knobDefault("viewerProcess", "Show Primary Grade") in the init.py but I am unable to get it covered, much less not knowing if the code I have written is right or wrong.
As the Show Primary Grade is a custom plugin that my workplace is using (it is shown in this naming in the list of selection), is there any ways to check and make sure that I am writing it right?
Oh and by the way, am I able to set its script Editor to be like Maya, where whenever the user clicks on something, it will display the results in the output field?
The correct command for setting a default Viewer Process is:
nuke.knobDefault('Viewer.viewerProcess', 'Show Primary Grade')
If that's not working, be sure the name you pass is exactly as registered. To check the registered names, run this command:
nuke.ViewerProcess.registeredNames()
Which by default returns:
['None', 'sRGB', 'rec709']
Turns out that I have to write out inside the menu.py file instead of init.py file.
And for some reasons, the naming convention - 'Show Primary Grade' works despite me unable to find the pass name for it even though I am able to track down its gizmo file...
When a user is added to a group using client.AddMemberToGroup(group_id, member_id) they are not appearing in the groups UI of the cPanel they are also not reported as a member when client.RetrieveAllMembers(group_id) is run.
However, when client.RetrieveGroups(member_id) is run it does return an entry in the feed for the group in question.
How do I know for sure which is correct? Is the person in the group or not?
How can I verify without doubt whether a given user is in a group or not?
I have already submited this as an issue into the issue tracker but wondered if anyone here has any ideas?
http://code.google.com/a/google.com/p/apps-api-issues/issues/detail?id=3327
If it is a very large group, it may take some time for the full group list to be refreshed and the user to appear in it.
Try waiting 24 hours and checking the CPanel / RetrieveAllMembers() calls again.
In the meantime, you're doing things right using RetrieveGroups() to determine if the user is a member.
Update: The Google CPanel and the RetrieveAllMembers() calls will never show indirect group members but your RetrieveGroups() call has direct_only set to False meaning that indirect members are being returned. If the user's you are testing for membership are indirect members then your test results are consistent with what I would expect to see.
Can you try setting direct_only to True? If that results in RetrieveGroups() no longer returning True, then we know the issue is that the user is an indirect member.
I'm currently developing a little Python website using Pyramid.
But I don't know how to design the permission system.
The System should be very flexible: I have to establish connections between many different tables.
Instead of writing one permission table for every variant i thought to just create one table - I call it PermissionCollection:
PermissionCollection:
permissionCollectionId - PrimaryKey
onType = ENUM("USER","TEACHER","GROUP","COURSE"...)
onId = Integer
and the Permission table:
permissionId - PrimaryKey
key
value
permissionCollectionId - ForeignKey
I'll define standard PermissionCollections for every possible relationship hard-coded in sources and if a user,course,teacher... has special rights i'll create a new PermissionCollection and add the permission to it.
I'm very new to web programming, and don't know if this approach is useful. Or if something like this even exists. I think the Pyramid ACL isn't the right tool for this task, is it?
Not sure if you read about it already but pyramid does come with a really nice permission system. Authorization with ACL.
How to handle it, it really only depend of you...
You could have a ACL table
(object_id, allow/deny, who?(group, userid), permission, order)
object_id is a unique id to a record in your database
allow/deny is what this ACE is supposed to do...allow or deny access
who? is either a group, username or whatever you want for example system.everyone is everyone
permission is the permission parameter in view_config
order is one important thing order does matter
For example
__acl__ = [
(Deny, Everyone, 'view'),
(Allow, 'group:admin', 'view')
]
This sample will always deny view even for admin... As soon as pyramid find something that tells you if you can see or not see a record it automatically stop searching
__acl__ = [
(Allow, 'group:admin', 'view'),
(Deny, Everyone, 'view')
]
This will allow view for every admin but not for anyone else. That is why you have to remember the order of your ACEs.
The fun part is here actually. This is all good. You have acl mapped to a record in your data. When you load for example a page... You will have to load the acl and set them in your object.
myobject.__acl__ = load_acls(myobject)
If you have a data tree. You can even not set acls.
For example you have a site that looks like that
root
\--pages with acl
+---- page1 without acl
\---- page2 with acl
When you will access page1, it will check for acl if it can't find it, it will check for parent if parent has an acl, it will check permission for it, if it doesn't it will check for its parent until you reach root. If it can't find the permission, im not so sure what happens.. I guess it will either give you a forbidden error or predicate error. That it can't find the proper view.
That said, in order to make that work you have to make location aware object that knows their parents.
But why would you want to do all that?
You can have acl for any object and have really fine grained control on who can watch or not every object in your database. You can also put acl directly in your class object without database.
as long as your acl is in the attribute acl pyramid will be able to do something with it. It's not really important how you got it.
Check this out
http://pyramid.readthedocs.org/en/1.3-branch/tutorials/wiki/authorization.html