Menu Level security In OpenERP V7
Many of our customer reported a security issue in OpenERP through web browser. If we copy a Url from Admin, and login as another user, where that menu restricted, the restricted user will be able access that pages and work on it. This is an OpenERP issues, where the menus are only “hidden” and not “restricted” to users. This can be a security issue if the pages are registred in search engines or If someone who is expert in OpenERP access the data.
Our OpenERP V7 "web_menu_security" module restricts all the menus from user who have no permission to access that. The attempt will redirect the user to home page. You can use this module, without any configuration in the database.
| Attachment | Size |
|---|---|
| web_menu_security.zip | 3.84 KB |
Great work; Still a user can
Great work;
Still a user can modify the ids in the url: for exemple an employee can view all the employees in the company via changing the id:
localhost:xxxx/?db=test#id=1&view_type=form&model=hr.employee&action=156
I have save in addons folder
I have save in addons folder & ticke technical feature box in user ,& i gad many time update amodule list , but not shown in module list
This module seems not
This module seems not working. It causes blanks after I install it.
Hi Frank, We checked and
Hi Frank,
We checked and didn't found any issue. Could you please logout first and then login again.