1. Mailing Lists
  2. Contributors
  3. dms security issues solved

Contributors mailing list archives

contributors@odoo-community.org

Browse archives

Planned disruption of OCA services on April 7th

Migrations scripts from MuK DMS to OCA DMS

Avatar

dms security issues solved

by
Mohamed Alkobrosly
- 25/03/2025 06:55:36
Dear OCA community, recently we have been migrating DMS module from 17.0 to 18.0.

While migration we encountered some security critical issues.
We found that some people have raised them in:

https://github.com/OCA/dms/issues/381
https://github.com/OCA/dms/issues/386

I was interested to assign each portal user access to only their related files and by default related directories only.

Now we could solve the security issue in 18.0 but I guess if some members here are annoyed from these issues in older versions like 17.0 and 18.0 I left the commit of the solution in that PR:

https://github.com/OCA/dms/pull/385

here is the commit of the solution:

8db593b4bcb94f772576f7fec33f6c1837bd610f

In brief as portal users can access only their related sales order and invoices, they access only their related files.

Only we have to assign any user as a follower to the file in its mixin in form view and those users whether they are internal or portal will access only the files they are following.

I am waiting for your reviews on our migration, and I am pleased to have the fix merged in older versions too.

Best Regards...

Follow-Ups