[FIX] mail: re-apply security fix correctly from 9812 revid:mat@openerp.com-20140206121438-epghqo042ync24v5 of 7.0 branch
bzr revid: dle@openerp.com-20140206170829-918bxb88qh415w9e
This commit is contained in:
parent
8e4279835b
commit
15c105d95f
|
@ -1506,15 +1506,14 @@ class mail_thread(osv.AbstractModel):
|
|||
|
||||
user_pid = self.pool.get('res.users').browse(cr, uid, uid, context=context).partner_id.id
|
||||
if set(partner_ids) == set([user_pid]):
|
||||
if context.get('operation', '') != 'create':
|
||||
try:
|
||||
self.check_access_rights(cr, uid, 'read')
|
||||
if context.get('operation', '') == 'create':
|
||||
self.check_access_rule(cr, uid, ids, 'create')
|
||||
else:
|
||||
self.check_access_rule(cr, uid, ids, 'read')
|
||||
except (osv.except_osv, orm.except_orm):
|
||||
return False
|
||||
try:
|
||||
self.check_access_rights(cr, uid, 'read')
|
||||
if context.get('operation', '') == 'create':
|
||||
self.check_access_rule(cr, uid, ids, 'create')
|
||||
else:
|
||||
self.check_access_rule(cr, uid, ids, 'read')
|
||||
except (osv.except_osv, orm.except_orm):
|
||||
return False
|
||||
else:
|
||||
self.check_access_rights(cr, uid, 'write')
|
||||
self.check_access_rule(cr, uid, ids, 'write')
|
||||
|
|
Loading…
Reference in New Issue