[FIX] [CLEAN] mail: fixed some access rules issues; removed now unused files.

bzr revid: tde@openerp.com-20121211143301-b52ji02vynvgo3m9
2012-12-11 15:33:01 +01:00 · 2012-12-11 15:33:01 +01:00 · 45e1682327
parent 3005251333
commit 45e1682327
12 changed files with 32 additions and 151 deletions
--- a/addons/mail/init.py
+++ b/addons/mail/init.py
@ -22,8 +22,6 @@
 import mail_message_subtype
 import mail_alias
 import mail_followers
-import mail_vote
-import mail_favorite
 import mail_message
 import mail_mail
 import mail_thread
--- a/addons/mail/openerp.py
+++ b/addons/mail/openerp.py
@ -54,7 +54,6 @@ Main Features
        'mail_message_view.xml',
        'mail_mail_view.xml',
        'mail_followers_view.xml',
-        'mail_favorite_view.xml',
        'mail_thread_view.xml',
        'mail_group_view.xml',
        'res_partner_view.xml',
--- a/addons/mail/mail_favorite.py
+++ b/addons/mail/mail_favorite.py
@ -1,39 +0,0 @@
-# -*- coding: utf-8 -*-
-##############################################################################
-#
-#    OpenERP, Open Source Management Solution
-#    Copyright (C) 2012-Today OpenERP SA (<http://www.openerp.com>).
-#
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU Affero General Public License as
-#    published by the Free Software Foundation, either version 3 of the
-#    License, or (at your option) any later version
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU Affero General Public License for more details
-#
-#    You should have received a copy of the GNU Affero General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>
-#
-##############################################################################
-
-from osv import osv, fields
-
-
-class mail_favorite(osv.Model):
-    ''' Favorite model: relationship table between messages and users. A favorite
-        message is a message the user wants to see in a specific 'Favorite'
-        mailbox, like a starred mechanism. '''
-
-    _name = 'mail.favorite'
-    _description = 'Favorite messages'
-    _columns = {
-            'message_id': fields.many2one('mail.message', 'Message', select=1,
-                ondelete='cascade', required=True),
-            'user_id': fields.many2one('res.users', 'User', select=1,
-                ondelete='cascade', required=True),
-        }
-
-# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
--- a/addons/mail/mail_favorite_view.xml
+++ b/addons/mail/mail_favorite_view.xml
@ -1,44 +0,0 @@
-<?xml version="1.0"?>
-<openerp>
-    <data>
-
-        <!--  FOLLOWERS !-->
-        <record model="ir.ui.view" id="view_mail_favorite_tree">
-            <field name="name">mail.favorite.tree</field>
-            <field name="model">mail.favorite</field>
-            <field name="arch" type="xml">
-                <tree string="Favorites">
-                    <field name="user_id"/>
-                    <field name="message_id"/>
-                </tree>
-            </field>
-        </record>
-
-        <record model="ir.ui.view" id="view_mail_favorite_form">
-            <field name="name">mail.favorite.form</field>
-            <field name="model">mail.favorite</field>
-            <field name="arch" type="xml">
-                <form string="Favorite Form" version="7.0">
-                    <sheet>
-                        <group>
-                            <field name="user_id"/>
-                            <field name="message_id"/>
-                        </group>
-                    </sheet>
-                </form>
-            </field>
-        </record>
-
-        <record id="action_view_favorites" model="ir.actions.act_window">
-            <field name="name">Favorites</field>
-            <field name="res_model">mail.favorite</field>
-            <field name="view_type">form</field>
-            <field name="view_mode">tree,form</field>
-        </record>
-
-        <!-- Add favorites related menu entries in Settings/Email -->
-        <menuitem name="Favorites" id="menu_email_favorites" parent="base.menu_email"
-                    action="action_view_favorites" sequence="40" groups="base.group_no_one"/>
-
-    </data>
-</openerp>
--- a/addons/mail/mail_followers.py
+++ b/addons/mail/mail_followers.py
@ -19,9 +19,9 @@
 #
 ##############################################################################

-from osv import osv
-from osv import fields
-import tools
+from openerp import SUPERUSER_ID
+from openerp.osv import osv, fields
+from openerp import tools


 class mail_followers(osv.Model):
@ -120,8 +120,7 @@ class mail_notification(osv.Model):
        # mail_noemail (do not send email) or no partner_ids: do not send, return
        if context.get('mail_noemail'):
            return True
-        msg = self.pool.get('mail.message').browse(cr, uid, msg_id, context=context)
-
+        msg = self.pool.get('mail.message').browse(cr, SUPERUSER_ID, msg_id, context=context)
        notify_partner_ids = self.get_partners_to_notify(cr, uid, msg, context=context)
        if not notify_partner_ids:
            return True
--- a/addons/mail/mail_group_menu.py
+++ b/addons/mail/mail_group_menu.py
@ -47,7 +47,8 @@ class ir_ui_menu(osv.osv):
        for menu in self.browse(cr, uid, ids, context=context):
            if menu.mail_group_id:
                sub_ids = follower_obj.search(cr, SUPERUSER_ID, [
-                    ('partner_id', '=', partner_id), ('res_model', '=', 'mail.group'),
+                    ('partner_id', '=', partner_id),
+                    ('res_model', '=', 'mail.group'),
                    ('res_id', '=', menu.mail_group_id.id)
                    ], context=context)
                if not sub_ids:
--- a/addons/mail/mail_mail.py
+++ b/addons/mail/mail_mail.py
@ -63,7 +63,7 @@ class mail_mail(osv.Model):
    }

    def _get_default_from(self, cr, uid, context=None):
-        this = self.pool.get('res.users').browse(cr, uid, uid, context=context)
+        this = self.pool.get('res.users').browse(cr, SUPERUSER_ID, uid, context=context)
        if this.alias_domain:
            return '%s@%s' % (this.alias_name, this.alias_domain)
        elif this.email:
@ -205,7 +205,7 @@ class mail_mail(osv.Model):
                # specific behavior to customize the send email for notified partners
                email_list = []
                if recipient_ids:
-                    for partner in self.pool.get('res.partner').browse(cr, uid, recipient_ids, context=context):
+                    for partner in self.pool.get('res.partner').browse(cr, SUPERUSER_ID, recipient_ids, context=context):
                        email_list.append(self.send_get_email_dict(cr, uid, mail, partner=partner, context=context))
                else:
                    email_list.append(self.send_get_email_dict(cr, uid, mail, context=context))
--- a/addons/mail/mail_message.py
+++ b/addons/mail/mail_message.py
@ -598,6 +598,7 @@ class mail_message(osv.Model):
                - uid have write access on the related document if model, res_id, OR
                - otherwise: raise
            - write: if
+                - author_id == pid, uid is the author, OR
                - uid has write access on the related document if model, res_id
                - Otherwise: raise
            - unlink: if
@ -620,7 +621,7 @@ class mail_message(osv.Model):
                model_record_ids.setdefault(rmod, dict()).setdefault(rid, set()).add(id)

        # Author condition, for read and create (private message) -> could become an ir.rule, but not till we do not have a many2one variable field
-        if operation == 'read':
+        if operation == 'read' or operation == 'write':
            author_ids = [mid for mid, message in message_values.iteritems()
                if message.get('author_id') and message.get('author_id') == partner_id]
        elif operation == 'create':
@ -690,7 +691,7 @@ class mail_message(osv.Model):
        elif not values.get('message_id'):
            values['message_id'] = tools.generate_tracking_message_id('private')
        newid = super(mail_message, self).create(cr, uid, values, context)
-        self._notify(cr, SUPERUSER_ID, newid, context=context)
+        self._notify(cr, uid, newid, context=context)
        # TDE FIXME: handle default_starred. Why not setting an inv on starred ?
        # Because starred will call set_message_starred, that looks for notifications.
        # When creating a new mail_message, it will create a notification to a message
@ -808,6 +809,7 @@ class mail_message(osv.Model):
        """ Add the related record followers to the destination partner_ids if is not a private message.
            Call mail_notification.notify to manage the email sending
        """
+        notification_obj = self.pool.get('mail.notification')
        message = self.browse(cr, uid, newid, context=context)

        partners_to_notify = set([])
@ -820,12 +822,12 @@ class mail_message(osv.Model):
        # all followers of the mail.message document have to be added as partners and notified
        if message.model and message.res_id:
            fol_obj = self.pool.get("mail.followers")
-            fol_ids = fol_obj.search(cr, uid, [
+            fol_ids = fol_obj.search(cr, SUPERUSER_ID, [
                ('res_model', '=', message.model),
                ('res_id', '=', message.res_id),
                ('subtype_ids', 'in', message.subtype_id.id)
                ], context=context)
-            partners_to_notify |= set(fo.partner_id for fo in fol_obj.browse(cr, uid, fol_ids, context=context))
+            partners_to_notify |= set(fo.partner_id for fo in fol_obj.browse(cr, SUPERUSER_ID, fol_ids, context=context))
        # remove me from notified partners, unless the message is written on my own wall
        if message.author_id and message.model == "res.partner" and message.res_id == message.author_id.id:
            partners_to_notify |= set([message.author_id])
@ -835,7 +837,6 @@ class mail_message(osv.Model):
        if partners_to_notify:
            self.write(cr, SUPERUSER_ID, [newid], {'notified_partner_ids': [(4, p.id) for p in partners_to_notify]}, context=context)

-        notification_obj = self.pool.get('mail.notification')
        notification_obj._notify(cr, uid, newid, context=context)

        # An error appear when a user receive a notify to a message without notify to his parent message.
@ -852,7 +853,6 @@ class mail_message(osv.Model):
                        'read': True,
                    }, context=context)

-
    #------------------------------------------------------
    # Tools
    #------------------------------------------------------
--- a/addons/mail/mail_vote.py
+++ b/addons/mail/mail_vote.py
@ -1,39 +0,0 @@
-# -*- coding: utf-8 -*-
-##############################################################################
-#
-#    OpenERP, Open Source Management Solution
-#    Copyright (C) 2012-Today OpenERP SA (<http://www.openerp.com>).
-#
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU Affero General Public License as
-#    published by the Free Software Foundation, either version 3 of the
-#    License, or (at your option) any later version
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU Affero General Public License for more details
-#
-#    You should have received a copy of the GNU Affero General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>
-#
-##############################################################################
-
-from osv import osv, fields
-
-
-class mail_vote(osv.Model):
-    ''' Mail vote feature allow users to like and unlike messages attached
-        to a document. This allows for example to build a ranking-based
-        displaying of messages, for FAQ. '''
-
-    _name = 'mail.vote'
-    _description = 'Mail Vote'
-    _columns = {
-            'message_id': fields.many2one('mail.message', 'Message', select=1,
-                ondelete='cascade', required=True),
-            'user_id': fields.many2one('res.users', 'User', select=1,
-                ondelete='cascade', required=True),
-        }
-
-# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
--- a/addons/mail/res_users.py
+++ b/addons/mail/res_users.py
@ -34,24 +34,27 @@ class res_users(osv.Model):
    _inherits = {'mail.alias': 'alias_id'}

    _columns = {
-        'alias_id': fields.many2one('mail.alias', 'Alias', ondelete="cascade", required=True, 
+        'alias_id': fields.many2one('mail.alias', 'Alias', ondelete="cascade", required=True,
            help="Email address internally associated with this user. Incoming "\
                 "emails will appear in the user's notifications."),
    }
-    
+
    _defaults = {
-        'alias_domain': False, # always hide alias during creation
+        'alias_domain': False,  # always hide alias during creation
    }

    def __init__(self, pool, cr):
        """ Override of __init__ to add access rights on notification_email_send
-            field. Access rights are disabled by default, but allowed on
-            fields defined in self.SELF_WRITEABLE_FIELDS.
+            and alias fields. Access rights are disabled by default, but allowed
+            on some specific fields defined in self.SELF_{READ/WRITE}ABLE_FIELDS.
        """
        init_res = super(res_users, self).__init__(pool, cr)
        # duplicate list to avoid modifying the original reference
        self.SELF_WRITEABLE_FIELDS = list(self.SELF_WRITEABLE_FIELDS)
        self.SELF_WRITEABLE_FIELDS.append('notification_email_send')
+        # duplicate list to avoid modifying the original reference
+        self.SELF_READABLE_FIELDS = list(self.SELF_READABLE_FIELDS)
+        self.SELF_READABLE_FIELDS.extend(['notification_email_send', 'alias_domain', 'alias_name'])
        return init_res

    def _auto_init(self, cr, context=None):
--- a/addons/mail/security/ir.model.access.csv
+++ b/addons/mail/security/ir.model.access.csv
@ -1,13 +1,14 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
-access_mail_message_all,mail.message.all,model_mail_message,,1,0,1,0
-access_mail_message_group_user,mail.message.group.user,model_mail_message,base.group_user,1,1,1,1
-access_mail_mail_all,mail.mail.all,model_mail_mail,,0,0,1,0
-access_mail_mail_user,mail.mail,model_mail_mail,base.group_user,1,1,1,0
+access_mail_message_all,mail.message.all,model_mail_message,,1,1,1,0
+access_mail_message_user,mail.message.user,model_mail_message,base.group_user,1,1,1,1
+access_mail_mail_all,mail.mail.all,model_mail_mail,,1,1,1,0
+access_mail_mail_user,mail.mail.user,model_mail_mail,base.group_user,1,1,1,0
 access_mail_mail_system,mail.mail.system,model_mail_mail,base.group_system,1,1,1,1
 access_mail_followers_all,mail.followers.all,model_mail_followers,,1,0,0,0
+access_mail_followers_user,mail.followers.user,model_mail_followers,base.group_user,1,1,0,0
 access_mail_followers_system,mail.followers.system,model_mail_followers,base.group_system,1,1,1,1
 access_mail_notification_all,mail.notification.all,model_mail_notification,,1,0,0,0
-access_mail_notification_group_user,mail.notification.user,model_mail_notification,base.group_user,1,1,1,0
+access_mail_notification_user,mail.notification.user,model_mail_notification,base.group_user,1,1,1,0
 access_mail_notification_system,mail.notification.system,model_mail_notification,base.group_system,1,1,1,1
 access_mail_group_all,mail.group.all,model_mail_group,,1,0,0,0
 access_mail_group_user,mail.group.user,model_mail_group,base.group_user,1,1,1,1
@ -15,7 +16,6 @@ access_mail_alias_all,mail.alias.all,model_mail_alias,,1,0,0,0
 access_mail_alias_user,mail.alias.user,model_mail_alias,base.group_user,1,1,1,0
 access_mail_alias_system,mail.alias.system,model_mail_alias,base.group_system,1,1,1,1
 access_mail_message_subtype_all,mail.message.subtype.all,model_mail_message_subtype,,1,0,0,0
-access_mail_vote_all,mail.vote.all,model_mail_vote,,1,1,1,1
-access_mail_favorite_all,mail.favorite.all,model_mail_favorite,,1,1,1,1
+access_mail_message_subtype_system,mail.message.subtype.system,model_mail_message_subtype,base.group_system,1,1,1,1
 access_mail_thread_all,mail.thread.all,model_mail_thread,,1,1,1,1
 access_publisher_warranty_contract_all,publisher.warranty.contract.all,model_publisher_warranty_contract,,1,1,1,1
--- a/addons/mail/wizard/invite.py
+++ b/addons/mail/wizard/invite.py
@ -73,12 +73,15 @@ class invite_wizard(osv.osv_memory):
            if wizard.message:
                for follower_id in new_follower_ids:
                    mail_mail = self.pool.get('mail.mail')
+                    # the invite wizard should create a private message not related to any object -> no model, no res_id
                    mail_id = mail_mail.create(cr, uid, {
                        'model': wizard.res_model,
                        'res_id': wizard.res_id,
                        'subject': 'Invitation to follow %s' % document.name_get()[0][1],
                        'body_html': '%s' % wizard.message,
                        'auto_delete': True,
+                        'res_id': False,
+                        'model': False,
                        }, context=context)
                    mail_mail.send(cr, uid, [mail_id], recipient_ids=[follower_id], context=context)
        return {'type': 'ir.actions.act_window_close'}