odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[IMP] First security check. 

bzr revid: tde@openerp.com-20120329161049-9a7nqm3ij2zsjy3f
This commit is contained in:
Thibault Delavallée 2012-03-29 18:10:49 +02:00
parent 0b9a446bfa
commit 90c1ff994f
3 changed files with 81 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
addons/mail/__openerp__.py
View File

@ -62,6 +62,7 @@ The main features are:
"mail_thread_view.xml",
"mail_group_view.xml",
"res_partner_view.xml",
'security/mail_security.xml',
'security/ir.model.access.csv',
'mail_data.xml',
'res_users_view.xml',

8
addons/mail/security/ir.model.access.csv
View File

@ -1,5 +1,7 @@
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_mail_message,mail.message,model_mail_message,,1,1,1,0
access_mail_message_base,mail.message.base,model_mail_message,,1,1,1,1
access_mail_message_manager,mail.message.manager,model_mail_message,group_mail_manager,1,1,1,1
access_mail_thread,mail.thread,model_mail_thread,,1,1,1,0
access_mail_subscription,mail.subscription,model_mail_subscription,,1,0,1,0
access_mail_notification,mail.notification,model_mail_notification,,1,0,1,0
access_mail_subscription_base,mail.subscription.base,model_mail_subscription,,1,1,1,1
access_mail_notification_base,mail.notification.base,model_mail_notification,,1,1,1,1
access_mail_group_base,mail.group.base,model_mail_group,,1,1,1,1

1 id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
2 access_mail_message access_mail_message_base mail.message mail.message.base model_mail_message 1 1 1 0 1
3 access_mail_message_manager mail.message.manager model_mail_message group_mail_manager 1 1 1 1
4 access_mail_thread mail.thread model_mail_thread 1 1 1 0
5 access_mail_subscription access_mail_subscription_base mail.subscription mail.subscription.base model_mail_subscription 1 0 1 1 0 1
6 access_mail_notification access_mail_notification_base mail.notification mail.notification.base model_mail_notification 1 0 1 1 0 1
7 access_mail_group_base mail.group.base model_mail_group 1 1 1 1

75
addons/mail/security/mail_security.xml Normal file
View File

@ -0,0 +1,75 @@
<?xml version="1.0" encoding="utf-8"?>
<openerp>
<!--
<data noupdate="1">
-->
<data>
<!-- CATEGORY -->
<record model="ir.module.category" id="module_category_social">
<field name="name">Social and Sharing Tools</field>
<field name="parent_id" ref="base.module_category_tools"/>
<field name="sequence">26</field>
</record>
<!-- GROUPS -->
<record id="group_mail_manager" model="res.groups">
<field name="name">Mail manager</field>
<field name="comment"></field>
<field name="category_id" ref="module_category_social"/>
</record>
<!-- RULES -->
<record id="message_rule_personal_ud" model="ir.rule">
<field name="name">Update/Delete personal messages</field>
<field name="model_id" ref="model_mail_message"/>
<field name="domain_force">[('user_id','=',user.id)]</field>
<field name="perm_read" eval="False"/>
<field name="perm_write" eval="False"/>
</record>
<record id="message_rule_all" model="ir.rule">
<field name="name">All messages</field>
<field name="model_id" ref="model_mail_message"/>
<field name="domain_force">[(1,'=',1)]</field>
<field name="groups" eval="[(4, ref('group_mail_manager'))]"/>
</record>
<record id="notification_rule_personal" model="ir.rule">
<field name="name">Personal Notifications</field>
<field name="model_id" ref="model_mail_notification"/>
<field name="domain_force">[('user_id','=',user.id)]</field>
<field name="perm_read" eval="False"/>
<field name="perm_write" eval="False"/>
</record>
<record id="notification_rule_all" model="ir.rule">
<field name="name">All Notifications</field>
<field name="model_id" ref="model_mail_notification"/>
<field name="domain_force">[(1,'=',1)]</field>
<field name="groups" eval="[(4, ref('group_mail_manager'))]"/>
</record>
<record id="group_rule_public_and_joined" model="ir.rule">
<field name="name">Mail.group: access only public and joined groups</field>
<field name="model_id" ref="model_mail_group"/>
<!--
<field name="domain_force">['|', ('public', '=', True), ('joined', '=', True)]</field>
-->
<field name="domain_force">['|', ('public', '=', True), ('member_ids', 'in', user.id)]</field>
</record>
<record id="group_rule_delete_mygroup" model="ir.rule">
<field name="name">Mail.group: delete my groups only</field>
<field name="model_id" ref="model_mail_group"/>
<field name="domain_force">[('responsible_id', '=', user.id)]</field>
<field name="perm_read" eval="False"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
</record>
<record id="group_rule_all" model="ir.rule">
<field name="name">Mail.group: all groups</field>
<field name="model_id" ref="model_mail_group"/>
<field name="domain_force">[(1,'=',1)]</field>
<field name="groups" eval="[(4, ref('group_mail_manager'))]"/>
</record>
</data>
</openerp>