[IMP] note: user_id owner field added in model, allowing to tune a bit
the access rules, notably about reading and creation. This allows by the way to remove the hack about the operation in context when subscribing users on a document. The new rules on create and read now include user_id, aka the owner of a note can always create (default value) and read its notes. Also removed an unnecessary field (current_partner_id), as it was buggy and unnecessary; view udpated accordingly. [IMP] mail: removed a hack introduced in saas-3 with the current orm operation in context to by-pass some access rules when subscribing someone on a document. bzr revid: tde@openerp.com-20140219111330-l3hw5324hvuikpjc
This commit is contained in:
parent
fbead8fab1
commit
f9993774f1
|
@ -348,11 +348,7 @@ class mail_thread(osv.AbstractModel):
|
|||
message_follower_ids = values.get('message_follower_ids') or [] # webclient can send None or False
|
||||
message_follower_ids.append([4, pid])
|
||||
values['message_follower_ids'] = message_follower_ids
|
||||
# add operation to ignore access rule checking for subscription
|
||||
context_operation = dict(context, operation='create')
|
||||
else:
|
||||
context_operation = context
|
||||
thread_id = super(mail_thread, self).create(cr, uid, values, context=context_operation)
|
||||
thread_id = super(mail_thread, self).create(cr, uid, values, context=context)
|
||||
|
||||
# automatic logging unless asked not to (mainly for various testing purpose)
|
||||
if not context.get('mail_create_nolog'):
|
||||
|
@ -1558,12 +1554,11 @@ class mail_thread(osv.AbstractModel):
|
|||
|
||||
user_pid = self.pool.get('res.users').browse(cr, uid, uid, context=context).partner_id.id
|
||||
if set(partner_ids) == set([user_pid]):
|
||||
if context.get('operation', '') != 'create':
|
||||
try:
|
||||
self.check_access_rights(cr, uid, 'read')
|
||||
self.check_access_rule(cr, uid, ids, 'read')
|
||||
except (osv.except_osv, orm.except_orm):
|
||||
return False
|
||||
try:
|
||||
self.check_access_rights(cr, uid, 'read')
|
||||
self.check_access_rule(cr, uid, ids, 'read')
|
||||
except (osv.except_osv, orm.except_orm):
|
||||
return False
|
||||
else:
|
||||
self.check_access_rights(cr, uid, 'write')
|
||||
self.check_access_rule(cr, uid, ids, 'write')
|
||||
|
|
|
@ -72,12 +72,6 @@ class note_note(osv.osv):
|
|||
def onclick_note_not_done(self, cr, uid, ids, context=None):
|
||||
return self.write(cr, uid, ids, {'open': True}, context=context)
|
||||
|
||||
#used for undisplay the follower if it's the current user
|
||||
def _get_my_current_partner(self, cr, uid, ids, name, args, context=None):
|
||||
user = self.pool.get('res.users').browse(cr, uid, uid, context=context)
|
||||
pid = user.partner_id and user.partner_id.id or False
|
||||
return dict.fromkeys(ids, pid)
|
||||
|
||||
#return the default stage for the uid user
|
||||
def _get_default_stage_id(self,cr,uid,context=None):
|
||||
ids = self.pool.get('note.stage').search(cr,uid,[('user_id','=',uid)], context=context)
|
||||
|
@ -101,6 +95,7 @@ class note_note(osv.osv):
|
|||
'name': fields.function(_get_note_first_line,
|
||||
string='Note Summary',
|
||||
type='text', store=True),
|
||||
'user_id': fields.many2one('res.users', 'Owner'),
|
||||
'memo': fields.html('Note Content'),
|
||||
'sequence': fields.integer('Sequence'),
|
||||
'stage_id': fields.function(_get_stage_per_user,
|
||||
|
@ -113,9 +108,9 @@ class note_note(osv.osv):
|
|||
'date_done': fields.date('Date done'),
|
||||
'color': fields.integer('Color Index'),
|
||||
'tag_ids' : fields.many2many('note.tag','note_tags_rel','note_id','tag_id','Tags'),
|
||||
'current_partner_id' : fields.function(_get_my_current_partner, type="many2one", relation='res.partner', string="Owner"),
|
||||
}
|
||||
_defaults = {
|
||||
'user_id': lambda self, cr, uid, ctx=None: uid,
|
||||
'open' : 1,
|
||||
'stage_id' : _get_default_stage_id,
|
||||
}
|
||||
|
|
|
@ -49,7 +49,6 @@
|
|||
<field name="open"/>
|
||||
<field name="memo"/>
|
||||
<field name="date_done"/>
|
||||
<field name="current_partner_id"/>
|
||||
<field name="message_follower_ids"/>
|
||||
<field name="tag_ids"/>
|
||||
<templates>
|
||||
|
@ -82,7 +81,7 @@
|
|||
<field name="tag_ids"/>
|
||||
<div class="oe_right">
|
||||
<t t-foreach="record.message_follower_ids.raw_value" t-as="follower">
|
||||
<img t-if="record.current_partner_id.raw_value!=follower" t-att-src="kanban_image('res.partner', 'image_small', follower)" width="24" height="24" class="oe_kanban_avatar" t-att-data-member_id="follower"/>
|
||||
<img t-att-src="kanban_image('res.partner', 'image_small', follower)" width="24" height="24" class="oe_kanban_avatar" t-att-data-member_id="follower"/>
|
||||
</t>
|
||||
</div>
|
||||
<div class="oe_clear"></div>
|
||||
|
|
|
@ -1,23 +1,30 @@
|
|||
<?xml version="1.0"?>
|
||||
<openerp>
|
||||
<data>
|
||||
<record id="note_note_rule_global" model="ir.rule">
|
||||
<field name="name">Only followers can access a sticky notes</field>
|
||||
<field ref="model_note_note" name="model_id"/>
|
||||
<field name="domain_force">[('message_follower_ids','=',user.partner_id.id)]</field>
|
||||
<field eval="True" name="global"/>
|
||||
<field eval="1" name="perm_unlink"/>
|
||||
<field eval="0" name="perm_write"/>
|
||||
<field eval="1" name="perm_read"/>
|
||||
<field eval="0" name="perm_create"/>
|
||||
</record>
|
||||
<record id="note_note_rule_global" model="ir.rule">
|
||||
<field name="name">Only followers can access a sticky notes</field>
|
||||
<field name="model_id" ref="model_note_note"/>
|
||||
<field name="domain_force">['|', ('user_id', '=', user.id), ('message_follower_ids', '=', user.partner_id.id)]</field>
|
||||
<field name="global" eval="True"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
<field name="perm_unlink" eval="False"/>
|
||||
</record>
|
||||
|
||||
<record id="note_note_create_unlink_global" model="ir.rule">
|
||||
<field name="name">note: create / unlink: responsible</field>
|
||||
<field name="model_id" ref="model_note_note"/>
|
||||
<field name="domain_force">[('user_id', '=', user.id)]</field>
|
||||
<field name="global" eval="True"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_read" eval="False"/>
|
||||
</record>
|
||||
|
||||
<record id="note_stage_rule_global" model="ir.rule">
|
||||
<field name="name">Each user have his stage name</field>
|
||||
<field name="model_id" ref="model_note_stage"/>
|
||||
<field name="domain_force">['|',('user_id','=',False),('user_id','=',user.id)]</field>
|
||||
<field name="global" eval="True"/>
|
||||
</record>
|
||||
|
||||
<record id="note_stage_rule_global" model="ir.rule">
|
||||
<field name="name">Each user have his stage name</field>
|
||||
<field ref="model_note_stage" name="model_id"/>
|
||||
<field name="domain_force">['|',('user_id','=',False),('user_id','=',user.id)]</field>
|
||||
<field eval="True" name="global"/>
|
||||
</record>
|
||||
</data>
|
||||
</openerp>
|
||||
|
||||
|
|
Loading…
Reference in New Issue