From 0110522b68191ed7ab5c44e2714e3aac011d145e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thibault=20Delavall=C3=A9e?= <tde@openerp.com>
Date: Mon, 15 Apr 2013 17:01:07 +0200
Subject: [PATCH] [FIX] project_issue, project_phase: fixed access rights on
 anonymous.

bzr revid: tde@openerp.com-20130415150107-0vny927te0m1ylsi
---
 .../security/ir.model.access.csv              |  1 +
 .../security/portal_security.xml              |  7 ++++++
 .../tests/test_access_rights.py               |  7 +++---
 .../security/ir.model.access.csv              |  1 +
 .../security/portal_security.xml              | 24 +++++++++++++------
 5 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/addons/portal_project_issue/security/ir.model.access.csv b/addons/portal_project_issue/security/ir.model.access.csv
index 80a38366b51..7355f7a9b1d 100644
--- a/addons/portal_project_issue/security/ir.model.access.csv
+++ b/addons/portal_project_issue/security/ir.model.access.csv
@@ -1,3 +1,4 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
 access_issues,project_issue,project_issue.model_project_issue,portal.group_portal,1,0,0,0
 access_case_section,crm_case_section,crm.model_crm_case_section,portal.group_portal,1,0,0,0
+access_issues_anonymous,project_issue,project_issue.model_project_issue,portal.group_anonymous,1,0,0,0
\ No newline at end of file
diff --git a/addons/portal_project_issue/security/portal_security.xml b/addons/portal_project_issue/security/portal_security.xml
index 472c82e4705..f6cd8d89be7 100644
--- a/addons/portal_project_issue/security/portal_security.xml
+++ b/addons/portal_project_issue/security/portal_security.xml
@@ -28,5 +28,12 @@
                                         ]</field>
         </record>
 
+        <record model="ir.rule" id="issue_anonymous_rule">
+            <field name="name">Project/Issue: anonymous users: public only</field>
+            <field name="model_id" ref="project_issue.model_project_issue"/>
+            <field name="domain_force">[('project_id.privacy_visibility', '=', 'public')]</field>
+            <field name="groups" eval="[(4, ref('portal.group_anonymous'))]"/>
+        </record>
+
     </data>
 </openerp>
diff --git a/addons/portal_project_issue/tests/test_access_rights.py b/addons/portal_project_issue/tests/test_access_rights.py
index ef0cc62d4b8..28d337a4965 100644
--- a/addons/portal_project_issue/tests/test_access_rights.py
+++ b/addons/portal_project_issue/tests/test_access_rights.py
@@ -96,9 +96,10 @@ class TestPortalIssueProject(TestPortalProject):
             cr, self.user_chell_id, issue_ids, {'description': 'TestDescription'})
 
         # Do: Donovan reads project -> ok (anonymous ok public)
-        # Test: no project issue visible (no read on project.issue)
-        self.assertRaises(except_orm, self.project_issue.search,
-            cr, self.user_donovan_id, [('project_id', '=', pigs_id)])
+        # Test: all project issues visible
+        issue_ids = self.project_issue.search(cr, self.user_donovan_id, [('project_id', '=', pigs_id)])
+        self.assertEqual(set(issue_ids), test_issue_ids,
+                        'access rights: project user cannot see all issues of a public project')
 
         # ----------------------------------------
         # CASE2: portal project
diff --git a/addons/portal_project_long_term/security/ir.model.access.csv b/addons/portal_project_long_term/security/ir.model.access.csv
index 738c264a71c..efbc4fc2418 100644
--- a/addons/portal_project_long_term/security/ir.model.access.csv
+++ b/addons/portal_project_long_term/security/ir.model.access.csv
@@ -1,2 +1,3 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
 access_issues,project_phase,project_long_term.model_project_phase,portal.group_portal,1,0,0,0
+access_issues_anonymous,project_phase_anonymous,project_long_term.model_project_phase,portal.group_anonymous,1,0,0,0
diff --git a/addons/portal_project_long_term/security/portal_security.xml b/addons/portal_project_long_term/security/portal_security.xml
index b46d277e4ee..eab70ebe734 100644
--- a/addons/portal_project_long_term/security/portal_security.xml
+++ b/addons/portal_project_long_term/security/portal_security.xml
@@ -3,14 +3,24 @@
     <data>
 
         <record id="portal_project_long_term_rule" model="ir.rule">
-            <field name="name">Portal Personal Long term project</field>
-            <field ref="project_long_term.model_project_phase" name="model_id"/>
-            <field name="domain_force">['|',('project_id.message_follower_ids','in', [user.partner_id.id]),('task_ids.message_follower_ids','in', [user.partner_id.id])]</field>
+            <field name="name">Project/Phase: portal users: public or portal and following</field>
+            <field name="model_id" ref="project_long_term.model_project_phase"/>
+            <field name="domain_force">['|',
+                                            ('project_id.privacy_visibility', '=', 'public'),
+                                            '&amp;',
+                                                ('project_id.privacy_visibility', 'in', ['portal', 'followers']),
+                                                '|',
+                                                    ('message_follower_ids','in', [user.partner_id.id]),
+                                                    ('user_id', '=', user.id),
+                                        ]</field>
             <field name="groups" eval="[(4, ref('portal.group_portal'))]"/>
-            <field eval="1" name="perm_unlink"/>
-            <field eval="1" name="perm_write"/>
-            <field eval="1" name="perm_read"/>
-            <field eval="0" name="perm_create"/>
+        </record>
+
+        <record model="ir.rule" id="project_phase_anonymous_rule">
+            <field name="name">Project/Phase: anonymous users: public only</field>
+            <field name="model_id" ref="project_long_term.model_project_phase"/>
+            <field name="domain_force">[('project_id.privacy_visibility', '=', 'public')]</field>
+            <field name="groups" eval="[(4, ref('portal.group_anonymous'))]"/>
         </record>
 
     </data>