[FIX] website_blog: fixed security breach, we do not allow to read on res.partner.

Avoid doing things like this. bzr revid: tde@openerp.com-20140402093348-4a3tjuxtqcxthvqb
2014-04-02 11:33:48 +02:00 · 2014-04-02 11:33:48 +02:00 · 059508ee14
parent f48b3f52ef
commit 059508ee14
1 changed files with 0 additions and 10 deletions
--- a/addons/website_blog/security/website_blog.xml
+++ b/addons/website_blog/security/website_blog.xml
@ -9,15 +9,5 @@
            <field name="groups" eval="[(4, ref('base.group_public'))]"/>
        </record>

-        <!-- over write record rule to allow to see partner detail to anonymous user -->
-        <record model="ir.rule" id="base.res_partner_portal_public_rule">
-            <field name="name">res_partner: portal/public: read access on my commercial partner</field>
-            <field name="model_id" ref="base.model_res_partner"/>
-            <field name="domain_force">[]</field>
-            <field name="groups" eval="[(4, ref('base.group_portal')), (4, ref('base.group_public'))]"/>
-            <field name="perm_create" eval="False"/>
-            <field name="perm_unlink" eval="False"/>
-            <field name="perm_write" eval="False"/>
-        </record>
    </data>
 </openerp>