[FIX] website_blog: fixed security breach, we do not allow to read on res.partner.
Avoid doing things like this. bzr revid: tde@openerp.com-20140402093348-4a3tjuxtqcxthvqb
This commit is contained in:
parent
f48b3f52ef
commit
059508ee14
|
@ -9,15 +9,5 @@
|
|||
<field name="groups" eval="[(4, ref('base.group_public'))]"/>
|
||||
</record>
|
||||
|
||||
<!-- over write record rule to allow to see partner detail to anonymous user -->
|
||||
<record model="ir.rule" id="base.res_partner_portal_public_rule">
|
||||
<field name="name">res_partner: portal/public: read access on my commercial partner</field>
|
||||
<field name="model_id" ref="base.model_res_partner"/>
|
||||
<field name="domain_force">[]</field>
|
||||
<field name="groups" eval="[(4, ref('base.group_portal')), (4, ref('base.group_public'))]"/>
|
||||
<field name="perm_create" eval="False"/>
|
||||
<field name="perm_unlink" eval="False"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
</record>
|
||||
</data>
|
||||
</openerp>
|
||||
|
|
Loading…
Reference in New Issue