[FIX] actually fix lp:118211 by adding an explicit call to check_access_rule
bzr revid: alexandre.fayolle@camptocamp.com-20130522151216-6cz0kb6abwwr5zsv
This commit is contained in:
parent
0e3d497beb
commit
1658325f39
|
@ -409,12 +409,22 @@ class mrp_production(osv.osv):
|
|||
return result
|
||||
|
||||
def _src_id_default(self, cr, uid, ids, context=None):
|
||||
src_location_id = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_stock', context=context)
|
||||
return src_location_id.id
|
||||
try:
|
||||
src_location = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_stock', context=context)
|
||||
src_location.check_access_rule('read', context=context)
|
||||
except (orm.except_orm, ValueError):
|
||||
# no read access
|
||||
return False
|
||||
return src_location.id
|
||||
|
||||
def _dest_id_default(self, cr, uid, ids, context=None):
|
||||
dest_location_id = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_stock', context=context)
|
||||
return dest_location_id.id
|
||||
try:
|
||||
dest_location = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_stock', context=context)
|
||||
dest_location.check_access_rule('read', context=context)
|
||||
except (orm.except_orm, ValueError):
|
||||
# no read access
|
||||
return False
|
||||
return dest_location.id
|
||||
|
||||
_columns = {
|
||||
'name': fields.char('Reference', size=64, required=True, readonly=True, states={'draft': [('readonly', False)]}),
|
||||
|
|
|
@ -1701,7 +1701,9 @@ class stock_move(osv.osv):
|
|||
location_xml_id = 'stock_location_customers'
|
||||
if location_xml_id:
|
||||
try:
|
||||
location_id = mod_obj.get_object(cr, uid, 'stock', location_xml_id).id
|
||||
location = mod_obj.get_object(cr, uid, 'stock', location_xml_id, context=context)
|
||||
location.check_access_rule('read', context=context)
|
||||
location_id = location.id
|
||||
except (orm.except_orm, ValueError):
|
||||
# likely the user does not have read access on the location
|
||||
location_id = False
|
||||
|
@ -1734,7 +1736,9 @@ class stock_move(osv.osv):
|
|||
location_xml_id = 'stock_location_stock'
|
||||
if location_xml_id:
|
||||
try:
|
||||
location_id = mod_obj.get_object(cr, uid, 'stock', location_xml_id).id
|
||||
location = mod_obj.get_object(cr, uid, 'stock', location_xml_id)
|
||||
location.check_access_rule('read', context=context)
|
||||
location_id = location.id
|
||||
except (orm.except_orm, ValueError):
|
||||
# likely the user does not have read access on the location
|
||||
location_id = False
|
||||
|
@ -1956,12 +1960,16 @@ class stock_move(osv.osv):
|
|||
location_source_id = 'stock_location_stock'
|
||||
location_dest_id = 'stock_location_customers'
|
||||
try:
|
||||
source_location_id = mod_obj.get_object(cr, uid, 'stock', location_source_id).id
|
||||
location = mod_obj.get_object(cr, uid, 'stock', location_source_id)
|
||||
location.check_access_rule('read', context=context)
|
||||
source_location_id = location.id
|
||||
except (orm.except_orm, ValueError):
|
||||
# likely the user does not have read access on the location
|
||||
source_location_id = False
|
||||
try:
|
||||
dest_location_id = mod_obj.get_object(cr, uid, 'stock', location_dest_id).id
|
||||
location = mod_obj.get_object(cr, uid, 'stock', location_dest_id)
|
||||
location.check_access_rule('read', context=context)
|
||||
dest_location_id = location.id
|
||||
except (orm.except_orm, ValueError):
|
||||
# likely the user does not have read access on the location
|
||||
dest_location_id = False
|
||||
|
@ -2900,7 +2908,9 @@ class stock_inventory_line(osv.osv):
|
|||
|
||||
def _default_stock_location(self, cr, uid, context=None):
|
||||
try:
|
||||
stock_location_id = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_stock').id
|
||||
location = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_stock')
|
||||
location.check_access_rule('read', context=context)
|
||||
stock_location_id = location.id
|
||||
except (ValueError, orm.except_orm):
|
||||
# likely the user does not have read access on the location
|
||||
stock_location_id = False
|
||||
|
@ -2944,7 +2954,9 @@ class stock_warehouse(osv.osv):
|
|||
|
||||
def _default_lot_input_stock_id(self, cr, uid, context=None):
|
||||
try:
|
||||
lot_input_stock_id = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_stock').id
|
||||
lot_input_stock = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_stock')
|
||||
lot_input_stock.check_access_rule('read', context=context)
|
||||
lot_input_stock_id = lot_input_stock.id
|
||||
except (ValueError, orm.except_orm):
|
||||
# likely the user does not have read access on the location
|
||||
lot_input_stock_id = False
|
||||
|
@ -2952,7 +2964,9 @@ class stock_warehouse(osv.osv):
|
|||
|
||||
def _default_lot_output_id(self, cr, uid, context=None):
|
||||
try:
|
||||
lot_output_id = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_output').id
|
||||
lot_output = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_output')
|
||||
lot_output.check_access_rule('read', context=context)
|
||||
lot_output_id = lot_output.id
|
||||
except (ValueError, orm.except_orm):
|
||||
# likely the user does not have read access on the location
|
||||
lot_output_id = False
|
||||
|
|
|
@ -28,7 +28,9 @@ class stock_fill_inventory(osv.osv_memory):
|
|||
|
||||
def _default_location(self, cr, uid, ids, context=None):
|
||||
try:
|
||||
location_id = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_stock').id
|
||||
location = self.pool.get('ir.model.data').get_object(cr, uid, 'stock', 'stock_location_stock')
|
||||
location.check_access_rule('read', context=context)
|
||||
location_id = location.id
|
||||
except ValueError, e:
|
||||
return False
|
||||
return location_id or False
|
||||
|
|
Loading…
Reference in New Issue