[FIX] portal: mail_message: fixed wrong condition for check_access_rule introduced at revision 9117. Added tests by the way.
bzr revid: tde@openerp.com-20130514113859-3yucygu3pkav7qbt
This commit is contained in:
parent
7c1353a1e4
commit
18ad74bef3
|
@ -48,7 +48,7 @@ class mail_message(osv.Model):
|
|||
group_ids = self.pool.get('res.users').browse(cr, uid, uid, context=context).groups_id
|
||||
group_user_id = self.pool.get("ir.model.data").get_object_reference(cr, uid, 'base', 'group_user')[1]
|
||||
if group_user_id not in [group.id for group in group_ids]:
|
||||
cr.execute('SELECT DISTINCT id FROM "%s" WHERE type = %%s AND subtype_id != NULL AND id = ANY (%%s)' % (self._table), ('comment', ids,))
|
||||
cr.execute('SELECT DISTINCT id FROM "%s" WHERE type = %%s AND subtype_id IS NULL AND id = ANY (%%s)' % (self._table), ('comment', ids,))
|
||||
if cr.fetchall():
|
||||
raise orm.except_orm(_('Access Denied'),
|
||||
_('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % \
|
||||
|
|
|
@ -150,3 +150,10 @@ class test_portal(TestMailBase):
|
|||
msg_ids = self.mail_message.search(cr, self.user_chell_id, [('model', '=', 'mail.group'), ('res_id', '=', group_port_id)])
|
||||
self.assertEqual(set(msg_ids), set([msg1_id, msg2_id, msg3_id, msg5_id]),
|
||||
'mail_message: portal user has access to messages he should not read')
|
||||
|
||||
# Do: Chell read messages she can read
|
||||
self.mail_message.read(cr, self.user_chell_id, msg_ids, ['body', 'type', 'subtype_id'])
|
||||
|
||||
# Do: Chell read a message she should not be able to read
|
||||
with self.assertRaises(except_orm):
|
||||
self.mail_message.read(cr, self.user_chell_id, [msg4_id], ['body', 'type', 'subtype_id'])
|
||||
|
|
Loading…
Reference in New Issue