Access Rights

bzr revid: fp@tinyerp.com-20080824150323-c7s9kwv4mjlumpz2
2008-08-24 17:03:23 +02:00 · 2008-08-24 17:03:23 +02:00 · 2bd9ce97ac
parent 734fa42184
commit 2bd9ce97ac
1 changed files with 3 additions and 2 deletions
--- a/bin/addons/base/ir/ir_model.py
+++ b/bin/addons/base/ir/ir_model.py
@ -189,7 +189,7 @@ class ir_model_access(osv.osv):
    def check(self, cr, uid, model_name, mode='read',raise_exception=True):
        assert mode in ['read','write','create','unlink'], 'Invalid access mode for security'
        if uid == 1:
-            return True # TODO: check security: don't allow xml-rpc request with uid == 1
+            return True

        cr.execute('SELECT MAX(CASE WHEN perm_'+mode+' THEN 1 else 0 END) '
            'FROM ir_model_access a '
@ -207,7 +207,8 @@ class ir_model_access(osv.osv):
                'WHERE a.group_id IS NULL AND m.model = %s', (model_name,))
            r= cr.fetchall()
            if r[0][0] == None:
-                return False # by default, the user had no access
+                return True # Changed waiting final rules
+                #return False # by default, the user had no access

        if not r[0][0]:
            if raise_exception: