From 2bd9ce97acd1d7b2cf3a486caae901f37ad3d951 Mon Sep 17 00:00:00 2001
From: Fabien Pinckaers <fp@tinyerp.com>
Date: Sun, 24 Aug 2008 17:03:23 +0200
Subject: [PATCH] Access Rights

bzr revid: fp@tinyerp.com-20080824150323-c7s9kwv4mjlumpz2
---
 bin/addons/base/ir/ir_model.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/bin/addons/base/ir/ir_model.py b/bin/addons/base/ir/ir_model.py
index d58c2e0950c..3a6765e7f6c 100644
--- a/bin/addons/base/ir/ir_model.py
+++ b/bin/addons/base/ir/ir_model.py
@@ -189,7 +189,7 @@ class ir_model_access(osv.osv):
     def check(self, cr, uid, model_name, mode='read',raise_exception=True):
         assert mode in ['read','write','create','unlink'], 'Invalid access mode for security'
         if uid == 1:
-            return True # TODO: check security: don't allow xml-rpc request with uid == 1
+            return True
 
         cr.execute('SELECT MAX(CASE WHEN perm_'+mode+' THEN 1 else 0 END) '
             'FROM ir_model_access a '
@@ -207,7 +207,8 @@ class ir_model_access(osv.osv):
                 'WHERE a.group_id IS NULL AND m.model = %s', (model_name,))
             r= cr.fetchall()
             if r[0][0] == None:
-                return False # by default, the user had no access
+                return True # Changed waiting final rules
+                #return False # by default, the user had no access
 
         if not r[0][0]:
             if raise_exception: