[FIX] same without record rules, python side

bzr revid: mat@openerp.com-20130722115106-b1uldamgbpisf84g
2013-07-22 13:51:06 +02:00 · 2013-07-22 13:51:06 +02:00 · 5480f2958e
parent ca4cc04c68
commit 5480f2958e
2 changed files with 12 additions and 56 deletions
--- a/addons/document/document.py
+++ b/addons/document/document.py
@ -69,11 +69,17 @@ class document_file(osv.osv):
    ]

    def check(self, cr, uid, ids, mode, context=None, values=None):
-        """Check access wrt. res_model, relax the rule of ir.attachment parent
-        With 'document' installed, everybody will have access to attachments of
-        any resources they can *read*.
-        """
-        return super(document_file, self).check(cr, uid, ids, mode='read', context=context, values=values)
+        super(document_file, self).check(cr, uid, ids, mode, context=context, values=values)
+        if ids:
+            # use SQL to avoid recursive loop on read
+            cr.execute('SELECT id, parent_id from ir_attachment WHERE id in %s', (tuple(ids),))
+
+            parent_ids = []
+            for attach_id, attach_parent in cr.fetchall():
+                if attach_parent:
+                    parent_ids.append(attach_parent)
+
+            self.pool.get('document.directory').check_access_rule(cr, uid, parent_ids, mode, context=context)

    def search(self, cr, uid, args, offset=0, limit=None, order=None, context=None, count=False):
        # Grab ids, bypassing 'count'
--- a/addons/document/security/document_security.xml
+++ b/addons/document/security/document_security.xml
@ -37,56 +37,6 @@
        <field eval="0" name="perm_read"/>
        <field eval="1" name="perm_create"/>
    </record>
-    
-     <record id="ir_rule_readpublicdocuments0" model="ir.rule">
-        <field name="model_id" ref="base.model_ir_attachment"/>
-        <field name="domain_force">[
-            '|',
-                '|',
-                    '|',
-                        ('parent_id','=',False),
-                        ('parent_id.group_ids','in',[g.id for g in user.groups_id]),
-                    ('parent_id.user_id', '=', user.id),
-                '&amp;',
-                    ('parent_id.user_id', '=', False),
-                    ('parent_id.group_ids','=',False), 
-            '|',
-                '|',
-                    ('company_id','=',False),
-                    ('company_id','child_of',[user.company_id.id]),
-                ('company_id.child_ids','child_of',[user.company_id.id])]
-        </field>
-        <field name="name">Read public documents</field>
-        <field eval="0" name="global"/>
-        <field eval="[(6,0,[ref('base.group_user')])]" name="groups"/>
-        <field eval="0" name="perm_unlink"/>
-        <field eval="0" name="perm_write"/>
-        <field eval="1" name="perm_read"/>
-        <field eval="0" name="perm_create"/>
-    </record>
-    
-    <record id="ir_rule_documentmodifyowndocuments0" model="ir.rule">
-        <field name="model_id" ref="base.model_ir_attachment"/>
-        <field name="domain_force">[
-            '|',
-                ('parent_id.user_id', '=', user.id),
-                '&amp;',
-                    ('parent_id.group_ids','in',[g.id for g in user.groups_id]),
-                    ('parent_id.user_id','=',False),
-            '|',
-                '|',
-                    ('company_id','=',False),
-                    ('company_id','child_of',[user.company_id.id]),
-                ('company_id.child_ids','child_of',[user.company_id.id])]
-        </field>
-        <field name="name">Document modify own document</field>
-        <field eval="0" name="global"/>
-        <field eval="[(6,0,[ref('base.group_document_user')])]" name="groups"/>
-        <field eval="1" name="perm_unlink"/>
-        <field eval="1" name="perm_write"/>
-        <field eval="0" name="perm_read"/>
-        <field eval="1" name="perm_create"/>
-    </record>
-    
+        
 </data>
 </openerp>