odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[FIX] mail: security: added read access on notifications. 

bzr revid: tde@openerp.com-20120914161657-bst7gz4d3er1i2rl
This commit is contained in:
Thibault Delavallée 2012-09-14 18:16:57 +02:00
parent f641508fe3
commit 55ec1211c0
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
addons/mail/security/ir.model.access.csv
View File

@ -5,7 +5,7 @@ access_mail_mail_all,mail.mail.all,model_mail_mail,,0,0,1,0
access_mail_mail_system,mail.mail.system,model_mail_mail,base.group_system,1,1,1,1
access_mail_followers_all,mail.followers.all,model_mail_followers,,0,0,0,0
access_mail_followers_system,mail.followers.system,model_mail_followers,base.group_system,1,1,1,1
access_mail_notification_all,mail.notification.all,model_mail_notification,,0,0,0,0
access_mail_notification_all,mail.notification.all,model_mail_notification,,1,0,0,0
access_mail_notification_aystem,mail.notification.system,model_mail_notification,base.group_system,1,1,1,1
access_mail_group_all,mail.group.all,model_mail_group,,1,0,0,0
access_mail_group_user,mail.group.user,model_mail_group,base.group_user,1,1,1,1

1 id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
5 access_mail_mail_system mail.mail.system model_mail_mail base.group_system 1 1 1 1
6 access_mail_followers_all mail.followers.all model_mail_followers 0 0 0 0
7 access_mail_followers_system mail.followers.system model_mail_followers base.group_system 1 1 1 1
8 access_mail_notification_all mail.notification.all model_mail_notification 0 1 0 0 0
9 access_mail_notification_aystem mail.notification.system model_mail_notification base.group_system 1 1 1 1
10 access_mail_group_all mail.group.all model_mail_group 1 0 0 0
11 access_mail_group_user mail.group.user model_mail_group base.group_user 1 1 1 1

10
addons/mail/security/mail_security.xml
View File

@ -10,5 +10,15 @@
<field name="domain_force">['|', '|', ('public', '=', 'public'), ('message_follower_ids', 'in', [user.id]), '&amp;', ('public','=','groups'), ('group_public_id','in', [x.id for x in user.groups_id])]</field>
</record>
<!-- This rule can not be uncommented, because we have a more wide method in mail.message. When we implement a many2one_variable field, we will be able to uncomment this. -->
<!-- <record id="mail_message_read_partner_or_author" model="ir.rule">
<field name="name">mail.message: read if notified or author</field>
<field name="model_id" ref="model_mail_message"/>
<field name="domain_force">['|', ('partner_ids', 'in', user.partner_id.id), ('author_id', '=', user.partner_id.id)]</field>
<field name="perm_create" eval="False"/>
<field name="perm_write" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record> -->
</data>
</openerp>