From 5fe91886151ccf2b4be2a2ed9698ac0c8de713b2 Mon Sep 17 00:00:00 2001
From: Olivier Dony <odo@openerp.com>
Date: Thu, 5 Aug 2010 20:14:58 +0200
Subject: [PATCH] [FIX] osv_memory: fixed access rights for osv_memory: a user
 always has full access, but only to her own records, except the superuser

bzr revid: odo@openerp.com-20100805181458-gaq8f8rbp0xwyoy9
---
 bin/addons/base/ir/ir_model.py |  6 ++++++
 bin/osv/orm.py                 | 11 ++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/bin/addons/base/ir/ir_model.py b/bin/addons/base/ir/ir_model.py
index a3b361d7575..c4a85d123e8 100644
--- a/bin/addons/base/ir/ir_model.py
+++ b/bin/addons/base/ir/ir_model.py
@@ -386,6 +386,12 @@ class ir_model_access(osv.osv):
         else:
             model_name = model
 
+        # osv_memory objects can be read by everyone, as they only return
+        # results that belong to the current user (except for superuser)
+        model_obj = self.pool.get(model_name)
+        if isinstance(model_obj, osv.osv_memory):
+            return True
+
         # We check if a specific rule exists
         cr.execute('SELECT MAX(CASE WHEN perm_' + mode + ' THEN 1 ELSE 0 END) '
                    '  FROM ir_model_access a '
diff --git a/bin/osv/orm.py b/bin/osv/orm.py
index cd5dc9949d8..27a4d664a26 100644
--- a/bin/osv/orm.py
+++ b/bin/osv/orm.py
@@ -1769,7 +1769,7 @@ class orm_memory(orm_template):
 
     def _check_access(self, uid, object_id, mode):
         if uid != 1 and self.datas[object_id]['internal.create_uid'] != uid:
-            raise except_orm(_('AccessError'), '%s access is only allowed on your own records for osv_memory objects' % mode.capitalize())
+            raise except_orm(_('AccessError'), '%s access is only allowed on your own records for osv_memory objects except for the super-user' % mode.capitalize())
 
     def vaccum(self, cr, uid):
         self.check_id += 1
@@ -1963,10 +1963,11 @@ class orm_memory(orm_template):
         if not context:
             context = {}
 
-        # implicit filter on current user
-        if not args:
-            args = []
-        args.insert(0, ('internal.create_uid', '=', user))
+        # implicit filter on current user except for superuser
+        if user != 1:
+            if not args:
+                args = []
+            args.insert(0, ('internal.create_uid', '=', user))
 
         result = self._where_calc(cr, user, args, context=context)
         if result==[]: