[FIX] website: some access right

bzr revid: chm@openerp.com-20140106141817-2tf0dpfchi5x6kjw
2014-01-06 15:18:17 +01:00 · 2014-01-06 15:18:17 +01:00 · 63e2da36a6
parent 49c0b7a820
commit 63e2da36a6
8 changed files with 23 additions and 5 deletions
--- a/addons/delivery/sale.py
+++ b/addons/delivery/sale.py
@ -25,6 +25,7 @@ from openerp.addons import decimal_precision
 from openerp.addons.sale.sale import sale_order as OriginalSaleOrder
 from openerp.osv import fields, osv
 from openerp.tools.translate import _
+from openerp import SUPERUSER_ID


 class sale_order_line(osv.osv):
@ -111,7 +112,7 @@ class sale_order(osv.Model):
            if not order.state in ('draft'):
                raise osv.except_osv(_('Order not in Draft State!'), _('The order state have to be draft to add delivery lines.'))

-            grid = grid_obj.browse(cr, uid, grid_id, context=context)
+            grid = grid_obj.browse(cr, SUPERUSER_ID, grid_id, context=context)

            taxes = grid.carrier_id.product_id.taxes_id
            fpos = order.fiscal_position or False
--- a/addons/website_customer/views/website_customer.xml
+++ b/addons/website_customer/views/website_customer.xml
@ -78,7 +78,7 @@
            <t t-foreach="countries" t-as="country_dict">
                <t t-if="country_dict['country_id']">
                    <li t-att-class="country_dict['country_id'][0] == current_country_id and 'active' or ''">
-                        <a t-href="/customers/country/#{ slug(country_dict['country_id']) }/">
+                        <a t-href="/customers/#{ country_dict['country_id'][0] and 'country/%s/' % slug(country_dict['country_id']) or '' }">
                            <span class="badge pull-right" t-esc="country_dict['country_id_count']"/>
                            <t t-esc="country_dict['country_id'][1]"/>
                        </a>
--- a/addons/website_sale/models/website.py
+++ b/addons/website_sale/models/website.py
@ -99,6 +99,7 @@ class Website(orm.Model):
            request.httprequest.session['ecommerce_order_id'] = False
            return False
        try:
+            #SaleOrder.check_access_rule(cr, uid, order_id, context=context)
            order = SaleOrder.browse(cr, uid, order_id, context=context)
            return order
        except:
--- a/addons/website_sale/security/ir.model.access.csv
+++ b/addons/website_sale/security/ir.model.access.csv
@ -12,4 +12,5 @@ access_sale_order_line_public,sale.order.line.public,model_sale_order_line,base.
 access_product_attribute,product.attribute.public,website_sale.model_product_attribute,,1,0,0,0
 access_product_attribute_value,product.attribute.value.public,website_sale.model_product_attribute_value,,1,0,0,0
 access_product_attribute_product,product.attribute.product.public,website_sale.model_product_attribute_product,,1,0,0,0
-access_website_product_style,website.product.style.public,website_sale.model_website_product_style,,1,0,0,0
+access_website_product_style,website.product.style.public,website_sale.model_website_product_style,,1,0,0,0
+access_product_supplierinfo,product.supplierinfo.public,product.model_product_supplierinfo,,1,0,0,0
--- a/addons/website_sale/security/website_sale.xml
+++ b/addons/website_sale/security/website_sale.xml
@ -44,5 +44,16 @@
        <field name="perm_unlink" eval="False"/>
    </record>
    
+    <record id="product_supplierinfo_public" model="ir.rule">
+        <field name="name">Public product supplierinfo</field>
+        <field name="model_id" ref="product.model_product_supplierinfo"/>
+        <field name="domain_force">[('product_tmpl_id.website_published','=',True)]</field>
+        <field name="groups" eval="[(4, ref('base.group_public')), (4, ref('base.group_portal'))]"/>
+        <field name="perm_read" eval="True"/>
+        <field name="perm_write" eval="False"/>
+        <field name="perm_create" eval="False"/>
+        <field name="perm_unlink" eval="False"/>
+    </record>
+
 </data>
 </openerp>
--- a/addons/website_sale_delivery/openerp.py
+++ b/addons/website_sale_delivery/openerp.py
@ -12,6 +12,7 @@ Delivery Costs
    'data': [
        'views/website_sale_delivery.xml',
        'views/website_sale_delivery_view.xml',
+        'security/ir.model.access.csv',
    ],
    'demo': [],
    'qweb': [],
--- a/addons/website_sale_delivery/models/website.py
+++ b/addons/website_sale_delivery/models/website.py
@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 from openerp.osv import orm
+from openerp import SUPERUSER_ID


 class Website(orm.Model):
@ -9,7 +10,7 @@ class Website(orm.Model):
        """ Override the quotation values generation to add carrier_id data """
        values = super(Website, self)._ecommerce_get_quotation_values(cr, uid, context=context)
        DeliveryCarrier = self.pool.get('delivery.carrier')
-        carrier_ids = DeliveryCarrier.search(cr, uid, [], context=context, limit=1)
+        carrier_ids = DeliveryCarrier.search(cr, uid, [(1,"=",1)], context=context, limit=1)
        # By default, select the first carrier
        if carrier_ids:
            values['carrier_id'] = carrier_ids[0]
@ -17,5 +18,5 @@ class Website(orm.Model):

    def _ecommerce_create_quotation(self, cr, uid, context=None):
        order_id = super(Website, self)._ecommerce_create_quotation(cr, uid, context=context)
-        self.pool['sale.order'].delivery_set(cr, uid, [order_id], context=context)
+        self.pool['sale.order'].delivery_set(cr, SUPERUSER_ID, [order_id], context=context)
        return order_id
--- a/addons/website_sale_delivery/security/ir.model.access.csv
+++ b/addons/website_sale_delivery/security/ir.model.access.csv
@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_delivery_carrier_public,delivery.carrier.public,delivery.model_delivery_carrier,,1,0,0,0