From 6a46a151858622a20c6c129405a222ed88dc5a86 Mon Sep 17 00:00:00 2001
From: Olivier Dony <odo@openerp.com>
Date: Thu, 24 Mar 2011 12:14:27 +0100
Subject: [PATCH] [IMP] ir.model.access: split method for generating the list
 of groups that have a given access right

This is useful when modules later need to override it, for example when adding
hidden groups that should not be mentioned there (this is what the share module
does).

bzr revid: odo@openerp.com-20110324111427-puz4jtrem9ceibxf
---
 openerp/addons/base/ir/ir_model.py | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/openerp/addons/base/ir/ir_model.py b/openerp/addons/base/ir/ir_model.py
index 5ce50370c77..6c11a7adf56 100644
--- a/openerp/addons/base/ir/ir_model.py
+++ b/openerp/addons/base/ir/ir_model.py
@@ -451,6 +451,23 @@ class ir_model_access(osv.osv):
         # pass no groups -> no access
         return False
 
+    def group_names_with_access(self, cr, model_name, access_mode):
+        """Returns the names of visible groups which have been granted ``access_mode`` on
+           the model ``model_name``.
+           :rtype: list
+        """
+        assert access_mode in ['read','write','create','unlink'], 'Invalid access mode: %s' % access_mode
+        cr.execute('''SELECT
+                        g.name
+                      FROM
+                        ir_model_access a
+                        JOIN ir_model m ON (a.model_id=m.id)
+                        JOIN res_groups g ON (a.group_id=g.id)
+                      WHERE
+                        m.model=%s AND
+                        a.perm_''' + access_mode, (model_name,))
+        return [x[0] for x in cr.fetchall()]
+
     def check(self, cr, uid, model, mode='read', raise_exception=True, context=None):
         if uid==1:
             # User root have all accesses
@@ -494,16 +511,7 @@ class ir_model_access(osv.osv):
             r = cr.fetchone()[0]
 
         if not r and raise_exception:
-            cr.execute('''select
-                    g.name
-                from
-                    ir_model_access a 
-                    left join ir_model m on (a.model_id=m.id) 
-                    left join res_groups g on (a.group_id=g.id)
-                where
-                    m.model=%s and
-                    a.group_id is not null and perm_''' + mode, (model_name, ))
-            groups = ', '.join(map(lambda x: x[0], cr.fetchall())) or '/'
+            groups = ', '.join(self.group_names_with_access(cr, model_name, mode)) or '/'
             msgs = {
                 'read':   _("You can not read this document (%s) ! Be sure your user belongs to one of these groups: %s."),
                 'write':  _("You can not write in this document (%s) ! Be sure your user belongs to one of these groups: %s."),