[IMP] mail groups improvements: security
bzr revid: fp@openerp.com-20120814112204-hwamufqqz4qj9ptb
This commit is contained in:
Fabien Pinckaers
parent
6f7b789f7a
commit
85ca542ad0
|
|
@ -2,49 +2,22 @@
|
|||
<openerp>
|
||||
<data noupdate="1">
|
||||
|
||||
<record id="message_blogpost0_attachment0" model="ir.attachment">
|
||||
<field name="name">A cool attachment</field>
|
||||
<field name="datas">PT1Tb21lIGNvb2wgYXR0YWNobWVudD09ClByYWVzZW50IHZlbCBtYXNzYSBzZWQgbWFzc2EgY29uc2VxdWF0IGVnZXN0YXMgaW4gdHJpc3RpcXVlIG9yY2ku</field>
|
||||
<field name="datas_fname">a_cool_attachment</field>
|
||||
<field name="description"></field>
|
||||
<field name="res_name">Mail group</field>
|
||||
<field name="res_model">mail.group</field>
|
||||
<field name="res_id" ref="group_all_company"/>
|
||||
<field name="type">binary</field>
|
||||
</record>
|
||||
|
||||
<record id="message_blogpost0_attachment1" model="ir.attachment">
|
||||
<field name="name">Another clean attachment</field>
|
||||
<field name="datas">PT1Tb21lIGNsZWFuIGF0dGFjaG1lbnQ9PQpOdWxsYSB0dXJwaXMgbGVvLCByaG9uY3VzIHV0IGVnZXN0YXMgc2l0IGFtZXQsIGNvbnNlY3RldHVyIHZpdGFlIHVybmEu</field>
|
||||
<field name="datas_fname">a_clean_attachment</field>
|
||||
<field name="description"></field>
|
||||
<field name="res_name">Mail group</field>
|
||||
<field name="res_model">mail.group</field>
|
||||
<field name="res_id" ref="group_all_company"/>
|
||||
<field name="type">binary</field>
|
||||
</record>
|
||||
|
||||
<record id="message_blogpost0" model="mail.message">
|
||||
<field name="subject">Internal company announce</field>
|
||||
<field name="model">mail.group</field>
|
||||
<field name="res_id" ref="group_all_company"/>
|
||||
<field name="res_id" ref="group_all_employees"/>
|
||||
<field name="content_subtype">html</field>
|
||||
<field name="body_html"><![CDATA[Lorem ipsum dolor <b>sit amet</b>, consectetur <em>adipiscing elit</em>. Pellentesque et quam sapien, in sagittis tellus.
|
||||
Praesent vel massa sed massa consequat egestas in tristique orci. Praesent iaculis libero et neque vehicula iaculis. Vivamus placerat tincidunt orci ac ornare. Proin ut dolor fringilla velit ultricies consequat. Maecenas sit amet ipsum non leo interdum imperdiet. Donec sapien mi, varius a consequat id, consectetur sit amet nulla.
|
||||
|
||||
Fusce tempus elit volutpat mi auctor adipiscing. Nam congue luctus suscipit. Duis vestibulum dapibus enim vitae dignissim. Sed tellus libero, venenatis ut mollis ut, luctus quis dui. Sed rhoncus pulvinar orci in consectetur.
|
||||
|
||||
Nulla turpis leo, rhoncus ut egestas sit amet, consectetur vitae urna. Mauris in dolor in sapien tempus vehicula.]]></field>
|
||||
<field name="body_html"><![CDATA[Your monthly meal vouchers arrived. You can get them at Christine's office.
|
||||
This month you also have 250 EUR of eco-checks for all employees that worked with us since 1 year minimum.]]></field>
|
||||
<field name="type">comment</field>
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
<field name="attachment_ids" eval="[(6,0,[ref('message_blogpost0_attachment0'),ref('message_blogpost0_attachment1')])]"/>
|
||||
</record>
|
||||
|
||||
<record id="message_blogpost0_comment0" model="mail.message">
|
||||
<field name="model">mail.group</field>
|
||||
<field name="res_id" ref="group_all_company"/>
|
||||
<field name="res_id" ref="group_all_employees"/>
|
||||
<field name="content_subtype">html</field>
|
||||
<field name="body_html"><![CDATA[That was such a <b>tremendous</b> blogpost ! (first comment)]]></field>
|
||||
<field name="body_html"><![CDATA[Great.]]></field>
|
||||
<field name="parent_id" ref="message_blogpost0"/>
|
||||
<field name="type">comment</field>
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
|
|
@ -52,29 +25,17 @@ Nulla turpis leo, rhoncus ut egestas sit amet, consectetur vitae urna. Mauris in
|
|||
|
||||
<record id="message_blogpost0_comment1" model="mail.message">
|
||||
<field name="model">mail.group</field>
|
||||
<field name="res_id" ref="group_all_company"/>
|
||||
<field name="res_id" ref="group_all_employees"/>
|
||||
<field name="content_subtype">html</field>
|
||||
<field name="body_html"><![CDATA[Agreed !
|
||||
Would it be possible to learn more about the author ? (second comment)]]></field>
|
||||
<field name="body_html"><![CDATA[Yes, that's a good news.]]></field>
|
||||
<field name="parent_id" ref="message_blogpost0"/>
|
||||
<field name="type">comment</field>
|
||||
<field name="user_id" ref="base.user_demo"/>
|
||||
</record>
|
||||
|
||||
<record id="message_blogpost0_comment2_attachment0" model="ir.attachment">
|
||||
<field name="name">Author's full biography</field>
|
||||
<field name="datas">PT1BYm91dCB0aGUgYXV0aG9yPT0KSW50ZWdlciBzb2RhbGVzIGRvbG9yIGV1IGVsaXQgZnJpbmdpbGxhIGJsYW5kaXQu</field>
|
||||
<field name="datas_fname">blogpost_author_biography</field>
|
||||
<field name="description"></field>
|
||||
<field name="res_name">Mail group</field>
|
||||
<field name="res_model">mail.group</field>
|
||||
<field name="res_id" ref="group_all_company"/>
|
||||
<field name="type">binary</field>
|
||||
</record>
|
||||
|
||||
<record id="message_blogpost0_comment2" model="mail.message">
|
||||
<field name="model">mail.group</field>
|
||||
<field name="res_id" ref="group_all_company"/>
|
||||
<field name="res_id" ref="group_all_employees"/>
|
||||
<field name="content_subtype">html</field>
|
||||
<field name="body_html"><![CDATA[Sure: Curabitur tempor bibendum diam, et euismod ante rutrum vel.
|
||||
|
||||
|
|
@ -85,7 +46,6 @@ Check the file in attachment for more information ! (third comment)]]></field>
|
|||
<field name="parent_id" ref="message_blogpost0"/>
|
||||
<field name="type">comment</field>
|
||||
<field name="user_id" ref="base.user_root"/>
|
||||
<field name="attachment_ids" eval="[(4,ref('message_blogpost0_comment2_attachment0'))]"/>
|
||||
</record>
|
||||
|
||||
<record model="ir.config_parameter" id="user_mail_alias">
|
||||
|
|
|
|||
|
|
@ -2,16 +2,14 @@
|
|||
<openerp>
|
||||
<data noupdate="1">
|
||||
|
||||
<record model="mail.group" id="group_all_company">
|
||||
<field name="name">All Company</field>
|
||||
<field name="description">All company users can come here and discuss.</field>
|
||||
</record>
|
||||
<record model="mail.group" id="group_sales">
|
||||
<field name="name">Sales</field>
|
||||
<field name="description">Discussion about best sales practices and deals.</field>
|
||||
</record>
|
||||
<record model="mail.group" id="group_all_employees">
|
||||
<field name="name">All Employees</field>
|
||||
<field name="group_ids" eval="[(4, ref('base.group_user'))]"/>
|
||||
<field name="description">Discussion about best sales practices and deals.</field>
|
||||
</record>
|
||||
|
||||
<!-- notify all employees of module installation -->
|
||||
|
|
|
|||
|
|
@ -95,9 +95,10 @@ class mail_group(osv.osv):
|
|||
'responsible_id': fields.many2one('res.users', string='Responsible',
|
||||
ondelete='set null', required=True, select=1,
|
||||
help="Responsible of the group that has all rights on the record."),
|
||||
'public': fields.selection([('public','Public'),('private','Private'),('employee','Employees Only')], 'Privacy', required=True,
|
||||
'public': fields.selection([('public','Public'),('private','Private'),('groups','Selected Group Only')], 'Privacy', required=True,
|
||||
help='This group is visible by non members. \
|
||||
Invisible groups can add members through the invite button.'),
|
||||
'group_public_id': fields.many2one('res.groups', string='Authorized Group'),
|
||||
'group_ids': fields.many2many('res.groups', rel='mail_group_res_group_rel',
|
||||
id1='mail_group_id', id2='groups_id', string='Auto Subscription',
|
||||
help="Members of those groups will automatically added as followers. "\
|
||||
|
|
@ -136,12 +137,17 @@ class mail_group(osv.osv):
|
|||
"create new topics."),
|
||||
}
|
||||
|
||||
def _get_default_employee_group(self, cr, uid, context=None):
|
||||
ref = self.pool.get('ir.model.data').get_object_reference(cr, uid, 'base', 'group_user')
|
||||
return ref and ref[1] or False
|
||||
|
||||
def _get_menu_parent(self, cr, uid, context=None):
|
||||
ref = self.pool.get('ir.model.data').get_object_reference(cr, uid, 'mail', 'mail_group_root')
|
||||
return ref and ref[1] or False
|
||||
|
||||
_defaults = {
|
||||
'public': 'employee',
|
||||
'public': 'private',
|
||||
'group_public_id': _get_default_employee_group,
|
||||
'responsible_id': (lambda s, cr, uid, ctx: uid),
|
||||
'image': _get_default_image,
|
||||
'parent_id': _get_menu_parent,
|
||||
|
|
@ -177,6 +183,8 @@ class mail_group(osv.osv):
|
|||
params = {
|
||||
'search_view_id': search_ref and search_ref[1] or False,
|
||||
'domain': [('model','=','mail.group'),('res_id','=',mail_group_id)],
|
||||
'res_model': 'mail.group',
|
||||
'res_id': mail_group_id,
|
||||
'thread_level': 2
|
||||
}
|
||||
cobj = self.pool.get('ir.actions.client')
|
||||
|
|
|
|||
|
|
@ -65,13 +65,15 @@
|
|||
<field name="description" placeholder="Topics discussed in this group..."/>
|
||||
</div>
|
||||
<div class="oe_clear"/>
|
||||
<group>
|
||||
<group class="oe_edit_only">
|
||||
<field name="responsible_id" class="oe_inline"/>
|
||||
</group>
|
||||
<group col="1">
|
||||
<group class="oe_edit_only">
|
||||
<field name="public" class="oe_inline"/>
|
||||
<field name="group_ids" widget="many2many_tags"/>
|
||||
<field name="group_public_id" class="oe_inline"
|
||||
attrs="{'invisible': [('public','<>','groups')]}"/>
|
||||
<field name="group_ids" widget="many2many_tags" class="oe_inline"/>
|
||||
</group>
|
||||
<group class="oe_edit_only">
|
||||
<field name="responsible_id" class="oe_inline"/>
|
||||
</group>
|
||||
</group>
|
||||
</sheet>
|
||||
|
|
@ -113,7 +115,7 @@
|
|||
|
||||
<!-- group record !-->
|
||||
<record id="action_view_groups" model="ir.actions.act_window">
|
||||
<field name="name">All Groups</field>
|
||||
<field name="name">Groups</field>
|
||||
<field name="res_model">mail.group</field>
|
||||
<field name="view_type">form</field>
|
||||
<field name="view_mode">kanban,tree,form</field>
|
||||
|
|
@ -121,7 +123,7 @@
|
|||
</record>
|
||||
|
||||
<!-- left-side menu: Groups !-->
|
||||
<menuitem id="mail_group_root" parent="mail_feeds_main" sequence="12" name="Groups"/>
|
||||
<menuitem id="mail_allgroups" parent="mail_group_root" sequence="12" action="action_view_groups"/>
|
||||
<menuitem id="mail_group_root" parent="mail_feeds_main" sequence="12" name="My Groups"/>
|
||||
<menuitem id="mail_allgroups" parent="mail_feeds" sequence="12" action="action_view_groups"/>
|
||||
</data>
|
||||
</openerp>
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<openerp>
|
||||
<data noupdate="1">
|
||||
<data>
|
||||
|
||||
<!-- CATEGORY -->
|
||||
<record model="ir.module.category" id="module_category_social">
|
||||
|
|
@ -21,15 +21,7 @@
|
|||
<field name="name">Mail.group: access only public and joined groups</field>
|
||||
<field name="model_id" ref="model_mail_group"/>
|
||||
<!-- This rule has to be improved for employee only groups -->
|
||||
<field name="domain_force">['|', ('public', '=', 'public'), ('member_ids', 'in', user.id)]</field>
|
||||
<field name="perm_create" eval="False"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
<field name="perm_unlink" eval="False"/>
|
||||
</record>
|
||||
<record id="group_rule_delete_mygroup" model="ir.rule">
|
||||
<field name="name">Mail.group: delete my groups only</field>
|
||||
<field name="model_id" ref="model_mail_group"/>
|
||||
<field name="domain_force">[('responsible_id', '=', user.id)]</field>
|
||||
<field name="domain_force">['|', '|', ('public', '=', 'public'), ('member_ids', 'in', [user.id]), '&', ('public','=','groups'), ('group_public_id','in', [x.id for x in user.groups_id])]</field>
|
||||
</record>
|
||||
|
||||
</data>
|
||||
|
|
|
|||
|
|
@ -972,8 +972,11 @@ openerp.mail = function(session) {
|
|||
this.params.limit = params.limit || 25;
|
||||
this.params.domain = params.domain || [];
|
||||
this.params.context = params.context || {};
|
||||
this.params.res_model = params.res_model || false;
|
||||
this.params.res_id = params.res_id || false;
|
||||
this.params.search_view_id = params.search_view_id || false;
|
||||
this.params.thread_level = params.thread_level || 1;
|
||||
this.params.title = params.title || false;
|
||||
this.comments_structure = {'root_ids': [], 'new_root_ids': [], 'msgs': {}, 'tree_struct': {}, 'model_to_root_ids': {}};
|
||||
this.display_show_more = true;
|
||||
this.thread_list = [];
|
||||
|
|
@ -1018,9 +1021,10 @@ openerp.mail = function(session) {
|
|||
if (this.compose_message_widget) {
|
||||
this.compose_message_widget.destroy();
|
||||
}
|
||||
debugger;
|
||||
this.compose_message_widget = new mail.ComposeMessage(this, {
|
||||
'extended_mode': false, 'uid': this.session.uid, 'res_model': 'res.users',
|
||||
'res_id': this.session.uid, 'mode': mode || 'comment', 'msg_id': msg_id });
|
||||
'extended_mode': false, 'uid': this.session.uid, 'res_model': this.params.res_model,
|
||||
'res_id': this.params.res_id, 'mode': mode || 'comment', 'msg_id': msg_id });
|
||||
var composition_node = this.$element.find('div.oe_mail_wall_action');
|
||||
composition_node.empty();
|
||||
var compose_done = this.compose_message_widget.appendTo(composition_node);
|
||||
|
|
|
|||
|
|
@ -16,7 +16,10 @@
|
|||
<tr class="oe_header_row oe_header_row_top">
|
||||
<td colspan="2">
|
||||
<h2 class="oe_view_title">
|
||||
<span class="oe_view_title_text">All Feeds</span>
|
||||
<span class="oe_view_title_text">
|
||||
<t t-if="! widget.params.res_model">News Feeds</t>
|
||||
<t t-if="widget.params.res_model" t-esc="widget.params.res_model"/>
|
||||
</span>
|
||||
</h2>
|
||||
</td>
|
||||
<td><div class="oe_view_manager_view_search" t-opentag="true"/></td>
|
||||
|
|
|
|||
Loading…
Reference in New Issue