From 85ca542ad09a8a9890db63e421a7509b681d36d6 Mon Sep 17 00:00:00 2001 From: Fabien Pinckaers Date: Tue, 14 Aug 2012 13:22:04 +0200 Subject: [PATCH] [IMP] mail groups improvements: security bzr revid: fp@openerp.com-20120814112204-hwamufqqz4qj9ptb --- addons/mail/data/mail_demo.xml | 56 ++++---------------------- addons/mail/data/mail_group_data.xml | 6 +-- addons/mail/mail_group.py | 12 +++++- addons/mail/mail_group_view.xml | 18 +++++---- addons/mail/security/mail_security.xml | 12 +----- addons/mail/static/src/js/mail.js | 8 +++- addons/mail/static/src/xml/mail.xml | 5 ++- 7 files changed, 42 insertions(+), 75 deletions(-) diff --git a/addons/mail/data/mail_demo.xml b/addons/mail/data/mail_demo.xml index 8be63f22804..e3d7c2ab1e1 100644 --- a/addons/mail/data/mail_demo.xml +++ b/addons/mail/data/mail_demo.xml @@ -2,49 +2,22 @@ - - A cool attachment - PT1Tb21lIGNvb2wgYXR0YWNobWVudD09ClByYWVzZW50IHZlbCBtYXNzYSBzZWQgbWFzc2EgY29uc2VxdWF0IGVnZXN0YXMgaW4gdHJpc3RpcXVlIG9yY2ku - a_cool_attachment - - Mail group - mail.group - - binary - - - - Another clean attachment - PT1Tb21lIGNsZWFuIGF0dGFjaG1lbnQ9PQpOdWxsYSB0dXJwaXMgbGVvLCByaG9uY3VzIHV0IGVnZXN0YXMgc2l0IGFtZXQsIGNvbnNlY3RldHVyIHZpdGFlIHVybmEu - a_clean_attachment - - Mail group - mail.group - - binary - - Internal company announce mail.group - + html - sit amet, consectetur adipiscing elit. Pellentesque et quam sapien, in sagittis tellus. -Praesent vel massa sed massa consequat egestas in tristique orci. Praesent iaculis libero et neque vehicula iaculis. Vivamus placerat tincidunt orci ac ornare. Proin ut dolor fringilla velit ultricies consequat. Maecenas sit amet ipsum non leo interdum imperdiet. Donec sapien mi, varius a consequat id, consectetur sit amet nulla. - -Fusce tempus elit volutpat mi auctor adipiscing. Nam congue luctus suscipit. Duis vestibulum dapibus enim vitae dignissim. Sed tellus libero, venenatis ut mollis ut, luctus quis dui. Sed rhoncus pulvinar orci in consectetur. - -Nulla turpis leo, rhoncus ut egestas sit amet, consectetur vitae urna. Mauris in dolor in sapien tempus vehicula.]]> + comment - mail.group - + html - tremendous blogpost ! (first comment)]]> + comment @@ -52,29 +25,17 @@ Nulla turpis leo, rhoncus ut egestas sit amet, consectetur vitae urna. Mauris in mail.group - + html - + comment - - Author's full biography - PT1BYm91dCB0aGUgYXV0aG9yPT0KSW50ZWdlciBzb2RhbGVzIGRvbG9yIGV1IGVsaXQgZnJpbmdpbGxhIGJsYW5kaXQu - blogpost_author_biography - - Mail group - mail.group - - binary - - mail.group - + html comment - diff --git a/addons/mail/data/mail_group_data.xml b/addons/mail/data/mail_group_data.xml index 09a6ca29a2d..443b43b62d6 100644 --- a/addons/mail/data/mail_group_data.xml +++ b/addons/mail/data/mail_group_data.xml @@ -2,16 +2,14 @@ - - All Company - All company users can come here and discuss. - Sales + Discussion about best sales practices and deals. All Employees + Discussion about best sales practices and deals. diff --git a/addons/mail/mail_group.py b/addons/mail/mail_group.py index d97e5750ec6..30409fc072c 100644 --- a/addons/mail/mail_group.py +++ b/addons/mail/mail_group.py @@ -95,9 +95,10 @@ class mail_group(osv.osv): 'responsible_id': fields.many2one('res.users', string='Responsible', ondelete='set null', required=True, select=1, help="Responsible of the group that has all rights on the record."), - 'public': fields.selection([('public','Public'),('private','Private'),('employee','Employees Only')], 'Privacy', required=True, + 'public': fields.selection([('public','Public'),('private','Private'),('groups','Selected Group Only')], 'Privacy', required=True, help='This group is visible by non members. \ Invisible groups can add members through the invite button.'), + 'group_public_id': fields.many2one('res.groups', string='Authorized Group'), 'group_ids': fields.many2many('res.groups', rel='mail_group_res_group_rel', id1='mail_group_id', id2='groups_id', string='Auto Subscription', help="Members of those groups will automatically added as followers. "\ @@ -136,12 +137,17 @@ class mail_group(osv.osv): "create new topics."), } + def _get_default_employee_group(self, cr, uid, context=None): + ref = self.pool.get('ir.model.data').get_object_reference(cr, uid, 'base', 'group_user') + return ref and ref[1] or False + def _get_menu_parent(self, cr, uid, context=None): ref = self.pool.get('ir.model.data').get_object_reference(cr, uid, 'mail', 'mail_group_root') return ref and ref[1] or False _defaults = { - 'public': 'employee', + 'public': 'private', + 'group_public_id': _get_default_employee_group, 'responsible_id': (lambda s, cr, uid, ctx: uid), 'image': _get_default_image, 'parent_id': _get_menu_parent, @@ -177,6 +183,8 @@ class mail_group(osv.osv): params = { 'search_view_id': search_ref and search_ref[1] or False, 'domain': [('model','=','mail.group'),('res_id','=',mail_group_id)], + 'res_model': 'mail.group', + 'res_id': mail_group_id, 'thread_level': 2 } cobj = self.pool.get('ir.actions.client') diff --git a/addons/mail/mail_group_view.xml b/addons/mail/mail_group_view.xml index 7c10015d212..1138351a1a2 100644 --- a/addons/mail/mail_group_view.xml +++ b/addons/mail/mail_group_view.xml @@ -65,13 +65,15 @@
- - - - + - + + + + + @@ -113,7 +115,7 @@ - All Groups + Groups mail.group form kanban,tree,form @@ -121,7 +123,7 @@ - - + + diff --git a/addons/mail/security/mail_security.xml b/addons/mail/security/mail_security.xml index 50b3f8e2c78..e73279b1ad7 100644 --- a/addons/mail/security/mail_security.xml +++ b/addons/mail/security/mail_security.xml @@ -1,6 +1,6 @@ - + @@ -21,15 +21,7 @@ Mail.group: access only public and joined groups - ['|', ('public', '=', 'public'), ('member_ids', 'in', user.id)] - - - - - - Mail.group: delete my groups only - - [('responsible_id', '=', user.id)] + ['|', '|', ('public', '=', 'public'), ('member_ids', 'in', [user.id]), '&', ('public','=','groups'), ('group_public_id','in', [x.id for x in user.groups_id])] diff --git a/addons/mail/static/src/js/mail.js b/addons/mail/static/src/js/mail.js index da6816d3441..c068074b457 100644 --- a/addons/mail/static/src/js/mail.js +++ b/addons/mail/static/src/js/mail.js @@ -972,8 +972,11 @@ openerp.mail = function(session) { this.params.limit = params.limit || 25; this.params.domain = params.domain || []; this.params.context = params.context || {}; + this.params.res_model = params.res_model || false; + this.params.res_id = params.res_id || false; this.params.search_view_id = params.search_view_id || false; this.params.thread_level = params.thread_level || 1; + this.params.title = params.title || false; this.comments_structure = {'root_ids': [], 'new_root_ids': [], 'msgs': {}, 'tree_struct': {}, 'model_to_root_ids': {}}; this.display_show_more = true; this.thread_list = []; @@ -1018,9 +1021,10 @@ openerp.mail = function(session) { if (this.compose_message_widget) { this.compose_message_widget.destroy(); } + debugger; this.compose_message_widget = new mail.ComposeMessage(this, { - 'extended_mode': false, 'uid': this.session.uid, 'res_model': 'res.users', - 'res_id': this.session.uid, 'mode': mode || 'comment', 'msg_id': msg_id }); + 'extended_mode': false, 'uid': this.session.uid, 'res_model': this.params.res_model, + 'res_id': this.params.res_id, 'mode': mode || 'comment', 'msg_id': msg_id }); var composition_node = this.$element.find('div.oe_mail_wall_action'); composition_node.empty(); var compose_done = this.compose_message_widget.appendTo(composition_node); diff --git a/addons/mail/static/src/xml/mail.xml b/addons/mail/static/src/xml/mail.xml index 86d115f29c8..6959a179194 100644 --- a/addons/mail/static/src/xml/mail.xml +++ b/addons/mail/static/src/xml/mail.xml @@ -16,7 +16,10 @@

- All Feeds + + News Feeds + +