From a67631c9346cc29228f0fdda7d352de1db04ffea Mon Sep 17 00:00:00 2001
From: "Richard Mathot (OpenERP)" <rim@openerp.com>
Date: Tue, 31 Dec 2013 15:47:35 +0100
Subject: [PATCH] [IMP] Security rules for user inputs

bzr revid: rim@openerp.com-20131231144735-5v7dm5ya9ovmy8nu
---
 addons/survey/security/survey_security.xml | 33 ++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/addons/survey/security/survey_security.xml b/addons/survey/security/survey_security.xml
index 346e8bfc650..6acc997bc33 100644
--- a/addons/survey/security/survey_security.xml
+++ b/addons/survey/security/survey_security.xml
@@ -47,5 +47,38 @@
             <field eval="1" name="perm_create"/>
         </record>
 
+        <record id="survey_public_access" model="ir.rule">
+            <field name="name">Public access to user_input</field>
+            <field name="model_id" ref="survey.model_survey_user_input"/>
+            <field name="domain_force">[('create_uid', '=', 'uid')]</field>
+            <field name="groups" eval="[(4, ref('base.group_public'))]"/>
+            <field eval="0" name="perm_unlink"/>
+            <field eval="1" name="perm_write"/>
+            <field eval="1" name="perm_read"/>
+            <field eval="1" name="perm_create"/>
+        </record>
+
+        <record id="survey_rule" model="ir.rule">
+            <field name="name">Access to user_input for regular users</field>
+            <field name="model_id" ref="survey.model_survey_user_input"/>
+            <field name="domain_force">[('create_uid', '=', 'uid')]</field>
+            <field name="groups" eval="[(4, ref('base.group_survey_user'))]"/>
+            <field eval="0" name="perm_unlink"/>
+            <field eval="1" name="perm_write"/>
+            <field eval="1" name="perm_read"/>
+            <field eval="1" name="perm_create"/>
+        </record>
+
+        <record id="survey_rule_manager" model="ir.rule">
+            <field name="name">Survey Manager access rights</field>
+            <field name="model_id" ref="survey.model_survey_user_input"/>
+            <field name="domain_force">[(1, '=', 1)]</field>
+            <field name="groups" eval="[(4, ref('base.group_survey_manager'))]"/>
+            <field eval="1" name="perm_unlink"/>
+            <field eval="1" name="perm_write"/>
+            <field eval="1" name="perm_read"/>
+            <field eval="1" name="perm_create"/>
+        </record>
+
     </data>
 </openerp>