[FIX] mail: check create access only for acess rights, not access rules (too permissive)

bzr revid: mat@openerp.com-20130821153918-pdtf4mhcdycfdf3p
2013-08-21 17:39:18 +02:00 · 2013-08-21 17:39:18 +02:00 · b03203fd3a
parent 11d50f0afc
commit b03203fd3a
1 changed files with 1 additions and 4 deletions
--- a/addons/mail/mail_message.py
+++ b/addons/mail/mail_message.py
@ -724,10 +724,7 @@ class mail_message(osv.Model):
            if operation in ['create', 'write', 'unlink']:
                if not model_obj.check_access_rights(cr, uid, 'write', raise_exception=False):
                    model_obj.check_access_rights(cr, uid, 'create')
-                try:
-                    model_obj.check_access_rule(cr, uid, mids, 'write', context=context)
-                except orm.except_orm, e:
-                    model_obj.check_access_rule(cr, uid, mids, 'create', context=context)
+                model_obj.check_access_rule(cr, uid, mids, 'write', context=context)
            else:
                model_obj.check_access_rights(cr, uid, operation)
                model_obj.check_access_rule(cr, uid, mids, operation, context=context)