From b03203fd3a99e2a2f61783ec98e696a9b44a383c Mon Sep 17 00:00:00 2001
From: Martin Trigaux <mat@openerp.com>
Date: Wed, 21 Aug 2013 17:39:18 +0200
Subject: [PATCH] [FIX] mail: check create access only for acess rights, not
 access rules (too permissive)

bzr revid: mat@openerp.com-20130821153918-pdtf4mhcdycfdf3p
---
 addons/mail/mail_message.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/addons/mail/mail_message.py b/addons/mail/mail_message.py
index 405f3c793c4..4280983f288 100644
--- a/addons/mail/mail_message.py
+++ b/addons/mail/mail_message.py
@@ -724,10 +724,7 @@ class mail_message(osv.Model):
             if operation in ['create', 'write', 'unlink']:
                 if not model_obj.check_access_rights(cr, uid, 'write', raise_exception=False):
                     model_obj.check_access_rights(cr, uid, 'create')
-                try:
-                    model_obj.check_access_rule(cr, uid, mids, 'write', context=context)
-                except orm.except_orm, e:
-                    model_obj.check_access_rule(cr, uid, mids, 'create', context=context)
+                model_obj.check_access_rule(cr, uid, mids, 'write', context=context)
             else:
                 model_obj.check_access_rights(cr, uid, operation)
                 model_obj.check_access_rule(cr, uid, mids, operation, context=context)