[FIX] access rights handling on m2m widgets

m2m lists inherit (from listview/view) the handling of access rights attributes (e.g. @create, @delete) in which the access rights to the related model are those checked for the view. This is generally true, but *not* for m2ms: even if a user has no creation rights to the related model, he can still create a *relation* between the current and related models. The m2m access rights are really governed by the *current* (source) model, in which case the user won't get to see an "editable" view of the m2m in the first place. So just override is_action_enabled to disable it in m2ms. bzr revid: xmo@openerp.com-20130305091956-zn6qtuo4tl0vh3bs
2013-03-05 10:19:56 +01:00 · 2013-03-05 10:19:56 +01:00 · b438ce5249
parent f12b4b2b9e
commit b438ce5249
1 changed files with 1 additions and 0 deletions
--- a/addons/web/static/src/js/view_form.js
+++ b/addons/web/static/src/js/view_form.js
@ -4275,6 +4275,7 @@ instance.web.form.Many2ManyListView = instance.web.ListView.extend(/** @lends in
            });
        }
     },
+    is_action_enabled: function () { return true; },
 });

 instance.web.form.FieldMany2ManyKanban = instance.web.form.AbstractField.extend(instance.web.form.CompletionFieldMixin, {