[FIX] access rights handling on m2m widgets
m2m lists inherit (from listview/view) the handling of access rights attributes (e.g. @create, @delete) in which the access rights to the related model are those checked for the view. This is generally true, but *not* for m2ms: even if a user has no creation rights to the related model, he can still create a *relation* between the current and related models. The m2m access rights are really governed by the *current* (source) model, in which case the user won't get to see an "editable" view of the m2m in the first place. So just override is_action_enabled to disable it in m2ms. bzr revid: xmo@openerp.com-20130305091956-zn6qtuo4tl0vh3bs
This commit is contained in:
parent
f12b4b2b9e
commit
b438ce5249
|
@ -4275,6 +4275,7 @@ instance.web.form.Many2ManyListView = instance.web.ListView.extend(/** @lends in
|
|||
});
|
||||
}
|
||||
},
|
||||
is_action_enabled: function () { return true; },
|
||||
});
|
||||
|
||||
instance.web.form.FieldMany2ManyKanban = instance.web.form.AbstractField.extend(instance.web.form.CompletionFieldMixin, {
|
||||
|
|
Loading…
Reference in New Issue