From b438ce5249ac7d790aa315cd8516a26c7583d3bd Mon Sep 17 00:00:00 2001
From: Xavier Morel <xmo@openerp.com>
Date: Tue, 5 Mar 2013 10:19:56 +0100
Subject: [PATCH] [FIX] access rights handling on m2m widgets

m2m lists inherit (from listview/view) the handling of access rights
attributes (e.g. @create, @delete) in which the access rights to the
related model are those checked for the view. This is generally true,
but *not* for m2ms: even if a user has no creation rights to the
related model, he can still create a *relation* between the current
and related models.

The m2m access rights are really governed by the *current* (source)
model, in which case the user won't get to see an "editable" view of
the m2m in the first place.

So just override is_action_enabled to disable it in m2ms.

bzr revid: xmo@openerp.com-20130305091956-zn6qtuo4tl0vh3bs
---
 addons/web/static/src/js/view_form.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/addons/web/static/src/js/view_form.js b/addons/web/static/src/js/view_form.js
index 5985e53f7b7..93ffd0883fb 100644
--- a/addons/web/static/src/js/view_form.js
+++ b/addons/web/static/src/js/view_form.js
@@ -4275,6 +4275,7 @@ instance.web.form.Many2ManyListView = instance.web.ListView.extend(/** @lends in
             });
         }
      },
+    is_action_enabled: function () { return true; },
 });
 
 instance.web.form.FieldMany2ManyKanban = instance.web.form.AbstractField.extend(instance.web.form.CompletionFieldMixin, {