From ccf6cf921ec86013ef81d6242d93fe2a5dfd8662 Mon Sep 17 00:00:00 2001
From: Martin Trigaux <mat@openerp.com>
Date: Wed, 27 Mar 2013 17:51:26 +0100
Subject: [PATCH] [ADD] overwrite check permission method to poston an employee
 profile

bzr revid: mat@openerp.com-20130327165126-dtoejma9h71m2zpx
---
 addons/hr/__init__.py       |  1 +
 addons/hr/mail_message.py   | 40 +++++++++++++++++++++++++++++++++++++
 addons/mail/mail_message.py | 19 ++++++++++++------
 3 files changed, 54 insertions(+), 6 deletions(-)
 create mode 100644 addons/hr/mail_message.py

diff --git a/addons/hr/__init__.py b/addons/hr/__init__.py
index 02ac7f16fd9..44f6ba69f41 100644
--- a/addons/hr/__init__.py
+++ b/addons/hr/__init__.py
@@ -23,5 +23,6 @@ import hr_department
 import hr
 
 import res_config
+import mail_message
 
 # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
diff --git a/addons/hr/mail_message.py b/addons/hr/mail_message.py
new file mode 100644
index 00000000000..02f6758189b
--- /dev/null
+++ b/addons/hr/mail_message.py
@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+#    OpenERP, Open Source Management Solution
+#    Copyright (C) 2010-Today OpenERP SA (<http://www.openerp.com>)
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>
+#
+##############################################################################
+
+from openerp.osv import osv
+
+
+class mail_message(osv.Model):
+    """ Messages model: system notification (replacing res.log notifications),
+        comments (OpenChatter discussion) and incoming emails. """
+    _name = 'mail.message'
+    _inherit = 'mail.message'
+
+    def check_related_document(self, cr, uid, model_obj, mids, operation, context=None):
+        """If the user posting the message to an employee  is an employee, only
+        the read access are checked"""
+
+        employee_ids = model_obj.search(cr, uid, [('user_id', '=', uid)], context=context)
+        if len(employee_ids) > 0:
+            model_obj.check_access_rights(cr, uid, 'read')
+            model_obj.check_access_rule(cr, uid, mids, 'read', context=context)
+        else:
+            super(mail_message, self).check_related_document(cr, uid, uid, model_obj, mids, operation, context)
diff --git a/addons/mail/mail_message.py b/addons/mail/mail_message.py
index 8442891f3f9..0af4f6d26ce 100644
--- a/addons/mail/mail_message.py
+++ b/addons/mail/mail_message.py
@@ -710,15 +710,12 @@ class mail_message(osv.Model):
         other_ids = other_ids.difference(set(notified_ids))
         model_record_ids = _generate_model_record_ids(message_values, other_ids)
         document_related_ids = []
+        
         for model, doc_dict in model_record_ids.items():
             model_obj = self.pool.get(model)
             mids = model_obj.exists(cr, uid, doc_dict.keys())
-            if operation in ['create', 'write', 'unlink']:
-                model_obj.check_access_rights(cr, uid, 'write')
-                model_obj.check_access_rule(cr, uid, mids, 'write', context=context)
-            else:
-                model_obj.check_access_rights(cr, uid, operation)
-                model_obj.check_access_rule(cr, uid, mids, operation, context=context)
+            self.check_related_document(cr, uid, model_obj, mids, operation, context)
+
             document_related_ids += [mid for mid, message in message_values.iteritems()
                 if message.get('model') == model and message.get('res_id') in mids]
 
@@ -730,6 +727,16 @@ class mail_message(osv.Model):
                             _('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % \
                             (self._description, operation))
 
+    def check_related_document(self, cr, uid, model_obj, mids, operation, context=None):
+        """Concrete check permission rules for related document"""
+        print(operation, mids, model_obj)
+        if operation in ['create', 'write', 'unlink']:
+            model_obj.check_access_rights(cr, uid, 'write')
+            model_obj.check_access_rule(cr, uid, mids, 'write', context=context)
+        else:
+            model_obj.check_access_rights(cr, uid, operation)
+            model_obj.check_access_rule(cr, uid, mids, operation, context=context)
+
     def create(self, cr, uid, values, context=None):
         if context is None:
             context = {}