[FIX] portal_sale: remove un-necessary access rights, improve rules
Portal access rights need to be associated with security rules, or not granted at all, as soon as they grant access to non-trivial data.
This commit is contained in:
parent
bceb278199
commit
d03ae8980a
|
@ -7,15 +7,7 @@ access_account_invoice_line,account.invoice.line,account.model_account_invoice_l
|
|||
access_account_journal,account.journal,account.model_account_journal,portal.group_portal,1,0,0,0
|
||||
access_account_voucher,account.voucher,account_voucher.model_account_voucher,portal.group_portal,1,0,0,0
|
||||
access_account_voucher_line,account.voucher.line,account_voucher.model_account_voucher_line,portal.group_portal,1,0,0,0
|
||||
access_account_move,account.move,account.model_account_move,portal.group_portal,1,0,0,0
|
||||
access_account_move_line,account.move.line,account.model_account_move_line,portal.group_portal,1,0,0,0
|
||||
access_account_move_reconcile,account.move.reconcile,account.model_account_move_reconcile,portal.group_portal,1,0,0,0
|
||||
access_account_fiscalyear,account.sequence.fiscalyear,account.model_account_sequence_fiscalyear,portal.group_portal,1,0,0,0
|
||||
access_sale_shop,sale.shop,sale.model_sale_shop,portal.group_portal,1,0,0,0
|
||||
access_product_list,product.pricelist,product.model_product_pricelist,portal.group_portal,1,0,0,0
|
||||
access_res_partner,res.partner,base.model_res_partner,portal.group_portal,1,0,0,0
|
||||
access_account_tax,account.tax,account.model_account_tax,portal.group_portal,1,0,0,0
|
||||
access_account_fiscalyear,account.fiscalyear,account.model_account_fiscalyear,portal.group_portal,1,0,0,0
|
||||
access_res_partner_category,res.partner.category,base.model_res_partner_category,portal.group_portal,1,0,0,0
|
||||
access_account_period,account.period,account.model_account_period,portal.group_portal,1,0,0,0
|
||||
access_account_account,account.account,account.model_account_account,portal.group_portal,1,0,0,0
|
||||
|
|
|
|
@ -18,7 +18,7 @@ their documents through the portal.</field>
|
|||
<record id="portal_sale_order_user_rule" model="ir.rule">
|
||||
<field name="name">Portal Personal Quotations/Sales Orders</field>
|
||||
<field name="model_id" ref="sale.model_sale_order"/>
|
||||
<field name="domain_force">[('message_follower_ids','in',[user.partner_id.id])]</field>
|
||||
<field name="domain_force">[('message_follower_ids','child_of',[user.partner_id.id])]</field>
|
||||
<field name="groups" eval="[(4, ref('portal.group_portal'))]"/>
|
||||
<field eval="1" name="perm_unlink"/>
|
||||
<field eval="1" name="perm_write"/>
|
||||
|
@ -26,10 +26,25 @@ their documents through the portal.</field>
|
|||
<field eval="0" name="perm_create"/>
|
||||
</record>
|
||||
|
||||
<record id="portal_sale_order_line_rule" model="ir.rule">
|
||||
<field name="name">Portal Sales Orders Line</field>
|
||||
<field name="model_id" ref="sale.model_sale_order_line"/>
|
||||
<field name="domain_force">[('order_id.message_follower_ids','child_of',[user.partner_id.id])]</field>
|
||||
<field name="groups" eval="[(4, ref('portal.group_portal'))]"/>
|
||||
</record>
|
||||
|
||||
|
||||
<record id="portal_account_invoice_user_rule" model="ir.rule">
|
||||
<field name="name">Portal Personal Account Invoices</field>
|
||||
<field name="model_id" ref="account.model_account_invoice"/>
|
||||
<field name="domain_force">[('message_follower_ids','in',[user.partner_id.id])]</field>
|
||||
<field name="domain_force">[('message_follower_ids','child_of',[user.partner_id.id])]</field>
|
||||
<field name="groups" eval="[(4, ref('portal.group_portal'))]"/>
|
||||
</record>
|
||||
|
||||
<record id="portal_account_invoice_line_rule" model="ir.rule">
|
||||
<field name="name">Portal Invoice Lines</field>
|
||||
<field name="model_id" ref="account.model_account_invoice_line"/>
|
||||
<field name="domain_force">[('invoice_id.message_follower_ids','child_of',[user.partner_id.id])]</field>
|
||||
<field name="groups" eval="[(4, ref('portal.group_portal'))]"/>
|
||||
</record>
|
||||
|
||||
|
|
Loading…
Reference in New Issue