[IMP] mail: refactored check_mail_message_access

bzr revid: tde@openerp.com-20130723144507-bwwegheqofs7x1ox

addons/hr/hr.py

@@ -156,6 +156,8 @@ class hr_employee(osv.osv):
     _inherits = {'resource.resource': "resource_id"}
     _inherit = ['mail.thread']
 
+    _mail_post_access = 'read'
+
     def _get_image(self, cr, uid, ids, name, args, context=None):
         result = dict.fromkeys(ids, False)
         for obj in self.browse(cr, uid, ids, context=context):
@@ -324,22 +326,6 @@ class hr_employee(osv.osv):
         (_check_recursion, 'Error! You cannot create recursive hierarchy of Employee(s).', ['parent_id']),
     ]
 
-    # ---------------------------------------------------
-    # Mail gateway
-    # ---------------------------------------------------
-
-    def check_mail_message_access(self, cr, uid, mids, operation, model_obj=None, context=None):
-        """ mail.message document permission rule: can post a new message if can read
-            because of portal document. """
-        if not model_obj:
-            model_obj = self
-        employee_ids = model_obj.search(cr, uid, [('user_id', '=', uid)], context=context)
-        if employee_ids and operation == 'create':
-            model_obj.check_access_rights(cr, uid, 'read')
-            model_obj.check_access_rule(cr, uid, mids, 'read', context=context)
-        else:
-            return super(hr_employee, self).check_mail_message_access(cr, uid, mids, operation, model_obj=model_obj, context=context)
-
 
 class hr_department(osv.osv):
     _description = "Department"

addons/mail/mail_thread.py

@@ -70,6 +70,7 @@ class mail_thread(osv.AbstractModel):
     _name = 'mail.thread'
     _description = 'Email Thread'
     _mail_flat_thread = True
+    _mail_post_access = 'write'
 
     # Automatic logging system if mail installed
     # _track = {
@@ -509,12 +510,22 @@ class mail_thread(osv.AbstractModel):
             access rule on the document, for portal document such as issues. """
         if not model_obj:
             model_obj = self
-        if operation in ['create', 'write', 'unlink']:
-            model_obj.check_access_rights(cr, uid, 'write')
-            model_obj.check_access_rule(cr, uid, mids, 'write', context=context)
+        if hasattr(self, '_mail_post_access'):
+            create_allow = self._mail_post_access
         else:
-            model_obj.check_access_rights(cr, uid, operation)
-            model_obj.check_access_rule(cr, uid, mids, operation, context=context)
+            create_allow = 'write'
+
+        if operation in ['write', 'unlink']:
+            check_operation = 'write'
+        elif operation == 'create' and create_allow in ['create', 'read', 'write', 'unlink']:
+            check_operation = create_allow
+        elif operation == 'create':
+            check_operation = 'write'
+        else:
+            check_operation = operation
+
+        model_obj.check_access_rights(cr, uid, check_operation)
+        model_obj.check_access_rule(cr, uid, mids, check_operation, context=context)
 
     def _get_formview_action(self, cr, uid, id, model=None, context=None):
         """ Return an action to open the document. This method is meant to be

addons/project/project.py

@@ -545,6 +545,7 @@ class task(osv.osv):
     _date_name = "date_start"
     _inherit = ['mail.thread', 'ir.needaction_mixin']
 
+    _mail_post_access = 'read'
     _track = {
         'stage_id': {
             'project.mt_task_new': lambda self, cr, uid, obj, ctx=None: obj.stage_id and obj.stage_id.sequence == 1,
@@ -1106,17 +1107,6 @@ class task(osv.osv):
         return [task.project_id.message_get_reply_to()[0] if task.project_id else False
                     for task in self.browse(cr, uid, ids, context=context)]
 
-    def check_mail_message_access(self, cr, uid, mids, operation, model_obj=None, context=None):
-        """ mail.message document permission rule: can post a new message if can read
-            because of portal document. """
-        if not model_obj:
-            model_obj = self
-        if operation == 'create':
-            model_obj.check_access_rights(cr, uid, 'read')
-            model_obj.check_access_rule(cr, uid, mids, 'read', context=context)
-        else:
-            return super(task, self).check_mail_message_access(cr, uid, mids, operation, model_obj=model_obj, context=context)
-
     def message_new(self, cr, uid, msg, custom_values=None, context=None):
         """ Override to updates the document according to the email. """
         if custom_values is None: custom_values = {}

addons/project_issue/project_issue.py

@@ -45,6 +45,7 @@ class project_issue(osv.Model):
     _order = "priority, create_date desc"
     _inherit = ['mail.thread', 'ir.needaction_mixin']
 
+    _mail_post_access = 'read'
     _track = {
         'stage_id': {
             'project_issue.mt_issue_new': lambda self, cr, uid, obj, ctx=None: obj.stage_id and obj.stage_id.sequence == 1,
@@ -477,17 +478,6 @@ class project_issue(osv.Model):
         return [issue.project_id.message_get_reply_to()[0] if issue.project_id else False
                     for issue in self.browse(cr, uid, ids, context=context)]
 
-    def check_mail_message_access(self, cr, uid, mids, operation, model_obj=None, context=None):
-        """ mail.message document permission rule: can post a new message if can read
-            because of portal document. """
-        if not model_obj:
-            model_obj = self
-        if operation == 'create':
-            model_obj.check_access_rights(cr, uid, 'read')
-            model_obj.check_access_rule(cr, uid, mids, 'read', context=context)
-        else:
-            return super(project_issue, self).check_mail_message_access(cr, uid, mids, operation, model_obj=model_obj, context=context)
-
     def message_get_suggested_recipients(self, cr, uid, ids, context=None):
         recipients = super(project_issue, self).message_get_suggested_recipients(cr, uid, ids, context=context)
         try: