diff --git a/addons/mail/mail_thread.py b/addons/mail/mail_thread.py
index 9a8adee31c3..eea95a6c5ed 100644
--- a/addons/mail/mail_thread.py
+++ b/addons/mail/mail_thread.py
@@ -348,11 +348,7 @@ class mail_thread(osv.AbstractModel):
message_follower_ids = values.get('message_follower_ids') or [] # webclient can send None or False
message_follower_ids.append([4, pid])
values['message_follower_ids'] = message_follower_ids
- # add operation to ignore access rule checking for subscription
- context_operation = dict(context, operation='create')
- else:
- context_operation = context
- thread_id = super(mail_thread, self).create(cr, uid, values, context=context_operation)
+ thread_id = super(mail_thread, self).create(cr, uid, values, context=context)
# automatic logging unless asked not to (mainly for various testing purpose)
if not context.get('mail_create_nolog'):
@@ -1558,12 +1554,11 @@ class mail_thread(osv.AbstractModel):
user_pid = self.pool.get('res.users').browse(cr, uid, uid, context=context).partner_id.id
if set(partner_ids) == set([user_pid]):
- if context.get('operation', '') != 'create':
- try:
- self.check_access_rights(cr, uid, 'read')
- self.check_access_rule(cr, uid, ids, 'read')
- except (osv.except_osv, orm.except_orm):
- return False
+ try:
+ self.check_access_rights(cr, uid, 'read')
+ self.check_access_rule(cr, uid, ids, 'read')
+ except (osv.except_osv, orm.except_orm):
+ return False
else:
self.check_access_rights(cr, uid, 'write')
self.check_access_rule(cr, uid, ids, 'write')
diff --git a/addons/note/note.py b/addons/note/note.py
index 00c67c37191..7f03f43b36a 100644
--- a/addons/note/note.py
+++ b/addons/note/note.py
@@ -72,12 +72,6 @@ class note_note(osv.osv):
def onclick_note_not_done(self, cr, uid, ids, context=None):
return self.write(cr, uid, ids, {'open': True}, context=context)
- #used for undisplay the follower if it's the current user
- def _get_my_current_partner(self, cr, uid, ids, name, args, context=None):
- user = self.pool.get('res.users').browse(cr, uid, uid, context=context)
- pid = user.partner_id and user.partner_id.id or False
- return dict.fromkeys(ids, pid)
-
#return the default stage for the uid user
def _get_default_stage_id(self,cr,uid,context=None):
ids = self.pool.get('note.stage').search(cr,uid,[('user_id','=',uid)], context=context)
@@ -101,6 +95,7 @@ class note_note(osv.osv):
'name': fields.function(_get_note_first_line,
string='Note Summary',
type='text', store=True),
+ 'user_id': fields.many2one('res.users', 'Owner'),
'memo': fields.html('Note Content'),
'sequence': fields.integer('Sequence'),
'stage_id': fields.function(_get_stage_per_user,
@@ -113,9 +108,9 @@ class note_note(osv.osv):
'date_done': fields.date('Date done'),
'color': fields.integer('Color Index'),
'tag_ids' : fields.many2many('note.tag','note_tags_rel','note_id','tag_id','Tags'),
- 'current_partner_id' : fields.function(_get_my_current_partner, type="many2one", relation='res.partner', string="Owner"),
}
_defaults = {
+ 'user_id': lambda self, cr, uid, ctx=None: uid,
'open' : 1,
'stage_id' : _get_default_stage_id,
}
diff --git a/addons/note/note_view.xml b/addons/note/note_view.xml
index f3b9e4669c7..35d4ce316fc 100644
--- a/addons/note/note_view.xml
+++ b/addons/note/note_view.xml
@@ -49,7 +49,6 @@
-
@@ -82,7 +81,7 @@
-
+
diff --git a/addons/note/security/ir.rule.xml b/addons/note/security/ir.rule.xml
index 2c6e9f3bc7f..2b9645cc9d4 100644
--- a/addons/note/security/ir.rule.xml
+++ b/addons/note/security/ir.rule.xml
@@ -1,23 +1,30 @@
-
- Only followers can access a sticky notes
-
- [('message_follower_ids','=',user.partner_id.id)]
-
-
-
-
-
-
+
+ Only followers can access a sticky notes
+
+ ['|', ('user_id', '=', user.id), ('message_follower_ids', '=', user.partner_id.id)]
+
+
+
+
+
+
+ note: create / unlink: responsible
+
+ [('user_id', '=', user.id)]
+
+
+
+
+
+
+ Each user have his stage name
+
+ ['|',('user_id','=',False),('user_id','=',user.id)]
+
+
-
- Each user have his stage name
-
- ['|',('user_id','=',False),('user_id','=',user.id)]
-
-
-