This could lead to security issues, because shared users could
have more access rights than the user sharing the data.
The mechanism was working to copy them, but unfortunately not
working.
bzr revid: odo@openerp.com-20110505170756-ihkkzxy0485t43bd
Previously they were assigned the generic menu as home action
but that is not very relevant because it does not contain their
shortcuts most of the time, and also this breaks the web client
in v6.0 as it does not support the Menu as home action.
bzr revid: odo@openerp.com-20110505170720-k0p7pjfkyadzc4pg
We must not use a normal domain for the shared action,
because it may be constructed with records the user may
not see (e.g. sharing tasks from a certain project does
not give right to see the project itself.)
Evaluating the domain of an action requires rights that
the user will not have. Moreover, this is useless because
ir.rules are created with each share access to filter
appropriately the records, and they are evaluated as
root user without risk of failed access right.
bzr revid: odo@openerp.com-20110505170623-62zlf9mchq5zvqw2
An empty share filter should be translated as a dummy ir.rule
to make sure it is properly combined with other rules after
multiple shared access are granted to the same user.
bzr revid: odo@openerp.com-20110505170525-obqif2mxnsod5mvo
New features: can share to groups if user has "Share / User (Extended)"
group. Warning message if user does not have email and cannot share by
email. Names of sharing groups are now hidden in ORM access denied messages.
Better error reporting.
UI: more user-friendly labels, titles. More visibible button in web client.
Bugfixes: better handling of sharing objects with _inherits, can combine
ir.rules if already exist for same (object,group). Button is now hidden
in web client if user is not in "Share/User" group.
bzr revid: odo@openerp.com-20110408133608-vmdrzfeo0dz28wer
* intersect with read access rights of user running the wizard, to avoid adding more access than current
* copy all rules from groups of the user that is sharing in the many2many of the rules on the new group
bzr revid: hmo@tinyerp.com-20100610191601-ybrv7xk9vb5ixonc
The goal is to implement a generic sharing mechanism, where user of OpenERP
can share data from OpenERP to their colleagues, customers, or friends.
The system will work by creating new users and groups on the fly, and by
combining the appropriate access rights and ir.rules to ensure that the /shared
users/ will only have access to the correct data.
bzr revid: hmo@tinyerp.com-20100608114049-5q4q4trmbkizppxt