Code review comment for lp:~camptocamp/openerp-product-attributes/7.0-fix-field-acl-lep
Revision history for this message
| Yannick Vaucher @ Camptocamp (yvaucher-c2c) wrote | # |
review:
Needs Fixing
(code review, no test)
Seems very dangerous to me.
You shouldn't never trust all sale managers. Any sale manager could break the database.
Maybe we could add a boolean on ir model field to know if this is a custom attribute.
Then add a record rule to let CRUD access only on ir_model_fields that belongs to a custom attribute.