Code review comment for lp:~camptocamp/openerp-product-attributes/7.0-fix-field-acl-lep

Seems very dangerous to me.

You shouldn't never trust all sale managers. Any sale manager could break the database.

Maybe we could add a boolean on ir model field to know if this is a custom attribute.
Then add a record rule to let CRUD access only on ir_model_fields that belongs to a custom attribute.

review: Needs Fixing (code review, no test)

« Back to merge proposal