Odoo Addons (MOVED TO GITHUB)

Merge lp:~openerp-dev/openobject-addons/7.0-subscribe-user-mail-before-mat into lp:openobject-addons/7.0

  1. 7.0-subscribe-user-mail-before-mat
  2. Merge into 7.0
Proposed by Martin Trigaux (OpenERP)
Status: Merged
Merged at revision: 9812
Proposed branch: lp:~openerp-dev/openobject-addons/7.0-subscribe-user-mail-before-mat
Merge into: lp:openobject-addons/7.0
Diff against target: 66 lines (+20/-9)
1 file modified
mail/mail_thread.py (+20/-9)
To merge this branch: bzr merge lp:~openerp-dev/openobject-addons/7.0-subscribe-user-mail-before-mat
Reviewer Review Type Date Requested Status
OpenERP Core Team Pending
Review via email: mp+205122@code.launchpad.net

Description of the change

mail: backport of saas-2 revision 9065 and 9081 and security improvements.

This allows to have a value for the _set_followers call and be able to have record rules based on followers (eg: note.note).

Set the priority of message_follower_ids fields to -10 to be sure it will be executed before other function fields using these followers (eg: _set_stage_per_user from note.note does a browse which would trigger record rules to read the note)

Context hack to avoid checking read access at creation of the record (check creation access instead)

To post a comment you must log in.
Revision history for this message
Martin Trigaux (OpenERP) (mat-openerp) wrote :

Merged in 7.0

revno: 9812 [merge]
revision-id: <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'mail/mail_thread.py'
2--- mail/mail_thread.py 2014-01-22 12:52:31 +0000
3+++ mail/mail_thread.py 2014-02-06 12:01:48 +0000
4@@ -188,10 +188,9 @@
5 new = set(command[2])
6
7 # remove partners that are no longer followers
8- self.message_unsubscribe(cr, uid, [id], list(old-new))
9-
10+ self.message_unsubscribe(cr, uid, [id], list(old-new), context=context)
11 # add new followers
12- self.message_subscribe(cr, uid, [id], list(new-old))
13+ self.message_subscribe(cr, uid, [id], list(new-old), context=context)
14
15 def _search_followers(self, cr, uid, obj, name, args, context):
16 fol_obj = self.pool.get('mail.followers')
17@@ -238,16 +237,22 @@
18 if context is None:
19 context = {}
20
21- thread_id = super(mail_thread, self).create(cr, uid, values, context=context)
22+ # subscribe uid unless asked not to
23+ if not context.get('mail_create_nosubscribe'):
24+ pid = self.pool['res.users'].browse(cr, SUPERUSER_ID, uid).partner_id.id
25+ message_follower_ids = values.get('message_follower_ids') or [] # webclient can send None or False
26+ message_follower_ids.append([4, pid])
27+ values['message_follower_ids'] = message_follower_ids
28+ # add operation to ignore access rule checking for subscription
29+ context_operation = dict(context, operation='create')
30+ else:
31+ context_operation = context
32+ thread_id = super(mail_thread, self).create(cr, uid, values, context=context_operation)
33
34 # automatic logging unless asked not to (mainly for various testing purpose)
35 if not context.get('mail_create_nolog'):
36 self.message_post(cr, uid, thread_id, body=_('%s created') % (self._description), context=context)
37
38- # subscribe uid unless asked not to
39- if not context.get('mail_create_nosubscribe'):
40- self.message_subscribe_users(cr, uid, [thread_id], [uid], context=context)
41-
42 # auto_subscribe: take values and defaults into account
43 create_values = dict(values)
44 for key, val in context.iteritems():
45@@ -1188,6 +1193,9 @@
46
47 def message_subscribe(self, cr, uid, ids, partner_ids, subtype_ids=None, context=None):
48 """ Add partners to the records followers. """
49+ if context is None:
50+ context = {}
51+
52 mail_followers_obj = self.pool.get('mail.followers')
53 subtype_obj = self.pool.get('mail.message.subtype')
54
55@@ -1195,7 +1203,10 @@
56 if set(partner_ids) == set([user_pid]):
57 try:
58 self.check_access_rights(cr, uid, 'read')
59- self.check_access_rule(cr, uid, ids, 'read')
60+ if context.get('operation', '') == 'create':
61+ self.check_access_rule(cr, uid, ids, 'create')
62+ else:
63+ self.check_access_rule(cr, uid, ids, 'read')
64 except (osv.except_osv, orm.except_orm):
65 return False
66 else: