Merge lp:~therp-nl/openerp-web/lp1179839 into lp:openerp-web/7.0
Proposed by
Holger Brunn (Therp)
Status: | Approved |
---|---|
Approved by: | Xavier (Open ERP) |
Approved revision: | 3922 |
Proposed branch: | lp:~therp-nl/openerp-web/lp1179839 |
Merge into: | lp:openerp-web/7.0 |
Diff against target: |
18 lines (+7/-1) 1 file modified
addons/web/static/src/js/view_form.js (+7/-1) |
To merge this branch: | bzr merge lp:~therp-nl/openerp-web/lp1179839 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Xavier (Open ERP) (community) | Approve | ||
Holger Brunn (Therp) (community) | Needs Resubmitting | ||
Review via email: mp+163659@code.launchpad.net |
To post a comment you must log in.
Unmerged revisions
- 3922. By Holger Brunn (Therp)
-
[FIX] avoid misbehavior on lacking user rights on the object
needs lp:~therp-nl/openobject-server/lp1179839 - 3921. By Holger Brunn (Therp)
-
[FIX] don't overwrite is_action_enabled in Many2ManyListView
This will break the case for which this very check was added, quoting the commit message:
m2m lists inherit (from listview/view) the handling of access rights
attributes (e.g. @create, @delete) in which the access rights to the
related model are those checked for the view. This is generally true,
but *not* for m2ms: even if a user has no creation rights to the
related model, he can still create a *relation* between the current
and related models.
The m2m access rights are really governed by the *current* (source)
model, in which case the user won't get to see an "editable" view of
the m2m in the first place.
So just override is_action_enabled to disable it in m2ms.
tl;dr: access rights attributes of m2m are set based on rights to the object linked to, but this makes no sense because even if you can't create an object you can still create a link between current and (existing) linked.