Code review comment for lp:~therp-nl/openerp-web/lp1179839
Revision history for this message
| Xavier (Open ERP) (xmo-deactivatedaccount) wrote | # |
review:
Disapprove
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
This will break the case for which this very check was added, quoting the commit message:
m2m lists inherit (from listview/view) the handling of access rights
attributes (e.g. @create, @delete) in which the access rights to the
related model are those checked for the view. This is generally true,
but *not* for m2ms: even if a user has no creation rights to the
related model, he can still create a *relation* between the current
and related models.
The m2m access rights are really governed by the *current* (source)
model, in which case the user won't get to see an "editable" view of
the m2m in the first place.
So just override is_action_enabled to disable it in m2ms.
tl;dr: access rights attributes of m2m are set based on rights to the object linked to, but this makes no sense because even if you can't create an object you can still create a link between current and (existing) linked.