Code review comment for lp:~therp-nl/openerp-web/lp1179839

If the user doesn't have write access to the model the m2m links to, the attributes will be present and false (because it's based solely on the rights to the model) even though the user will expect, be expected to and should be able to create or destroy *relations*.

Consider users and groups: even if a user doesn't have the right to *create* (or delete, or edit) groups, he may still be able to add or remove (existing) groups to and from users.