1 # -*- coding: utf-8 -*-
2 ##############################################################################
4 # OpenERP, Open Source Management Solution
5 # Copyright (C) 2013-Today OpenERP SA (<http://www.openerp.com>).
7 # This program is free software: you can redistribute it and/or modify
8 # it under the terms of the GNU Affero General Public License as
9 # published by the Free Software Foundation, either version 3 of the
10 # License, or (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU Affero General Public License for more details.
17 # You should have received a copy of the GNU Affero General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
20 ##############################################################################
22 from openerp.tools.translate import _
23 from openerp.osv import osv, fields
26 class MailMessage(osv.Model):
27 _inherit = 'mail.message'
30 'website_published': fields.boolean(
31 'Publish', help="Publish on the website as a blog"
36 'website_published': True,
39 def _search(self, cr, uid, args, offset=0, limit=None, order=None,
40 context=None, count=False, access_rights_uid=None):
41 """ Override that adds specific access rights of mail.message, to restrict
42 messages to published messages for public users. """
43 group_ids = self.pool.get('res.users').browse(cr, uid, uid, context=context).groups_id
44 group_user_id = self.pool.get("ir.model.data").get_object_reference(cr, uid, 'base', 'group_public')[1]
45 if group_user_id in [group.id for group in group_ids]:
46 args = ['&', ('website_published', '=', True)] + list(args)
48 return super(MailMessage, self)._search(cr, uid, args, offset=offset, limit=limit, order=order,
49 context=context, count=False, access_rights_uid=access_rights_uid)
51 def check_access_rule(self, cr, uid, ids, operation, context=None):
52 """ Add Access rules of mail.message for non-employee user:
54 - raise if the type is comment and subtype NULL (internal note)
56 group_ids = self.pool.get('res.users').browse(cr, uid, uid, context=context).groups_id
57 group_user_id = self.pool.get("ir.model.data").get_object_reference(cr, uid, 'base', 'group_public')[1]
58 if group_user_id in [group.id for group in group_ids]:
59 cr.execute('SELECT DISTINCT id FROM "%s" WHERE website_published IS FALSE AND id = ANY (%%s)' % (self._table), (ids,))
63 _('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % (self._description, operation))
65 return super(MailMessage, self).check_access_rule(cr, uid, ids=ids, operation=operation, context=context)