from openerp.exceptions import AccessError
from openerp.osv import fields,osv
from openerp import SUPERUSER_ID
+from openerp.osv.orm import except_orm
+from openerp.tools.translate import _
_logger = logging.getLogger(__name__)
more complex ones apply there.
"""
res_ids = {}
+ require_employee = False
if ids:
if isinstance(ids, (int, long)):
ids = [ids]
cr.execute('SELECT DISTINCT res_model, res_id FROM ir_attachment WHERE id = ANY (%s)', (ids,))
for rmod, rid in cr.fetchall():
if not (rmod and rid):
+ require_employee = True
continue
res_ids.setdefault(rmod,set()).add(rid)
if values:
# ignore attachments that are not attached to a resource anymore when checking access rights
# (resource was deleted but attachment was not)
if not self.pool.get(model):
+ require_employee = True
continue
- mids = self.pool[model].exists(cr, uid, mids)
+ existing_ids = self.pool[model].exists(cr, uid, mids)
+ if len(existing_ids) != len(mids):
+ require_employee = True
ima.check(cr, uid, model, mode)
- self.pool[model].check_access_rule(cr, uid, mids, mode, context=context)
+ self.pool[model].check_access_rule(cr, uid, existing_ids, mode, context=context)
+ if require_employee:
+ if not self.pool['res.users'].has_group(cr, uid, 'base.group_user'):
+ raise except_orm(_('Access Denied'), _("Sorry, you are not allowed to access this document."))
def _search(self, cr, uid, args, offset=0, limit=None, order=None, context=None, count=False, access_rights_uid=None):
ids = super(ir_attachment, self)._search(cr, uid, args, offset=offset,