[IMP] make attachment data available under public by default

Assuming access rights are correctly configured, this allows providing
downloads for any attachment type, not just to display images via
/website/image.

TODO: unify attachment querying, we've got stuff over both web/ and website/

diff --git a/addons/web/controllers/main.py b/addons/web/controllers/main.py
index 5b2c7a5..98f6507 100644 (file)
--- a/addons/web/controllers/main.py
+++ b/addons/web/controllers/main.py
@@ -1114,7 +1114,7 @@ class TreeView(View):
 
 class Binary(http.Controller):
 
-    @http.route('/web/binary/image', type='http', auth="user")
+    @http.route('/web/binary/image', type='http', auth="public")
     def image(self, model, id, field, **kw):
         last_update = '__last_update'
         Model = request.session.model(model)
@@ -1169,7 +1169,7 @@ class Binary(http.Controller):
         addons_path = http.addons_manifest['web']['addons_path']
         return open(os.path.join(addons_path, 'web', 'static', 'src', 'img', image), 'rb').read()
 
-    @http.route('/web/binary/saveas', type='http', auth="user")
+    @http.route('/web/binary/saveas', type='http', auth="public")
     @serialize_exception
     def saveas(self, model, field, id=None, filename_field=None, **kw):
         """ Download link for files stored as binary fields.
@@ -1203,7 +1203,7 @@ class Binary(http.Controller):
                 [('Content-Type', 'application/octet-stream'),
                  ('Content-Disposition', content_disposition(filename))])
 
-    @http.route('/web/binary/saveas_ajax', type='http', auth="user")
+    @http.route('/web/binary/saveas_ajax', type='http', auth="public")
     @serialize_exception
     def saveas_ajax(self, data, token):
         jdata = simplejson.loads(data)