[FIX] website_mail: mail.message.check_access_rule: no check for super-user

author Olivier Dony <odo@openerp.com>

Fri, 8 Aug 2014 14:56:44 +0000 (16:56 +0200)

committer Olivier Dony <odo@openerp.com>

Fri, 8 Aug 2014 14:56:44 +0000 (16:56 +0200)
author Olivier Dony <odo@openerp.com>
Fri, 8 Aug 2014 14:56:44 +0000 (16:56 +0200)
committer Olivier Dony <odo@openerp.com>
Fri, 8 Aug 2014 14:56:44 +0000 (16:56 +0200)
diff --git a/addons/website_mail/models/mail_message.py b/addons/website_mail/models/mail_message.py

index 4206872..2f31daa 100644 (file)
--- a/addons/website_mail/models/mail_message.py
+++ b/addons/website_mail/models/mail_message.py
@@ -77,13 +77,13 @@ class MailMessage(osv.Model):
              - read:
                  - raise if the type is comment and subtype NULL (internal note)
          """
-        group_ids = self.pool.get('res.users').browse(cr, uid, uid, context=context).groups_id
-        group_user_id = self.pool.get("ir.model.data").get_object_reference(cr, uid, 'base', 'group_public')[1]
-        if group_user_id in [group.id for group in group_ids]:
-            cr.execute('SELECT id FROM "%s" WHERE website_published IS FALSE AND id = ANY (%%s)' % (self._table), (ids,))
-            if cr.fetchall():
-                raise osv.except_osv(
-                    _('Access Denied'),
-                    _('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % (self._description, operation))
-
+        if uid != SUPERUSER_ID:
+            group_ids = self.pool.get('res.users').browse(cr, uid, uid, context=context).groups_id
+            group_user_id = self.pool.get("ir.model.data").get_object_reference(cr, uid, 'base', 'group_public')[1]
+            if group_user_id in [group.id for group in group_ids]:
+                cr.execute('SELECT id FROM "%s" WHERE website_published IS FALSE AND id = ANY (%%s)' % (self._table), (ids,))
+                if cr.fetchall():
+                    raise osv.except_osv(
+                        _('Access Denied'),
+                        _('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % (self._description, operation))
          return super(MailMessage, self).check_access_rule(cr, uid, ids=ids, operation=operation, context=context)
author	Olivier Dony <odo@openerp.com>
	Fri, 8 Aug 2014 14:56:44 +0000 (16:56 +0200)
committer	Olivier Dony <odo@openerp.com>
	Fri, 8 Aug 2014 14:56:44 +0000 (16:56 +0200)