[MERGE] forward port of branch 7.0 up to eb9113c

diff --cc addons/account/account_move_line.py
Simple merge

diff --cc addons/account/wizard/account_fiscalyear_close_state.py
Simple merge

diff --cc addons/account_analytic_analysis/account_analytic_analysis.py
Simple merge

diff --cc addons/auth_oauth/__openerp__.py
index 76f1568,aa7ec5f..61c1c8c
--- 1/addons/auth_oauth/__openerp__.py
--- 2/addons/auth_oauth/__openerp__.py
+++ b/addons/auth_oauth/__openerp__.py
@@@ -37,9 -36,15 +37,10 @@@ Allow users to login through OAuth2 Pro
          'auth_oauth_data.xml',
          'auth_oauth_data.yml',
          'auth_oauth_view.xml',
 +        'security/ir.model.access.csv',
+         'res_config.xml',
 -        'security/ir.model.access.csv'
 +        'views/auth_oauth_login.xml',
      ],
 -    'js': ['static/src/js/auth_oauth.js'],
 -    'css': [
 -        'static/lib/zocial/css/zocial.css',
 -        'static/src/css/auth_oauth.css',
 -    ],
 -    'qweb': ['static/src/xml/auth_oauth.xml'],
      'installable': True,
      'auto_install': False,
  }

diff --cc addons/product/product.py
index 25368e8,7a36507..dd117e4
--- 1/addons/product/product.py
--- 2/addons/product/product.py
+++ b/addons/product/product.py
@@@ -739,15 -645,14 +739,19 @@@ class product_product(osv.osv)
              return (d['id'], name)
  
          partner_id = context.get('partner_id', False)
+         if partner_id:
+             partner_ids = [partner_id, self.pool['res.partner'].browse(cr, user, partner_id, context=context).commercial_partner_id.id]
+         else:
+             partner_ids = []
  
 +        # all user don't have access to seller and partner
 +        # check access and use superuser
 +        self.check_access_rights(cr, user, "read")
 +        self.check_access_rule(cr, user, ids, "read", context=context)
 +
          result = []
 -        for product in self.browse(cr, user, ids, context=context):
 +        for product in self.browse(cr, SUPERUSER_ID, ids, context=context):
-             sellers = filter(lambda x: x.name.id == partner_id, product.seller_ids)
+             sellers = partner_ids and filter(lambda x: x.name.id in partner_ids, product.seller_ids) or []
              if sellers:
                  for s in sellers:
                      mydict = {

diff --cc openerp/addons/base/ir/ir_attachment.py
index d9ad724,996b0f6..caa8db1
--- 1/openerp/addons/base/ir/ir_attachment.py
--- 2/openerp/addons/base/ir/ir_attachment.py
+++ b/openerp/addons/base/ir/ir_attachment.py
@@@ -207,10 -210,16 +211,16 @@@ class ir_attachment(osv.osv)
              # ignore attachments that are not attached to a resource anymore when checking access rights
              # (resource was deleted but attachment was not)
              if not self.pool.get(model):
+                 require_employee = True
                  continue
-             mids = self.pool[model].exists(cr, uid, mids)
 -            existing_ids = self.pool.get(model).exists(cr, uid, mids)
++            existing_ids = self.pool[model].exists(cr, uid, mids)
+             if len(existing_ids) != len(mids):
+                 require_employee = True
              ima.check(cr, uid, model, mode)
-             self.pool[model].check_access_rule(cr, uid, mids, mode, context=context)
 -            self.pool.get(model).check_access_rule(cr, uid, existing_ids, mode, context=context)
++            self.pool[model].check_access_rule(cr, uid, existing_ids, mode, context=context)
+         if require_employee:
+             if not self.pool['res.users'].has_group(cr, uid, 'base.group_user'):
+                 raise except_orm(_('Access Denied'), _("Sorry, you are not allowed to access this document."))
  
      def _search(self, cr, uid, args, offset=0, limit=None, order=None, context=None, count=False, access_rights_uid=None):
          ids = super(ir_attachment, self)._search(cr, uid, args, offset=offset,