'auth_oauth_data.xml',
'auth_oauth_data.yml',
'auth_oauth_view.xml',
+ 'security/ir.model.access.csv',
+ 'res_config.xml',
- 'security/ir.model.access.csv'
+ 'views/auth_oauth_login.xml',
],
- 'js': ['static/src/js/auth_oauth.js'],
- 'css': [
- 'static/lib/zocial/css/zocial.css',
- 'static/src/css/auth_oauth.css',
- ],
- 'qweb': ['static/src/xml/auth_oauth.xml'],
'installable': True,
'auto_install': False,
}
return (d['id'], name)
partner_id = context.get('partner_id', False)
+ if partner_id:
+ partner_ids = [partner_id, self.pool['res.partner'].browse(cr, user, partner_id, context=context).commercial_partner_id.id]
+ else:
+ partner_ids = []
+ # all user don't have access to seller and partner
+ # check access and use superuser
+ self.check_access_rights(cr, user, "read")
+ self.check_access_rule(cr, user, ids, "read", context=context)
+
result = []
- for product in self.browse(cr, user, ids, context=context):
+ for product in self.browse(cr, SUPERUSER_ID, ids, context=context):
- sellers = filter(lambda x: x.name.id == partner_id, product.seller_ids)
+ sellers = partner_ids and filter(lambda x: x.name.id in partner_ids, product.seller_ids) or []
if sellers:
for s in sellers:
mydict = {
# ignore attachments that are not attached to a resource anymore when checking access rights
# (resource was deleted but attachment was not)
if not self.pool.get(model):
+ require_employee = True
continue
- mids = self.pool[model].exists(cr, uid, mids)
- existing_ids = self.pool.get(model).exists(cr, uid, mids)
++ existing_ids = self.pool[model].exists(cr, uid, mids)
+ if len(existing_ids) != len(mids):
+ require_employee = True
ima.check(cr, uid, model, mode)
- self.pool[model].check_access_rule(cr, uid, mids, mode, context=context)
- self.pool.get(model).check_access_rule(cr, uid, existing_ids, mode, context=context)
++ self.pool[model].check_access_rule(cr, uid, existing_ids, mode, context=context)
+ if require_employee:
+ if not self.pool['res.users'].has_group(cr, uid, 'base.group_user'):
+ raise except_orm(_('Access Denied'), _("Sorry, you are not allowed to access this document."))
def _search(self, cr, uid, args, offset=0, limit=None, order=None, context=None, count=False, access_rights_uid=None):
ids = super(ir_attachment, self)._search(cr, uid, args, offset=offset,