all no discussion message if uid is a portal user.
"""
group_ids = self.pool.get('res.users').browse(cr, uid, uid, context=context).groups_id
- if any(group.is_portal for group in group_ids):
- subtype_id = self.pool.get("ir.model.data").get_object_reference(cr, uid, 'mail', 'mt_comment')[1]
- args = ['&', ('subtype_id', '=', subtype_id)] + args
+ group_user_id = self.pool.get("ir.model.data").get_object_reference(cr, uid, 'base', 'group_user')[1]
+ if group_user_id not in [group.id for group in group_ids]:
+ args = ['&', '|', ('type', '!=', 'comment'), ('subtype_id', '!=', False)] + list(args)
return super(mail_message, self)._search(cr, uid, args, offset=offset, limit=limit, order=order,
context=context, count=False, access_rights_uid=access_rights_uid)
- raise if the type is not 'comment' or 'email'
"""
group_ids = self.pool.get('res.users').browse(cr, uid, uid, context=context).groups_id
- if any(group.is_portal for group in group_ids):
- subtype_id = self.pool.get("ir.model.data").get_object_reference(cr, uid, 'mail', 'mt_comment')[1]
- cr.execute('SELECT DISTINCT id FROM "%s" WHERE subtype_id != %s AND id = ANY (%%s)' % (self._table, subtype_id), (ids,))
+ group_user_id = self.pool.get("ir.model.data").get_object_reference(cr, uid, 'base', 'group_user')[1]
+ if group_user_id not in [group.id for group in group_ids]:
+ cr.execute('SELECT DISTINCT id FROM "%s" WHERE type = %%s AND subtype_id != NULL AND id = ANY (%%s)' % (self._table), ('comment', ids,))
if cr.fetchall():
raise orm.except_orm(_('Access Denied'),
_('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % \
self.partner_chell_id = self.user_chell.partner_id.id
# Create a PigsPortal group
- self.group_port_id = self.mail_group.create(cr, uid, {'name': 'PigsPortal', 'public': 'groups', 'group_public_id': self.group_portal_id})
+ self.group_port_id = self.mail_group.create(cr, uid,
+ {'name': 'PigsPortal', 'public': 'groups', 'group_public_id': self.group_portal_id},
+ {'mail_create_nolog': True})
# Set an email address for the user running the tests, used as Sender for outgoing mails
self.res_users.write(cr, uid, uid, {'email': 'test@localhost'})
'body of invitation email is incorrect')
self.assertTrue(partner_carine.signup_url in sent_email.get('body'),
'body of invitation email does not contain signup url')
+
+ def test_20_message_read(self):
+ cr, uid, group_port_id = self.cr, self.uid, self.group_port_id
+
+ # Data: custom subtypes
+ mt_group_public_id = self.mail_message_subtype.create(cr, uid, {'name': 'group_public', 'description': 'Group changed'})
+ self.ir_model_data.create(cr, uid, {'name': 'mt_group_public', 'model': 'mail.message.subtype', 'module': 'mail', 'res_id': mt_group_public_id})
+ # Data: post messages with various subtypes
+ msg1_id = self.mail_group.message_post(cr, uid, group_port_id, body='Body1', type='comment', subtype='mail.mt_comment')
+ msg2_id = self.mail_group.message_post(cr, uid, group_port_id, body='Body2', type='comment', subtype='mail.mt_group_public')
+ msg3_id = self.mail_group.message_post(cr, uid, group_port_id, body='Body3', type='comment', subtype='mail.mt_comment')
+ msg4_id = self.mail_group.message_post(cr, uid, group_port_id, body='Body4', type='comment')
+ msg5_id = self.mail_group.message_post(cr, uid, group_port_id, body='Body5', type='notification')
+
+ # Do: Chell search messages: should not see internal notes (comment without subtype)
+ msg_ids = self.mail_message.search(cr, self.user_chell_id, [('model', '=', 'mail.group'), ('res_id', '=', group_port_id)])
+ self.assertEqual(set(msg_ids), set([msg1_id, msg2_id, msg3_id, msg5_id]),
+ 'mail_message: portal user has access to messages he should not read')
projects / odoo / odoo.git / commitdiff