[FIX] mail: check create access only for acess rights, not access rules (too permissive)

author Martin Trigaux <mat@openerp.com>

Wed, 21 Aug 2013 15:39:18 +0000 (17:39 +0200)

committer Martin Trigaux <mat@openerp.com>

Wed, 21 Aug 2013 15:39:18 +0000 (17:39 +0200)
author Martin Trigaux <mat@openerp.com>
Wed, 21 Aug 2013 15:39:18 +0000 (17:39 +0200)
committer Martin Trigaux <mat@openerp.com>
Wed, 21 Aug 2013 15:39:18 +0000 (17:39 +0200)
diff --git a/addons/mail/mail_message.py b/addons/mail/mail_message.py

index 405f3c7..4280983 100644 (file)
--- a/addons/mail/mail_message.py
+++ b/addons/mail/mail_message.py
@@ -724,10 +724,7 @@ class mail_message(osv.Model):
              if operation in ['create', 'write', 'unlink']:
                  if not model_obj.check_access_rights(cr, uid, 'write', raise_exception=False):
                      model_obj.check_access_rights(cr, uid, 'create')
-                try:
-                    model_obj.check_access_rule(cr, uid, mids, 'write', context=context)
-                except orm.except_orm, e:
-                    model_obj.check_access_rule(cr, uid, mids, 'create', context=context)
+                model_obj.check_access_rule(cr, uid, mids, 'write', context=context)
              else:
                  model_obj.check_access_rights(cr, uid, operation)
                  model_obj.check_access_rule(cr, uid, mids, operation, context=context)
author	Martin Trigaux <mat@openerp.com>
	Wed, 21 Aug 2013 15:39:18 +0000 (17:39 +0200)
committer	Martin Trigaux <mat@openerp.com>
	Wed, 21 Aug 2013 15:39:18 +0000 (17:39 +0200)