[FIX] access rights handling on m2m widgets

m2m lists inherit (from listview/view) the handling of access rights
attributes (e.g. @create, @delete) in which the access rights to the
related model are those checked for the view. This is generally true,
but *not* for m2ms: even if a user has no creation rights to the
related model, he can still create a *relation* between the current
and related models.

The m2m access rights are really governed by the *current* (source)
model, in which case the user won't get to see an "editable" view of
the m2m in the first place.

So just override is_action_enabled to disable it in m2ms.

bzr revid: xmo@openerp.com-20130305091956-zn6qtuo4tl0vh3bs

diff --git a/addons/web/static/src/js/view_form.js b/addons/web/static/src/js/view_form.js
index 5985e53..93ffd08 100644 (file)
--- a/addons/web/static/src/js/view_form.js
+++ b/addons/web/static/src/js/view_form.js
@@ -4275,6 +4275,7 @@ instance.web.form.Many2ManyListView = instance.web.ListView.extend(/** @lends in
             });
         }
      },
+    is_action_enabled: function () { return true; },
 });
 
 instance.web.form.FieldMany2ManyKanban = instance.web.form.AbstractField.extend(instance.web.form.CompletionFieldMixin, {