projects / odoo / odoo.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0afa4c7) | patch
[FIX] project: access rights and followers
authorMartin Trigaux <mat@odoo.com>
Tue, 18 Nov 2014 14:09:13 +0000 (15:09 +0100)
committerMartin Trigaux <mat@odoo.com>
Tue, 18 Nov 2014 17:52:46 +0000 (18:52 +0100)
commit0b2ee16885bfa03b1df577a0d9533ffe4c7b5bad
tree7268d4dd30d9136f418e7c0b0059f59336958afetree | snapshot
parent0afa4c7f52925dcfcfd4ac5d9e6437a805c40d97commit | diff
[FIX] project: access rights and followers

For privacy_visibility 'followers' or 'portal', the user should be follower of the project (not the task).
Remove public access to portal task
Fixes #2372

If no project on the task (or other rule), an employee (not a portal) can access if is follower of the task.
Follower rule is not enough as a user creating a rule will subscribe to the rule but to subscribe to record, the user should have access to it in the first place.
To make sure the snake does not bit its tail, fallback to give access on task where the user is reponsible (user_id = user.id).
Fixes #139

Adapted the tests to the new behaviour (removed not relevant and added some on creation)
addons/portal_project/security/portal_security.xml diff | blob | history
addons/portal_project/tests/test_access_rights.py diff | blob | history
addons/project/security/project_security.xml diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.