jegomez/odoo14-dev-environment
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[NEW] Patches Core to allow attachment access to other models

Browse Source
This commit is contained in:
Jorge Enrique Gómez Gómez 2023-03-09 02:09:42 -05:00
parent 25baae531c
commit 69d4f6da8e
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
apply_patches.sh
View File

@ -30,12 +30,15 @@ pt_core ()
SRC=$PWD SRC=$PWD
DEST=$DESTDIR/core/ DEST=$DESTDIR/core/
OPTIONS="-p1 --verbose" OPTIONS="-p1 --verbose -R"
pushd $DEST pushd $DEST
git apply $OPTIONS $SRC/patches/20210603_auth-oauth_redirects-to-root.patch # Already applied:
git apply $OPTIONS $SRC/patches/20220131_purchase-requisition_match-variant.patch #git apply $OPTIONS $SRC/patches/20210603_auth-oauth_redirects-to-root.patch
git apply $OPTIONS $SRC/patches/20230206_ir-attachment_allow-portal-users-attachment-access.patch #git apply $OPTIONS $SRC/patches/20220131_purchase-requisition_match-variant.patch
git apply $OPTIONS $SRC/patches/20230309_ir-attachment_allow-portal-users-attachment-access.patch
# Included in 2023-03-09 patch:
#git apply $OPTIONS $SRC/patches/20230206_ir-attachment_allow-portal-users-attachment-access.patch
# Reverted in https://github.com/odoo/odoo/commit/8d1d62a8c0746abb30f97290304b761f74111a89: # Reverted in https://github.com/odoo/odoo/commit/8d1d62a8c0746abb30f97290304b761f74111a89:
#git apply $OPTIONS $SRC/patches/20220204_mail_re-enables-buttons-in-notifications.patch #git apply $OPTIONS $SRC/patches/20220204_mail_re-enables-buttons-in-notifications.patch
popd popd

5
patches/20230206_ir-attachment_allow-portal-users-attachment-access.patch → patches/20230309_ir-attachment_allow-portal-users-attachment-access.patch
View File

@ -2,12 +2,13 @@ diff --git a/odoo/addons/base/models/ir_attachment.py b/odoo/addons/base/models/
index f1d8701a1..0f7926756 100644 index f1d8701a1..0f7926756 100644
--- a/odoo/addons/base/models/ir_attachment.py --- a/odoo/addons/base/models/ir_attachment.py
+++ b/odoo/addons/base/models/ir_attachment.py +++ b/odoo/addons/base/models/ir_attachment.py
@@ -417,7 +417,10 @@ class IrAttachment(models.Model): @@ -418,7 +418,10 @@ class IrAttachment(models.Model):
return True return True
# Always require an internal user (aka, employee) to access to a attachment # Always require an internal user (aka, employee) to access to a attachment
if not (self.env.is_admin() or self.env.user.has_group('base.group_user')): if not (self.env.is_admin() or self.env.user.has_group('base.group_user')):
- raise AccessError(_("Sorry, you are not allowed to access this document.")) - raise AccessError(_("Sorry, you are not allowed to access this document."))
+ res_models = ['account.move', 'stock.picking'] + res_models = ['account.move', 'stock.picking',
+ 'stock.certificate', 'stock.delivery']
+ if not self.res_model or not self.res_id or self.res_model not in res_models: + if not self.res_model or not self.res_id or self.res_model not in res_models:
+ raise AccessError(_("Sorry, you are not allowed to access this document.")) + raise AccessError(_("Sorry, you are not allowed to access this document."))
+ self.env[self.res_model].browse(self.res_id).check_access_rule('read') + self.env[self.res_model].browse(self.res_id).check_access_rule('read')