[IMP] website_mail: allow per-module override of token_field

Instead of forcing a token field through an override, set it at the class level
to be changed in other model inheriting from the MailThread

addons/website_mail/controllers/main.py

@@ -49,14 +49,15 @@ def _message_post_helper(res_model='', res_id=None, message='', token='', token_
     """
     record = request.env[res_model].browse(res_id)
     author_id = request.env.user.partner_id.id if request.env.user.partner_id else False
-    if token and record and token == getattr(record.sudo(), token_field, None):
+    if token and record and token == getattr(record.sudo(), record._mail_post_token_field, None):
         record = record.sudo()
         if request.env.user == request.env.ref('base.public_user'):
             author_id = record.partner_id.id if hasattr(record, 'partner_id') else author_id
         else:
             if not author_id:
                 raise NotFound()
     kw.pop('csrf_token', None)
+    kw.pop('attachment_ids', None)
     return record.with_context(mail_create_nosubscribe=nosubscribe).message_post(body=message,
                                                                                    message_type=kw.pop('message_type', "comment"),
                                                                                    subtype=kw.pop('subtype', "mt_comment"),

addons/website_mail/models/mail_message.py

@@ -56,3 +56,9 @@ def check_access_rule(self, operation):
             if self.env.cr.fetchall():
                 raise AccessError(_('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % (self._description, operation))
         return super(MailMessage, self).check_access_rule(operation=operation)
+
+
+class MailThread(models.AbstractModel):
+    _inherit = 'mail.thread'
+
+    _mail_post_token_field = 'access_token' # token field for external posts, to be overridden