New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FW][FIX] mail: allow bypassing message attachments check #165166
[FW][FIX] mail: allow bypassing message attachments check #165166
Conversation
@reth-odoo @awa-odoo cherrypicking of pull request #164894 failed. stdout:
stderr:
Either perform the forward-port manually (and push to this branch, proceeding as usual) or close this PR (maybe?). In the former case, you may want to edit this PR message as well. More info at https://github.com/odoo/odoo/wiki/Mergebot#forward-port |
Some modules may use attachments from mail messages directly. In that case it may be desirable to at least be able to write over the name and other non-critical information even if the attachment is linked to a document. The restrictions on writing on message attachments is reduced to only apply to data fields, as those are the only ones that we really don't want people to change. Also return True instead of None in the override of `check` to match the behavior of the parent. Also reword the error message to convey writing is also forbidden. Complementary to 4c4e63f task-3519815
64a971f
to
78bd49b
Compare
@robodoo r+ |
Some modules may use attachments from mail messages directly. In that case it may be desirable to at least be able to write over the name and other non-critical information even if the attachment is linked to a document. The restrictions on writing on message attachments is reduced to only apply to data fields, as those are the only ones that we really don't want people to change. Also return True instead of None in the override of `check` to match the behavior of the parent. Also reword the error message to convey writing is also forbidden. Complementary to 4c4e63f task-3519815 closes #165166 Related: odoo/enterprise#62338 Signed-off-by: Warnon Aurélien (awa) <awa@odoo.com> Signed-off-by: Renaud Thiry (reth) <reth@odoo.com>
We only care about data fields when it comes to restricting access to message attachments.
As some modules may use these attachments directly, it may be desirable for them to use
the attachment name or similar metadata fields.
"write" is only restricted if writing on a data field, as it's effectively the same as unlinking
for our purposes. Other fields have the same access rights as prior to [1]
Additional changes:
1: 4c4e63f
task-3519815
Forward-Port-Of: #165158
Forward-Port-Of: #164894