initial commit 2

author: stephanchrst <stephanchrst@gmail.com> 2022-05-10 21:51:50 +0700
committer: stephanchrst <stephanchrst@gmail.com> 2022-05-10 21:51:50 +0700
commit: 3751379f1e9a4c215fb6eb898b4ccc67659b9ace (patch)
tree: a44932296ef4a9b71d5f010906253d8c53727726 /addons/mail/security/mail_security.xml
parent: 0a15094050bfde69a06d6eff798e9a8ddf2b8c21 (diff)
1 files changed, 74 insertions, 0 deletions
diff --git a/addons/mail/security/mail_security.xml b/addons/mail/security/mail_security.xml
new file mode 100644
index 00000000..6aef7841
--- /dev/null
+++ b/addons/mail/security/mail_security.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo noupdate="1">
+
+        <!-- RULES -->
+        <record id="mail_channel_rule" model="ir.rule">
+            <field name="name">Mail.channel: access only public and joined groups</field>
+            <field name="model_id" ref="model_mail_channel"/>
+            <field name="groups" eval="[(4, ref('base.group_user')), (4, ref('base.group_portal')), (4, ref('base.group_public'))]"/>
+            <field name="domain_force">['|', '|',
+('public', '=', 'public'),
+'&amp;', ('public', '=', 'private'), ('channel_partner_ids', 'in', [user.partner_id.id]),
+'&amp;', ('public', '=', 'groups'), ('group_public_id', 'in', [g.id for g in user.groups_id])]</field>
+            <field name="perm_create" eval="False"/>
+        </record>
+
+        <record id="ir_rule_mail_channel_partner_group_user" model="ir.rule">
+            <field name="name">mail.channel.partner: write its own entries</field>
+            <field name="model_id" ref="model_mail_channel_partner"/>
+            <field name="groups" eval="[(4, ref('base.group_user')), (4, ref('base.group_portal'))]"/>
+            <field name="domain_force">['|', '|',
+('channel_id.public', '=', 'public'),
+'&amp;', ('channel_id.public', '=', 'private'), ('channel_id.channel_partner_ids', 'in', [user.partner_id.id]),
+'&amp;', ('channel_id.public', '=', 'groups'), ('channel_id.group_public_id', 'in', [g.id for g in user.groups_id])]</field>
+            <field name="perm_read" eval="False"/>
+            <field name="perm_write" eval="True"/>
+            <field name="perm_create" eval="False"/>
+            <field name="perm_unlink" eval="True"/>
+        </record>
+
+        <record id="ir_rule_mail_notifications_group_user" model="ir.rule">
+            <field name="name">mail.notifications: group_user: write its own entries</field>
+            <field name="model_id" ref="model_mail_notification"/>
+            <field name="groups" eval="[(4, ref('base.group_user')), (4, ref('base.group_portal'))]"/>
+            <field name="domain_force">[('res_partner_id', '=', user.partner_id.id)]</field>
+            <field name="perm_create" eval="False"/>
+            <field name="perm_unlink" eval="False"/>
+            <field name="perm_read" eval="False"/>
+        </record>
+
+        <record id="mail_message_subtype_rule_public" model="ir.rule">
+            <field name="name">mail.message.subtype: portal/public: read public subtypes</field>
+            <field name="model_id" ref="model_mail_message_subtype"/>
+            <field name="domain_force">[('internal', '=', False)]</field>
+            <field name="groups" eval="[(4, ref('base.group_portal')), (4, ref('base.group_public'))]"/>
+        </record>
+
+        <record id="mail_activity_rule_user" model="ir.rule">
+            <field name="name">mail.activity: user: write/unlink only (created or assigned)</field>
+            <field name="model_id" ref="model_mail_activity"/>
+            <field name="domain_force">['|', ('user_id', '=', user.id), ('create_uid', '=', user.id)]</field>
+            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
+            <field name="perm_create" eval="False"/>
+            <field name="perm_read" eval="False"/>
+            <field name="perm_write" eval="True"/>
+            <field name="perm_unlink" eval="True"/>
+        </record>
+
+        <record id="mail_moderation_rule_user" model="ir.rule">
+            <field name="name">White/Black List: moderators: moderated channels only</field>
+            <field name="model_id" ref="model_mail_moderation"/>
+            <field name="domain_force">[('channel_id.moderator_ids', 'in', user.id)]</field>
+        </record>
+
+        <record id="mail_compose_message_rule" model="ir.rule">
+            <field name="name">Mail Compose Message Rule</field>
+            <field name="model_id" ref="model_mail_compose_message"/>
+            <field name="domain_force">[('create_uid', '=', user.id)]</field>
+            <field name="perm_create" eval="False"/>
+            <field name="perm_read" eval="True"/>
+            <field name="perm_write" eval="True"/>
+            <field name="perm_unlink" eval="False"/>
+        </record>
+
+</odoo>
author	stephanchrst <stephanchrst@gmail.com>	2022-05-10 21:51:50 +0700
committer	stephanchrst <stephanchrst@gmail.com>	2022-05-10 21:51:50 +0700
commit	3751379f1e9a4c215fb6eb898b4ccc67659b9ace (patch)
tree	a44932296ef4a9b71d5f010906253d8c53727726 /addons/mail/security/mail_security.xml
parent	0a15094050bfde69a06d6eff798e9a8ddf2b8c21 (diff)