diff --git a/security_protector/__init__.py b/security_protector/__init__.py
new file mode 100644
index 000000000..fca2713dc
--- /dev/null
+++ b/security_protector/__init__.py
@@ -0,0 +1 @@
+from . import security_protector
\ No newline at end of file
diff --git a/security_protector/__openerp__.py b/security_protector/__openerp__.py
new file mode 100644
index 000000000..009df10ce
--- /dev/null
+++ b/security_protector/__openerp__.py
@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+##############################################################################
+#
+# Author Nicolas Bessi. Copyright Camptocamp SA
+##############################################################################
+{'name': 'Security protector',
+ 'version': '0.1',
+ 'category': 'Tools',
+ 'description': """
+ Prevent security to be changed when module is updated
+ This module overwrite ir model acces write delete function.
+ Only acces edited trough the UI or with manual_security_override in context set to True will be altered.
+ When you try to delete a acces write it simply set all perms to false
+ you can deactivate this behavior in ir.config_parameter by chanching the protect_security? key to 0
+ """,
+ 'author': 'Camptocamp',
+ 'website': 'http://openerp.camptocamp.com',
+ 'depends': ['base'],
+ 'init_xml': ['data.xml'],
+ 'update_xml': ['security_view.xml'],
+ 'demo_xml': [],
+ 'installable': True,
+ 'auto_install': False}
+# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
diff --git a/security_protector/data.xml b/security_protector/data.xml
new file mode 100644
index 000000000..81e6df16f
--- /dev/null
+++ b/security_protector/data.xml
@@ -0,0 +1,8 @@
+
+
+
+ protect_security?
+ 1
+
+
+
\ No newline at end of file
diff --git a/security_protector/security_protector.py b/security_protector/security_protector.py
new file mode 100644
index 000000000..170739ebd
--- /dev/null
+++ b/security_protector/security_protector.py
@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+##############################################################################
+#
+# Author Nicolas Bessi. Copyright Camptocamp SA
+##############################################################################
+from osv import fields, osv
+
+class IrModelAccess(osv.osv):
+ "We inherit ir model access to add specific write unlink and copy behavior"
+ _name = 'ir.model.access'
+ _inherit = "ir.model.access"
+
+ def _acces_can_be_modified(self, cr, uid, context=None):
+ context = context or {}
+ on = self.pool.get('ir.config_parameter').get_param(cr, uid, 'protect_security?', default=False, context=context)
+ if on in (1, "1", "YES", True):
+ if context.get('manual_security_override', False):
+ return True
+ return False
+
+ else:
+ return True
+
+ def write(self, cr, uid, ids, vals, context=None):
+ res =True
+ context = context or {}
+ if self._acces_can_be_modified(cr, uid, context=context):
+ res = super(IrModelAccess, self).write(cr, uid, ids, vals, context=context)
+ return res
+
+
+ def unlink(self, cr, uid, ids, context=None):
+ res = True
+ context = context or {}
+ if self._acces_can_be_modified(cr, uid, context=context):
+ res = super(IrModelAccess, self).write(cr, uid, ids, context=context)
+ else: # I'm note sur about this one maybe we should do nothing
+ self.write(cr, uid, args[0],
+ {'perm_read':False,
+ 'perm_write': False,
+ 'perm_unlink': False,
+ 'perm_create': False},
+ context={context})
+ return res
+
+IrModelAccess()
\ No newline at end of file
diff --git a/security_protector/security_view.xml b/security_protector/security_view.xml
new file mode 100644
index 000000000..6f3a83a2e
--- /dev/null
+++ b/security_protector/security_view.xml
@@ -0,0 +1,8 @@
+
+
+
+
+ {'manual_security_override': 1}
+
+
+
\ No newline at end of file