[FIX] res.users: better compatibility of read() override with new API
This commit is contained in:
parent
a7c2377500
commit
08b7e5ab63
|
@ -284,14 +284,21 @@ class res_users(osv.osv):
|
|||
# User can read a few of his own fields
|
||||
SELF_READABLE_FIELDS = ['signature', 'company_id', 'login', 'email', 'name', 'image', 'image_medium', 'image_small', 'lang', 'tz', 'tz_offset', 'groups_id', 'partner_id', '__last_update', 'action_id']
|
||||
|
||||
def read(self, cr, uid, ids, fields=None, context=None, load='_classic_read'):
|
||||
def override_password(o):
|
||||
if ('id' not in o or o['id'] != uid):
|
||||
@api.multi
|
||||
def _read_from_database(self, field_names, inherited_field_names=[]):
|
||||
super(res_users, self)._read_from_database(field_names, inherited_field_names)
|
||||
canwrite = self.check_access_rights('write', raise_exception=False)
|
||||
if not canwrite and set(USER_PRIVATE_FIELDS).intersection(field_names):
|
||||
for record in self:
|
||||
for f in USER_PRIVATE_FIELDS:
|
||||
if f in o:
|
||||
o[f] = '********'
|
||||
return o
|
||||
try:
|
||||
record._cache[f]
|
||||
record._cache[f] = '********'
|
||||
except Exception:
|
||||
# skip SpecialValue (e.g. for missing record or access right)
|
||||
pass
|
||||
|
||||
def read(self, cr, uid, ids, fields=None, context=None, load='_classic_read'):
|
||||
if fields and (ids == [uid] or ids == uid):
|
||||
for key in fields:
|
||||
if not (key in self.SELF_READABLE_FIELDS or key.startswith('context_')):
|
||||
|
@ -299,16 +306,7 @@ class res_users(osv.osv):
|
|||
else:
|
||||
# safe fields only, so we read as super-user to bypass access rights
|
||||
uid = SUPERUSER_ID
|
||||
|
||||
result = super(res_users, self).read(cr, uid, ids, fields=fields, context=context, load=load)
|
||||
canwrite = self.pool['ir.model.access'].check(cr, uid, 'res.users', 'write', False)
|
||||
if not canwrite:
|
||||
if isinstance(ids, (int, long)):
|
||||
result = override_password(result)
|
||||
else:
|
||||
result = map(override_password, result)
|
||||
|
||||
return result
|
||||
return super(res_users, self).read(cr, uid, ids, fields=fields, context=context, load=load)
|
||||
|
||||
def read_group(self, cr, uid, domain, fields, groupby, offset=0, limit=None, context=None, orderby=False, lazy=True):
|
||||
if uid != SUPERUSER_ID:
|
||||
|
|
Loading…
Reference in New Issue