From bf75f51ddbf1049f90dd60d4db499e1e0923742b Mon Sep 17 00:00:00 2001
From: Olivier Dony <odo@openerp.com>
Date: Fri, 1 Apr 2016 20:27:22 +0200
Subject: [PATCH] [FIX] base: require wizard for passwd change

---
 openerp/addons/base/res/res_users.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/openerp/addons/base/res/res_users.py b/openerp/addons/base/res/res_users.py
index 32ffe39c601..a181e141eb4 100644
--- a/openerp/addons/base/res/res_users.py
+++ b/openerp/addons/base/res/res_users.py
@@ -280,7 +280,7 @@ class res_users(osv.osv):
     }
 
     # User can write on a few of his own fields (but not his groups for example)
-    SELF_WRITEABLE_FIELDS = ['password', 'signature', 'action_id', 'company_id', 'email', 'name', 'image', 'image_medium', 'image_small', 'lang', 'tz']
+    SELF_WRITEABLE_FIELDS = ['signature', 'action_id', 'company_id', 'email', 'name', 'image', 'image_medium', 'image_small', 'lang', 'tz']
     # User can read a few of his own fields
     SELF_READABLE_FIELDS = ['signature', 'company_id', 'login', 'email', 'name', 'image', 'image_medium', 'image_small', 'lang', 'tz', 'tz_offset', 'groups_id', 'partner_id', '__last_update', 'action_id']
 
@@ -531,7 +531,7 @@ class res_users(osv.osv):
         """
         self.check(cr.dbname, uid, old_passwd)
         if new_passwd:
-            return self.write(cr, uid, uid, {'password': new_passwd})
+            return self.write(cr, SUPERUSER_ID, uid, {'password': new_passwd})
         raise osv.except_osv(_('Warning!'), _("Setting empty passwords is not allowed for security reasons!"))
 
     def preference_save(self, cr, uid, ids, context=None):