[FIX] res.users: better compatibility of read() override with new API

2016-04-01 17:09:54 +02:00 · 2016-04-01 17:09:54 +02:00 · 08b7e5ab63
parent a7c2377500
commit 08b7e5ab63
1 changed files with 14 additions and 16 deletions
--- a/openerp/addons/base/res/res_users.py
+++ b/openerp/addons/base/res/res_users.py
@ -284,14 +284,21 @@ class res_users(osv.osv):
    # User can read a few of his own fields
    SELF_READABLE_FIELDS = ['signature', 'company_id', 'login', 'email', 'name', 'image', 'image_medium', 'image_small', 'lang', 'tz', 'tz_offset', 'groups_id', 'partner_id', '__last_update', 'action_id']

-    def read(self, cr, uid, ids, fields=None, context=None, load='_classic_read'):
-        def override_password(o):
-            if ('id' not in o or o['id'] != uid):
+    @api.multi
+    def _read_from_database(self, field_names, inherited_field_names=[]):
+        super(res_users, self)._read_from_database(field_names, inherited_field_names)
+        canwrite = self.check_access_rights('write', raise_exception=False)
+        if not canwrite and set(USER_PRIVATE_FIELDS).intersection(field_names):
+            for record in self:
                for f in USER_PRIVATE_FIELDS:
-                    if f in o:
-                        o[f] = '********'
-            return o
+                    try:
+                        record._cache[f]
+                        record._cache[f] = '********'
+                    except Exception:
+                        # skip SpecialValue (e.g. for missing record or access right)
+                        pass

+    def read(self, cr, uid, ids, fields=None, context=None, load='_classic_read'):
        if fields and (ids == [uid] or ids == uid):
            for key in fields:
                if not (key in self.SELF_READABLE_FIELDS or key.startswith('context_')):
@ -299,16 +306,7 @@ class res_users(osv.osv):
            else:
                # safe fields only, so we read as super-user to bypass access rights
                uid = SUPERUSER_ID
-
-        result = super(res_users, self).read(cr, uid, ids, fields=fields, context=context, load=load)
-        canwrite = self.pool['ir.model.access'].check(cr, uid, 'res.users', 'write', False)
-        if not canwrite:
-            if isinstance(ids, (int, long)):
-                result = override_password(result)
-            else:
-                result = map(override_password, result)
-
-        return result
+        return super(res_users, self).read(cr, uid, ids, fields=fields, context=context, load=load)

    def read_group(self, cr, uid, domain, fields, groupby, offset=0, limit=None, context=None, orderby=False, lazy=True):
        if uid != SUPERUSER_ID: