[FIX] pos: avoid a user to use another user's session (opw 595033)

bzr revid: mat@openerp.com-20130828073030-mmgcd0atfm7qjq1b
2013-08-28 09:30:30 +02:00 · 2013-08-28 09:30:30 +02:00 · 3b88ba87c1
parent 8c5c877948
commit 3b88ba87c1
1 changed files with 5 additions and 0 deletions
--- a/addons/point_of_sale/point_of_sale.py
+++ b/addons/point_of_sale/point_of_sale.py
@ -469,6 +469,11 @@ class pos_session(osv.osv):
            context = {}
        if not ids:
            return {}
+        for session in self.browse(cr, uid, ids, context=context):
+            if session.user_id.id != uid:
+                raise osv.except_osv(
+                        _('Error!'),
+                        _("You cannot use the session of another users. This session is owned by %s. Please first close this one to use this point of sale." % session.user_id.name))
        context.update({'active_id': ids[0]})
        return {
            'type' : 'ir.actions.client',