[FIX] security: remove read access on company critical fields
This commit is contained in:
Denis Ledoux
parent
53582c2ea6
commit
3f7f2a51fa
|
|
@ -238,7 +238,7 @@ class res_company(osv.osv):
|
|||
_inherit = "res.company"
|
||||
_columns = {
|
||||
'ldaps': fields.one2many(
|
||||
'res.company.ldap', 'company', 'LDAP Parameters'),
|
||||
'res.company.ldap', 'company', 'LDAP Parameters', groups="base.group_system"),
|
||||
}
|
||||
res_company()
|
||||
|
||||
|
|
|
|||
|
|
@ -26,10 +26,10 @@ class res_company(osv.Model):
|
|||
_name = "res.company"
|
||||
_inherit = "res.company"
|
||||
_columns = {
|
||||
"gengo_private_key": fields.text("Gengo Private Key"),
|
||||
"gengo_public_key": fields.text("Gengo Public Key"),
|
||||
"gengo_comment": fields.text("Comments", help="This comment will be automatically be enclosed in each an every request sent to Gengo"),
|
||||
"gengo_auto_approve": fields.boolean("Auto Approve Translation ?", help="Jobs are Automatically Approved by Gengo."),
|
||||
"gengo_private_key": fields.text("Gengo Private Key", groups="base.group_system"),
|
||||
"gengo_public_key": fields.text("Gengo Public Key", groups="base.group_user"),
|
||||
"gengo_comment": fields.text("Comments", help="This comment will be automatically be enclosed in each an every request sent to Gengo", groups="base.group_user"),
|
||||
"gengo_auto_approve": fields.boolean("Auto Approve Translation ?", help="Jobs are Automatically Approved by Gengo.", groups="base.group_user"),
|
||||
}
|
||||
|
||||
_defaults = {
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import re
|
|||
import string
|
||||
import urllib2
|
||||
import logging
|
||||
from openerp import SUPERUSER_ID
|
||||
from openerp.tools.translate import _
|
||||
from openerp.tools import html2plaintext
|
||||
from py_etherpad import EtherpadLiteClient
|
||||
|
|
@ -19,7 +20,7 @@ class pad_common(osv.osv_memory):
|
|||
return bool(user.company_id.pad_server)
|
||||
|
||||
def pad_generate_url(self, cr, uid, context=None):
|
||||
company = self.pool.get('res.users').browse(cr, uid, uid, context=context).company_id;
|
||||
company = self.pool.get('res.users').browse(cr, SUPERUSER_ID, uid, context=context).company_id
|
||||
|
||||
pad = {
|
||||
"server" : company.pad_server,
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ class company_pad(osv.osv):
|
|||
_inherit = 'res.company'
|
||||
_columns = {
|
||||
'pad_server': fields.char('Pad Server', help="Etherpad lite server. Example: beta.primarypad.com"),
|
||||
'pad_key': fields.char('Pad Api Key', help="Etherpad lite api key."),
|
||||
'pad_key': fields.char('Pad Api Key', help="Etherpad lite api key.", groups="base.group_system"),
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue