[FIX] ir_qweb: search assets as superuser

A security has been introduce in eb9113c04d to restrict access to orphan attachments to employees only Assets need to be build and accessed as superuser, thus
2014-10-02 16:33:57 +02:00 · 2014-10-02 16:33:57 +02:00 · 40c8dd9a28
parent 5544cf0036
commit 40c8dd9a28
1 changed files with 4 additions and 4 deletions
--- a/openerp/addons/base/ir/ir_qweb.py
+++ b/openerp/addons/base/ir/ir_qweb.py
@ -1161,7 +1161,7 @@ class AssetsBundle(object):
    def get_cache(self, type):
        content = None
        domain = [('url', '=', '/web/%s/%s/%s' % (type, self.xmlid, self.version))]
-        bundle = self.registry['ir.attachment'].search_read(self.cr, self.uid, domain, ['datas'], context=self.context)
+        bundle = self.registry['ir.attachment'].search_read(self.cr, openerp.SUPERUSER_ID, domain, ['datas'], context=self.context)
        if bundle and bundle[0]['datas']:
            content = bundle[0]['datas'].decode('base64')
        return content
@ -1170,7 +1170,7 @@ class AssetsBundle(object):
        ira = self.registry['ir.attachment']
        url_prefix = '/web/%s/%s/' % (type, self.xmlid)
        # Invalidate previous caches
-        oids = ira.search(self.cr, self.uid, [('url', '=like', url_prefix + '%')], context=self.context)
+        oids = ira.search(self.cr, openerp.SUPERUSER_ID, [('url', '=like', url_prefix + '%')], context=self.context)
        if oids:
            ira.unlink(self.cr, openerp.SUPERUSER_ID, oids, context=self.context)
        url = url_prefix + self.version
@ -1278,7 +1278,7 @@ class WebAsset(object):
                    fields = ['__last_update', 'datas', 'mimetype']
                    domain = [('type', '=', 'binary'), ('url', '=', self.url)]
                    ira = self.registry['ir.attachment']
-                    attach = ira.search_read(self.cr, self.uid, domain, fields, context=self.context)
+                    attach = ira.search_read(self.cr, openerp.SUPERUSER_ID, domain, fields, context=self.context)
                    self._ir_attach = attach[0]
                except Exception:
                    raise AssetNotFound("Could not find %s" % self.name)
@ -1420,7 +1420,7 @@ class SassAsset(StylesheetAsset):
            ira = self.registry['ir.attachment']
            url = self.html_url % self.url
            domain = [('type', '=', 'binary'), ('url', '=', self.url)]
-            ira_id = ira.search(self.cr, self.uid, domain, context=self.context)
+            ira_id = ira.search(self.cr, openerp.SUPERUSER_ID, domain, context=self.context)
            if ira_id:
                # TODO: update only if needed
                ira.write(self.cr, openerp.SUPERUSER_ID, [ira_id], {'datas': self.content}, context=self.context)