[FIX] security: res.groups should be readable by admins only
This commit is contained in:
parent
72d3697fbc
commit
53582c2ea6
|
@ -22,6 +22,7 @@
|
||||||
import logging
|
import logging
|
||||||
from urllib import quote as quote
|
from urllib import quote as quote
|
||||||
|
|
||||||
|
from openerp import SUPERUSER_ID
|
||||||
from openerp.osv import osv, fields
|
from openerp.osv import osv, fields
|
||||||
from openerp.tools.translate import _
|
from openerp.tools.translate import _
|
||||||
from openerp.tools import float_repr
|
from openerp.tools import float_repr
|
||||||
|
@ -75,7 +76,7 @@ class acquirer(osv.Model):
|
||||||
link = '#action=account.action_account_config'
|
link = '#action=account.action_account_config'
|
||||||
payment_header = _('You can finish the configuration in the <a href="%s">Bank&Cash settings</a>') % link
|
payment_header = _('You can finish the configuration in the <a href="%s">Bank&Cash settings</a>') % link
|
||||||
amount = _('No online payment acquirers configured')
|
amount = _('No online payment acquirers configured')
|
||||||
group_ids = self.pool.get('res.users').browse(cr, uid, uid, context=context).groups_id
|
group_ids = self.pool.get('res.users').browse(cr, SUPERUSER_ID, uid, context=context).groups_id
|
||||||
if any(group.is_portal for group in group_ids):
|
if any(group.is_portal for group in group_ids):
|
||||||
return ''
|
return ''
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -53,7 +53,6 @@
|
||||||
"access_res_currency_group_system","res_currency group_system","model_res_currency","group_system",1,1,1,1
|
"access_res_currency_group_system","res_currency group_system","model_res_currency","group_system",1,1,1,1
|
||||||
"access_res_currency_rate_group_system","res_currency_rate group_system","model_res_currency_rate","group_system",1,1,1,1
|
"access_res_currency_rate_group_system","res_currency_rate group_system","model_res_currency_rate","group_system",1,1,1,1
|
||||||
"access_res_groups_group_erp_manager","res_groups group_erp_manager","model_res_groups","group_erp_manager",1,1,1,1
|
"access_res_groups_group_erp_manager","res_groups group_erp_manager","model_res_groups","group_erp_manager",1,1,1,1
|
||||||
"access_res_groups_group_user","res_groups group_user","model_res_groups",,1,0,0,0
|
|
||||||
"access_res_lang_group_all","res_lang group_all","model_res_lang",,1,0,0,0
|
"access_res_lang_group_all","res_lang group_all","model_res_lang",,1,0,0,0
|
||||||
"access_res_lang_group_user","res_lang group_user","model_res_lang","group_system",1,1,1,1
|
"access_res_lang_group_user","res_lang group_user","model_res_lang","group_system",1,1,1,1
|
||||||
"access_res_partner_group_partner_manager","res_partner group_partner_manager","model_res_partner","group_partner_manager",1,1,1,1
|
"access_res_partner_group_partner_manager","res_partner group_partner_manager","model_res_partner","group_partner_manager",1,1,1,1
|
||||||
|
|
|
Loading…
Reference in New Issue