[FIX] res_users: email function field should work even without access rights on res.partner.address - also dropped the context to avoid potential security issues as we run these actions in superuser mode

bzr revid: odo@openerp.com-20100709071526-brd9serfixj5eems
2010-07-09 09:15:26 +02:00 · 2010-07-09 09:15:26 +02:00 · 6164550d1d
parent 49f91e9175
commit 6164550d1d
1 changed files with 2 additions and 2 deletions
--- a/bin/addons/base/res/res_user.py
+++ b/bin/addons/base/res/res_user.py
@ -207,9 +207,9 @@ class users(osv.osv):
        address_obj = self.pool.get('res.partner.address')
        for user in self.browse(cr, uid, ids, context=context):
            if user.address_id:
-                address_obj.write(cr, uid, user.address_id.id, {'email': value or None}, context=context)
+                address_obj.write(cr, 1, user.address_id.id, {'email': value or None}) # no context to avoid potential security issues as superuser
            else:
-                address_id = address_obj.create(cr, uid, {'name': user.name, 'email': value or None}, context=context)
+                address_id = address_obj.create(cr, 1, {'name': user.name, 'email': value or None}) # no context to avoid potential security issues as superuser
                self.write(cr, uid, ids, {'address_id': address_id}, context)
        return True