[FIX] security on wokflows bugfixed. The security has to be checked using the current uid, not the one that created the workflow instance!

bzr revid: qdp@cyan-20090714091539-xrwqzndzibc6fxy5
2009-07-14 11:15:39 +02:00 · 2009-07-14 11:15:39 +02:00 · 64ffe9c680
parent 0a6517a8d2
commit 64ffe9c680
1 changed files with 1 additions and 1 deletions
--- a/bin/workflow/wkf_service.py
+++ b/bin/workflow/wkf_service.py
@ -52,7 +52,7 @@ class workflow_service(netsvc.Service):
        cr.execute('select instance_id from wkf_triggers where res_id=%s and model=%s', (res_id,res_type))
        res = cr.fetchall()
        for (instance_id,) in res:
-            cr.execute('select uid,res_type,res_id from wkf_instance where id=%s', (instance_id,))
+            cr.execute('select %s,res_type,res_id from wkf_instance where id=%s', (uid, instance_id,))
            ident = cr.fetchone()
            instance.update(cr, instance_id, ident)