res.users: invalidate cache when a user is modified. [Bug 664379]
Original description, by Xavier ALT: > The server is using a variable name "_uid_cache" for authentication > caching, but this variable is never clear when user informations change, > that means if we disable a user or change it's password their requests > are still allowed (cached auth check ok). > > This affects OpenERP v5 (server/bin/service/security.py) and OpenERP v6 > (server/bin/addons/base/res/res_users.py, class users). > > The only workaround is to restart the server. > bzr revid: p_christ@hol.gr-20101214162905-716i3ra12xvdtc2l
This commit is contained in:
parent
ef39bbb955
commit
66564a93fc
|
@ -354,12 +354,22 @@ class users(osv.osv):
|
|||
self.pool.get('ir.model.access').call_cache_clearing_methods(cr)
|
||||
clear = partial(self.pool.get('ir.rule').clear_cache, cr)
|
||||
map(clear, ids)
|
||||
db = cr.dbname
|
||||
if db in self._uid_cache:
|
||||
for id in ids:
|
||||
if id in self._uid_cache[db]:
|
||||
del self._uid_cache[db][id]
|
||||
|
||||
return res
|
||||
|
||||
def unlink(self, cr, uid, ids, context=None):
|
||||
if 1 in ids:
|
||||
raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the admin user as it is used internally for resources created by OpenERP (updates, module installation, ...)'))
|
||||
db = cr.dbname
|
||||
if db in self._uid_cache:
|
||||
for id in ids:
|
||||
if id in self._uid_cache[db]:
|
||||
del self._uid_cache[db][id]
|
||||
return super(users, self).unlink(cr, uid, ids, context=context)
|
||||
|
||||
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=100):
|
||||
|
|
Loading…
Reference in New Issue