res.users: invalidate cache when a user is modified. [Bug 664379]
Original description, by Xavier ALT: > The server is using a variable name "_uid_cache" for authentication > caching, but this variable is never clear when user informations change, > that means if we disable a user or change it's password their requests > are still allowed (cached auth check ok). > > This affects OpenERP v5 (server/bin/service/security.py) and OpenERP v6 > (server/bin/addons/base/res/res_users.py, class users). > > The only workaround is to restart the server. > bzr revid: p_christ@hol.gr-20101214162905-716i3ra12xvdtc2l
This commit is contained in:
parent
ef39bbb955
commit
66564a93fc
|
@ -354,12 +354,22 @@ class users(osv.osv):
|
||||||
self.pool.get('ir.model.access').call_cache_clearing_methods(cr)
|
self.pool.get('ir.model.access').call_cache_clearing_methods(cr)
|
||||||
clear = partial(self.pool.get('ir.rule').clear_cache, cr)
|
clear = partial(self.pool.get('ir.rule').clear_cache, cr)
|
||||||
map(clear, ids)
|
map(clear, ids)
|
||||||
|
db = cr.dbname
|
||||||
|
if db in self._uid_cache:
|
||||||
|
for id in ids:
|
||||||
|
if id in self._uid_cache[db]:
|
||||||
|
del self._uid_cache[db][id]
|
||||||
|
|
||||||
return res
|
return res
|
||||||
|
|
||||||
def unlink(self, cr, uid, ids, context=None):
|
def unlink(self, cr, uid, ids, context=None):
|
||||||
if 1 in ids:
|
if 1 in ids:
|
||||||
raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the admin user as it is used internally for resources created by OpenERP (updates, module installation, ...)'))
|
raise osv.except_osv(_('Can not remove root user!'), _('You can not remove the admin user as it is used internally for resources created by OpenERP (updates, module installation, ...)'))
|
||||||
|
db = cr.dbname
|
||||||
|
if db in self._uid_cache:
|
||||||
|
for id in ids:
|
||||||
|
if id in self._uid_cache[db]:
|
||||||
|
del self._uid_cache[db][id]
|
||||||
return super(users, self).unlink(cr, uid, ids, context=context)
|
return super(users, self).unlink(cr, uid, ids, context=context)
|
||||||
|
|
||||||
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=100):
|
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=100):
|
||||||
|
|
Loading…
Reference in New Issue