[FIX] potential bug in server-side web framework, now forbids users to call method when not authentified
bzr revid: nicolas.vanhoren@openerp.com-20131018125727-qtkzkiwkhw4z78kr
This commit is contained in:
parent
c348a2f4cd
commit
7636d71dfc
|
@ -189,6 +189,8 @@ class WebRequest(object):
|
|||
|
||||
def auth_method_user():
|
||||
request.uid = request.session.uid
|
||||
if not request.uid:
|
||||
raise SessionExpiredException("Session expired")
|
||||
|
||||
def auth_method_admin():
|
||||
if not request.db:
|
||||
|
|
Loading…
Reference in New Issue