odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[FIX] security: ir.config_parameter should not be readable by externals

This commit is contained in:
Denis Ledoux 2014-08-26 12:50:04 +02:00
parent f880d89cc4
commit 80017b04c2
4 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
addons/mail/mail_alias.py
View File

@ -59,7 +59,7 @@ class mail_alias(osv.Model):
def _get_alias_domain(self, cr, uid, ids, name, args, context=None):
ir_config_parameter = self.pool.get("ir.config_parameter")
domain = ir_config_parameter.get_param(cr, uid, "mail.catchall.domain", context=context)
domain = ir_config_parameter.get_param(cr, SUPERUSER_ID, "mail.catchall.domain", context=context)
return dict.fromkeys(ids, domain or "")
_columns = {

2
addons/mail/static/src/js/announcement.js
View File

@ -36,6 +36,8 @@ openerp_announcement = function(instance) {
});
$('head').append($css);
}).fail(function(result, ev){
ev.preventDefault();
});
}
});

3
addons/web/static/src/js/chrome.js
View File

@ -1155,6 +1155,9 @@ instance.web.UserMenu = instance.web.Widget.extend({
scope: 'userinfo',
};
instance.web.redirect('https://accounts.openerp.com/oauth2/auth?'+$.param(params));
}).fail(function(result, ev){
ev.preventDefault();
instance.web.redirect('https://accounts.openerp.com/web');
});
}
},

2
openerp/addons/base/security/ir.model.access.csv
View File

@ -111,7 +111,7 @@
"access_multi_company_default user","multi_company_default all","model_multi_company_default",,1,0,0,0
"access_multi_company_default manager","multi_company_default Manager","model_multi_company_default","group_erp_manager",1,1,1,1
"access_ir_filter all","ir_filters all","model_ir_filters",,1,1,1,1
"access_ir_config_parameter","ir_config_parameter","model_ir_config_parameter",,1,0,0,0
"access_ir_config_parameter","ir_config_parameter","model_ir_config_parameter","group_user",1,0,0,0
"access_ir_config_parameter_system","ir_config_parameter_system","model_ir_config_parameter","group_system",1,1,1,1
"access_ir_mail_server","ir_mail_server","model_ir_mail_server","group_system",1,1,1,1
"access_ir_actions_client","ir_actions_client all","model_ir_actions_client",,1,0,0,0

1 id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
111 access_multi_company_default user multi_company_default all model_multi_company_default 1 0 0 0
112 access_multi_company_default manager multi_company_default Manager model_multi_company_default group_erp_manager 1 1 1 1
113 access_ir_filter all ir_filters all model_ir_filters 1 1 1 1
114 access_ir_config_parameter ir_config_parameter model_ir_config_parameter group_user 1 0 0 0
115 access_ir_config_parameter_system ir_config_parameter_system model_ir_config_parameter group_system 1 1 1 1
116 access_ir_mail_server ir_mail_server model_ir_mail_server group_system 1 1 1 1
117 access_ir_actions_client ir_actions_client all model_ir_actions_client 1 0 0 0