From 8596a4ccaa71d693ef4d2075ee793f3665ed605b Mon Sep 17 00:00:00 2001 From: Olivier Dony Date: Wed, 20 Jul 2016 21:35:40 +0200 Subject: [PATCH] [FIX] portal: avoid users sharing non-portal groups --- addons/portal/wizard/portal_wizard.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/addons/portal/wizard/portal_wizard.py b/addons/portal/wizard/portal_wizard.py index 2c7f7162964..c4c46a66c9e 100644 --- a/addons/portal/wizard/portal_wizard.py +++ b/addons/portal/wizard/portal_wizard.py @@ -158,12 +158,15 @@ class wizard_user(osv.osv_memory): return error_msg def action_apply(self, cr, uid, ids, context=None): + self.pool['res.partner'].check_access_rights(cr, uid, 'write') error_msg = self.get_error_messages(cr, uid, ids, context=context) if error_msg: raise osv.except_osv(_('Contacts Error'), "\n\n".join(error_msg)) for wizard_user in self.browse(cr, SUPERUSER_ID, ids, context): portal = wizard_user.wizard_id.portal_id + if not portal.is_portal: + raise osv.except_osv("Error", "Not a portal: " + portal.name) user = self._retrieve_user(cr, SUPERUSER_ID, wizard_user, context) if wizard_user.partner_id.email != wizard_user.email: wizard_user.partner_id.write({'email': wizard_user.email})