Bugfixes and improvements

Security change in many2one fields bzr revid: fp@tinyerp.com-7cb0825c39add6770beb861bee10408f88bc127f
2007-10-16 15:24:13 +00:00 · 2007-10-16 15:24:13 +00:00 · 8bad54d26a
parent ee3e6600fb
commit 8bad54d26a
2 changed files with 7 additions and 9 deletions
--- a/bin/addons/base/res/partner/partner.py
+++ b/bin/addons/base/res/partner/partner.py
@ -132,7 +132,7 @@ class res_partner(osv.osv):
 	_order = "name"
 	_columns = {
 		'name': fields.char('Name', size=128, required=True, select=True),
-		'date': fields.date('Date'),
+		'date': fields.date('Date', select=1),
 		'title': fields.selection(_partner_title_get, 'Title', size=32),
 		'parent_id': fields.many2one('res.partner','Main Company', select=2),
 		'child_ids': fields.one2many('res.partner', 'parent_id', 'Partner Ref.'),
--- a/bin/osv/fields.py
+++ b/bin/osv/fields.py
@ -295,14 +295,12 @@ class many2one(_column):
 			names = dict(obj.name_get(cr, user, filter(None, res.values()), context))
 		except except_orm:
 			names={}
-			for id in filter(None, res.values()):
-				try:
-					names[id] = dict(obj.name_get(cr, user, [id], context))[id]
-				except except_orm, e:
-					if e.name == 'AccessError':
-						names[id] = "== Access denied =="
-					else :
-						raise
+
+			iids = filter(None, res.values())
+			cr.execute('select id,'+obj._rec_name+' from '+obj._table+' where id in ('+','.join(map(str,iids))+')')
+			for res22 in cr.fetchall():
+				names[res22[0]] = res22[1]
+
 		for r in res.keys():
 			if res[r] and res[r] in names:
 				res[r] = (res[r], names[res[r]])