From 97a96bc96b79a9be92a12678bd0f343e4fac2079 Mon Sep 17 00:00:00 2001
From: Olivier Dony <odo@openerp.com>
Date: Fri, 1 Apr 2016 19:58:58 +0200
Subject: [PATCH] [FIX] base: require wizard for passwd change

---
 openerp/addons/base/res/res_users.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/openerp/addons/base/res/res_users.py b/openerp/addons/base/res/res_users.py
index 84c87f0fc29..7cd67d62aed 100644
--- a/openerp/addons/base/res/res_users.py
+++ b/openerp/addons/base/res/res_users.py
@@ -276,7 +276,7 @@ class res_users(osv.osv):
     }
 
     # User can write on a few of his own fields (but not his groups for example)
-    SELF_WRITEABLE_FIELDS = ['password', 'signature', 'action_id', 'company_id', 'email', 'name', 'image', 'image_medium', 'image_small', 'lang', 'tz']
+    SELF_WRITEABLE_FIELDS = ['signature', 'action_id', 'company_id', 'email', 'name', 'image', 'image_medium', 'image_small', 'lang', 'tz']
     # User can read a few of his own fields
     SELF_READABLE_FIELDS = ['signature', 'company_id', 'login', 'email', 'name', 'image', 'image_medium', 'image_small', 'lang', 'tz', 'tz_offset', 'groups_id', 'partner_id', '__last_update']
 
@@ -527,7 +527,7 @@ class res_users(osv.osv):
         """
         self.check(cr.dbname, uid, old_passwd)
         if new_passwd:
-            return self.write(cr, uid, uid, {'password': new_passwd})
+            return self.write(cr, SUPERUSER_ID, uid, {'password': new_passwd})
         raise osv.except_osv(_('Warning!'), _("Setting empty passwords is not allowed for security reasons!"))
 
     def preference_save(self, cr, uid, ids, context=None):