[FIX] User can read his own password

lp bug: https://launchpad.net/bugs/322221 fixed bzr revid: stephane@tinyerp.com-20090128112014-besest79n8luqe8e
2009-01-28 12:20:14 +01:00 · 2009-01-28 12:20:14 +01:00 · a90653c98f
parent be0001900a
commit a90653c98f
1 changed files with 1 additions and 1 deletions
--- a/bin/addons/base/res/res_user.py
+++ b/bin/addons/base/res/res_user.py
@ -111,7 +111,7 @@ class users(osv.osv):
    }
    def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
        def override_password(o):
-            if 'password' in o:
+            if 'password' in o and ( 'id' not in o or o['id'] != uid ):
                o['password'] = '********'
            return o