Skip to content
Snippets Groups Projects
Commit 80017b04 authored by Denis Ledoux's avatar Denis Ledoux
Browse files

[FIX] security: ir.config_parameter should not be readable by externals

parent f880d89c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
addons/mail/mail_alias.py
+ 1
1
View file @ 80017b04
...@@ -59,7 +59,7 @@ class mail_alias(osv.Model): ...@@ -59,7 +59,7 @@ class mail_alias(osv.Model):
def _get_alias_domain(self, cr, uid, ids, name, args, context=None): def _get_alias_domain(self, cr, uid, ids, name, args, context=None):
ir_config_parameter = self.pool.get("ir.config_parameter") ir_config_parameter = self.pool.get("ir.config_parameter")
domain = ir_config_parameter.get_param(cr, uid, "mail.catchall.domain", context=context) domain = ir_config_parameter.get_param(cr, SUPERUSER_ID, "mail.catchall.domain", context=context)
return dict.fromkeys(ids, domain or "") return dict.fromkeys(ids, domain or "")
_columns = { _columns = {
......
addons/mail/static/src/js/announcement.js
+ 2
0
View file @ 80017b04
...@@ -36,6 +36,8 @@ openerp_announcement = function(instance) { ...@@ -36,6 +36,8 @@ openerp_announcement = function(instance) {
}); });
$('head').append($css); $('head').append($css);
}).fail(function(result, ev){
ev.preventDefault();
}); });
} }
}); });
......
addons/web/static/src/js/chrome.js
+ 3
0
View file @ 80017b04
...@@ -1155,6 +1155,9 @@ instance.web.UserMenu = instance.web.Widget.extend({ ...@@ -1155,6 +1155,9 @@ instance.web.UserMenu = instance.web.Widget.extend({
scope: 'userinfo', scope: 'userinfo',
}; };
instance.web.redirect('https://accounts.openerp.com/oauth2/auth?'+$.param(params)); instance.web.redirect('https://accounts.openerp.com/oauth2/auth?'+$.param(params));
}).fail(function(result, ev){
ev.preventDefault();
instance.web.redirect('https://accounts.openerp.com/web');
}); });
} }
}, },
......
openerp/addons/base/security/ir.model.access.csv
+ 1
1
View file @ 80017b04
...@@ -111,7 +111,7 @@ ...@@ -111,7 +111,7 @@
"access_multi_company_default user","multi_company_default all","model_multi_company_default",,1,0,0,0 "access_multi_company_default user","multi_company_default all","model_multi_company_default",,1,0,0,0
"access_multi_company_default manager","multi_company_default Manager","model_multi_company_default","group_erp_manager",1,1,1,1 "access_multi_company_default manager","multi_company_default Manager","model_multi_company_default","group_erp_manager",1,1,1,1
"access_ir_filter all","ir_filters all","model_ir_filters",,1,1,1,1 "access_ir_filter all","ir_filters all","model_ir_filters",,1,1,1,1
"access_ir_config_parameter","ir_config_parameter","model_ir_config_parameter",,1,0,0,0 "access_ir_config_parameter","ir_config_parameter","model_ir_config_parameter","group_user",1,0,0,0
"access_ir_config_parameter_system","ir_config_parameter_system","model_ir_config_parameter","group_system",1,1,1,1 "access_ir_config_parameter_system","ir_config_parameter_system","model_ir_config_parameter","group_system",1,1,1,1
"access_ir_mail_server","ir_mail_server","model_ir_mail_server","group_system",1,1,1,1 "access_ir_mail_server","ir_mail_server","model_ir_mail_server","group_system",1,1,1,1
"access_ir_actions_client","ir_actions_client all","model_ir_actions_client",,1,0,0,0 "access_ir_actions_client","ir_actions_client all","model_ir_actions_client",,1,0,0,0
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment