From 836b0f864eb0603af12f762f207252e8bdec18c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thibault=20Delavall=C3=A9e?= <tde@openerp.com>
Date: Tue, 5 Aug 2014 14:49:52 +0200
Subject: [PATCH] [FIX] hr_contract: count the number of contracts of an
employee as superuser_id as this field is required in the form view. However
no data is displayed, and no data about the contracts are leaked, so no
security holes.
---
addons/hr_contract/hr_contract.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/addons/hr_contract/hr_contract.py b/addons/hr_contract/hr_contract.py
index 8b58c3efd610..b80b93bc3a5f 100644
--- a/addons/hr_contract/hr_contract.py
+++ b/addons/hr_contract/hr_contract.py
@@ -20,6 +20,7 @@
##############################################################################
import time
+from openerp import SUPERUSER_ID
from openerp.osv import fields, osv
class hr_employee(osv.osv):
@@ -41,7 +42,7 @@ class hr_employee(osv.osv):
def _contracts_count(self, cr, uid, ids, field_name, arg, context=None):
Contract = self.pool['hr.contract']
return {
- employee_id: Contract.search_count(cr,uid, [('employee_id', '=', employee_id)], context=context)
+ employee_id: Contract.search_count(cr, SUPERUSER_ID, [('employee_id', '=', employee_id)], context=context)
for employee_id in ids
}
@@ -53,7 +54,7 @@ class hr_employee(osv.osv):
'vehicle': fields.char('Company Vehicle'),
'vehicle_distance': fields.integer('Home-Work Dist.', help="In kilometers"),
'contract_ids': fields.one2many('hr.contract', 'employee_id', 'Contracts'),
- 'contract_id':fields.function(_get_latest_contract, string='Contract', type='many2one', relation="hr.contract", help='Latest contract of the employee'),
+ 'contract_id': fields.function(_get_latest_contract, string='Contract', type='many2one', relation="hr.contract", help='Latest contract of the employee'),
'contracts_count': fields.function(_contracts_count, type='integer', string='Contracts'),
}
--
GitLab