Skip to content
Snippets Groups Projects
Commit e0112db4 authored by Johan Demaret Rivarola's avatar Johan Demaret Rivarola
Browse files

[FIX] base: clear cache before read access check 


When reading binary content such as `image_128` on `res.users`,
`AccessError` should be raised when necessary.

Steps to reproduce:
  - Populate cache in superuser mode.
  - Access cached field with public user.
  - Read access is allowed but should not.

Concrete example:
  - Unpublish `demo` user.
  - Access `/slides` with `public` user.
  - The template data is generated as `sudo`.
  - The same data is then accessed as `public`.
  - AccessError should be raised when requesting
    `/profile/avatar/<int:user_id>` but is not.

Closes #43826

Signed-off-by: default avatarChristophe Simonis <chs@odoo.com>
parent ba1acb26
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment