midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-4685 Cross tenant PO reading request detected from session for table AD_User Record_ID (#563)

This commit is contained in:
Carlos Ruiz 2021-02-01 09:15:59 +01:00 committed by GitHub
parent 3d70b5dd63
commit e20e195c57
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
org.adempiere.base/src/org/compiere/util/Login.java
View File

@ -45,6 +45,7 @@ import org.compiere.model.MTree_Base;
import org.compiere.model.MUser;
import org.compiere.model.MUserPreference;
import org.compiere.model.ModelValidationEngine;
import org.compiere.model.PO;
import org.compiere.model.Query;
@ -1310,10 +1311,16 @@ public class Login
.append(" AND c.IsActive='Y') AND ")
.append(" AD_User.IsActive='Y'");
List<MUser> users = new Query(m_ctx, MUser.Table_Name, where.toString(), null)
.setParameters(app_user)
.setOrderBy(MUser.COLUMNNAME_AD_User_ID)
.list();
List<MUser> users = null;
try {
PO.setCrossTenantSafe();
users = new Query(m_ctx, MUser.Table_Name, where.toString(), null)
.setParameters(app_user)
.setOrderBy(MUser.COLUMNNAME_AD_User_ID)
.list();
} finally {
PO.clearCrossTenantSafe();
}
if (users.size() == 0) {
log.saveError("UserPwdError", app_user, false);