A question about weird line of code: "request.uid = odoo.SUPERUSER_ID"

Question

Hello community
I am looking at the '/web/login' route in "addons/web/controllers/main.py"
and there is a line i cant understand the reason of it .
in the web_login function :
if not request.uid:
request.uid = odoo.SUPERUSER_ID
could any body please explain why it is there ? and what it is doing ?
I looked at blame and there is a small comment in commit
[FIX] /web/login: Set request.uid on auth=none so it's correct
if overloaded with auth="public" bzr revid:
fme@openerp.com-20140211113916-2to1g4

sepehr · Answer

Thanks for your answer. Yes I know that, My question is that why set it to  SUPERUSER_ID ? Why not "public user"? Isn't it dangerous from security point of view?

Samo Arko · Answer

if there is no user id in the object request then set the user id odoos super user ID. This is probably just so it doesn't throw an error. request is an data object that you POST from the login page.

此問題已被標幟

喜歡這則討論？不要只閱讀，加入發表意見吧！