From e1ecb49f89289286766e1a061507d3d5088de5bd Mon Sep 17 00:00:00 2001
From: Olivier Dony <odo@openerp.com>
Date: Thu, 27 Apr 2017 14:41:56 +0200
Subject: [PATCH] [FIX] runbot: use proper manager visibility

The token is not meant to be used by anyone except runbot managers.

Reported by @nilshamerlinck - thanks!
---
 runbot/runbot.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/runbot/runbot.py b/runbot/runbot.py
index 2d572feb..c03333c4 100644
--- a/runbot/runbot.py
+++ b/runbot/runbot.py
@@ -214,7 +214,7 @@ class runbot_repo(osv.osv):
             id1='dependant_id', id2='dependency_id',
             string='Extra dependencies',
             help="Community addon repos which need to be present to run tests."),
-        'token': fields.char("Github token"),
+        'token': fields.char("Github token", groups="runbot.group_runbot_admin"),
         'group_ids': fields.many2many('res.groups', string='Limited to groups'),
     }
     _defaults = {
@@ -457,7 +457,7 @@ class runbot_branch(osv.osv):
     def _get_pull_head_name(self, cr, uid, ids, field_name, arg, context=None):
         r = dict.fromkeys(ids, False)
         for bid in ids:
-            pi = self._get_pull_info(cr, uid, [bid], context=context)
+            pi = self._get_pull_info(cr, SUPERUSER_ID, [bid], context=context)
             if pi:
                 r[bid] = pi['head']['ref']
         return r