From e20e195c5731621e5be49a7f807747166d88270c Mon Sep 17 00:00:00 2001
From: Carlos Ruiz <carg67@gmail.com>
Date: Mon, 1 Feb 2021 09:15:59 +0100
Subject: [PATCH] IDEMPIERE-4685 Cross tenant PO reading request detected from
 session for table AD_User Record_ID (#563)

---
 .../src/org/compiere/util/Login.java              | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/org.adempiere.base/src/org/compiere/util/Login.java b/org.adempiere.base/src/org/compiere/util/Login.java
index 48a904e9de..9abd6b2755 100644
--- a/org.adempiere.base/src/org/compiere/util/Login.java
+++ b/org.adempiere.base/src/org/compiere/util/Login.java
@@ -45,6 +45,7 @@ import org.compiere.model.MTree_Base;
 import org.compiere.model.MUser;
 import org.compiere.model.MUserPreference;
 import org.compiere.model.ModelValidationEngine;
+import org.compiere.model.PO;
 import org.compiere.model.Query;
 
 
@@ -1310,10 +1311,16 @@ public class Login
 				.append("         AND c.IsActive='Y') AND ")
 				.append(" AD_User.IsActive='Y'");
 		
-		List<MUser> users = new Query(m_ctx, MUser.Table_Name, where.toString(), null)
-			.setParameters(app_user)
-			.setOrderBy(MUser.COLUMNNAME_AD_User_ID)
-			.list();
+		List<MUser> users = null;
+		try {
+			PO.setCrossTenantSafe();
+			users = new Query(m_ctx, MUser.Table_Name, where.toString(), null)
+					.setParameters(app_user)
+					.setOrderBy(MUser.COLUMNNAME_AD_User_ID)
+					.list();
+		} finally {
+			PO.clearCrossTenantSafe();
+		}
 		
 		if (users.size() == 0) {
 			log.saveError("UserPwdError", app_user, false);