[FIX] Check if session.db is legit before dispatching
bzr revid: fme@openerp.com-20140130085224-ac0w90ap9u4nmzen
This commit is contained in:
parent
ec45bc96f9
commit
279c5e67ec
|
@ -979,8 +979,14 @@ class Root(object):
|
||||||
return explicit_session
|
return explicit_session
|
||||||
|
|
||||||
def setup_db(self, httprequest):
|
def setup_db(self, httprequest):
|
||||||
if not httprequest.session.db:
|
db = httprequest.session.db
|
||||||
# allow "admin" routes to works without being logged in when in monodb.
|
# Check if session.db is legit
|
||||||
|
if db and db not in db_filter([db], httprequest=httprequest):
|
||||||
|
httprequest.session.logout()
|
||||||
|
db = None
|
||||||
|
|
||||||
|
if not db:
|
||||||
|
# allow auth="none" routes to works without being logged in when in monodb.
|
||||||
httprequest.session.db = db_monodb(httprequest)
|
httprequest.session.db = db_monodb(httprequest)
|
||||||
|
|
||||||
def setup_lang(self, httprequest):
|
def setup_lang(self, httprequest):
|
||||||
|
@ -1079,8 +1085,11 @@ class Root(object):
|
||||||
return request.registry['ir.http'].routing_map()
|
return request.registry['ir.http'].routing_map()
|
||||||
|
|
||||||
def db_list(force=False, httprequest=None):
|
def db_list(force=False, httprequest=None):
|
||||||
httprequest = httprequest or request.httprequest
|
|
||||||
dbs = openerp.netsvc.dispatch_rpc("db", "list", [force])
|
dbs = openerp.netsvc.dispatch_rpc("db", "list", [force])
|
||||||
|
return db_filter(dbs, httprequest=httprequest)
|
||||||
|
|
||||||
|
def db_filter(dbs, httprequest=None):
|
||||||
|
httprequest = httprequest or request.httprequest
|
||||||
h = httprequest.environ['HTTP_HOST'].split(':')[0]
|
h = httprequest.environ['HTTP_HOST'].split(':')[0]
|
||||||
d = h.split('.')[0]
|
d = h.split('.')[0]
|
||||||
r = openerp.tools.config['dbfilter'].replace('%h', h).replace('%d', d)
|
r = openerp.tools.config['dbfilter'].replace('%h', h).replace('%d', d)
|
||||||
|
@ -1099,8 +1108,6 @@ def db_monodb(httprequest=None):
|
||||||
Returns ``None`` if the magic is not magic enough.
|
Returns ``None`` if the magic is not magic enough.
|
||||||
"""
|
"""
|
||||||
httprequest = httprequest or request.httprequest
|
httprequest = httprequest or request.httprequest
|
||||||
db = None
|
|
||||||
redirect = None
|
|
||||||
|
|
||||||
dbs = db_list(True, httprequest)
|
dbs = db_list(True, httprequest)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue