odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[MERGE]: Merge with latest trunk-server 

bzr revid: rpa@tinyerp.com-20120816052255-anabrq2e0q74ba0e
This commit is contained in:
Rucha (Open ERP) 2012-08-16 10:52:55 +05:30
parent 06fb7b2c39 5f866fbacd
commit 327e7d095f
21 changed files with 314 additions and 291 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
openerp/addons/base/base.sql
View File

@ -146,17 +146,15 @@ select setval('ir_ui_menu_id_seq', 2);
CREATE TABLE res_users (
id serial NOT NULL,
name varchar(64) not null,
active boolean default True,
login varchar(64) NOT NULL UNIQUE,
password varchar(64) default null,
email varchar(64) default null,
context_tz varchar(64) default null,
signature text,
context_lang varchar(64) default '',
tz varchar(64) default null,
lang varchar(64) default '',
-- No FK references below, will be added later by ORM
-- (when the destination rows exist)
company_id int,
partner_id int,
primary key(id)
);
alter table res_users add constraint res_users_login_uniq unique (login);
@ -385,7 +383,7 @@ CREATE TABLE ir_model_relation (
-- Users
---------------------------------
insert into res_users (id,login,password,name,active,company_id,context_lang) values (1,'admin','admin','Administrator',True,1,'en_US');
insert into res_users (id,login,password,active,company_id,partner_id,lang) values (1,'admin','admin',True,1,1,'en_US');
insert into ir_model_data (name,module,model,noupdate,res_id) values ('user_root','base','res.users',True,1);
-- Compatibility purpose, to remove V6.0

16
openerp/addons/base/base_data.xml
View File

@ -1094,19 +1094,23 @@
<field name="currency_id" ref="base.EUR"/>
</record>
<record model="res.users" id="base.user_root">
<field name="signature">Administrator</field>
<record model="res.partner" id="base.partner_root">
<field name="name">Administrator</field>
<field name="company_id" ref="main_company"/>
<field name="customer" eval="False"/>
</record>
<record model="res.users" id="base.user_root">
<field name="partner_id" ref="base.partner_root"/>
<field name="company_id" ref="main_company"/>
<field name="menu_id" ref="action_menu_admin"/>
<field name="company_ids" eval="[(4, ref('main_company'))]"/>
<field name="menu_id" ref="action_menu_admin"/>
<field name="signature">Administrator</field>
</record>
<record id="main_partner" model="res.partner">
<field name="company_id" ref="main_company"/>
</record>
<record id="EUR" model="res.currency">
<field name="company_id" ref="main_company"/>
</record>
<!-- The Following currency rates are considered as on 1st Jan,2010 against EUR. -->
<!-- Currencies -->

4
openerp/addons/base/ir/ir_actions.py
View File

@ -625,8 +625,8 @@ class actions_server(osv.osv):
if not email_from:
_logger.debug('--email-from command line option is not specified, using a fallback value instead.')
if user.user_email:
email_from = user.user_email
if user.email:
email_from = user.email
else:
email_from = "%s@%s" % (user.login, gethostname())

4
openerp/addons/base/publisher_warranty/publisher_warranty.py
View File

@ -86,7 +86,7 @@ class publisher_warranty_contract(osv.osv):
db_create_date = self.pool.get('ir.config_parameter').get_param(cr, uid, 'database.create_date')
user = self.pool.get("res.users").browse(cr, uid, uid)
user_name = user.name
email = user.user_email
email = user.email
msg = {'contract_name': valid_contract.name,
'tb': tb,
@ -333,7 +333,7 @@ def get_sys_logs(cr, uid):
"db_create_date": db_create_date,
"version": release.version,
"contracts": [c.name for c in contracts],
"language": user.context_lang,
"language": user.lang,
}
add_arg = {"timeout":30} if sys.version_info >= (2,6) else {}

BIN
openerp/addons/base/res/photo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.6 KiB

4
openerp/addons/base/res/res_company.py
View File

@ -149,11 +149,9 @@ class res_company(osv.osv):
def _search(self, cr, uid, args, offset=0, limit=None, order=None,
context=None, count=False, access_rights_uid=None):
if context is None:
context = {}
user_preference = context.get('user_preference', False)
if user_preference:
if context.get('user_preference'):
# We browse as superuser. Otherwise, the user would be able to
# select only the currently visible companies (according to rules,
# which are probably to allow to see the child companies) even if

27
openerp/addons/base/res/res_partner.py
View File

@ -20,6 +20,7 @@
##############################################################################
import math
import openerp
import os
from osv import osv, fields
import re
@ -27,6 +28,10 @@ import tools
from tools.translate import _
import logging
import pooler
import pytz
def _tz_get(self,cr,uid, context=None):
return [(x, x) for x in pytz.all_timezones]
class res_payterm(osv.osv):
_description = 'Payment term'
@ -150,7 +155,12 @@ class res_partner(osv.osv):
'parent_id': fields.many2one('res.partner', 'Owned by'),
'child_ids': fields.one2many('res.partner', 'parent_id', 'Contacts'),
'ref': fields.char('Reference', size=64, select=1),
'lang': fields.selection(_lang_get, 'Language', help="If the selected language is loaded in the system, all documents related to this partner will be printed in this language. If not, it will be english."),
'lang': fields.selection(_lang_get, 'Language',
help="If the selected language is loaded in the system, all documents related to this partner will be printed in this language. If not, it will be english."),
'tz': fields.selection(_tz_get, 'Timezone', size=64,
help="The partner's timezone, used to output proper date and time values inside printed reports. "
"It is important to set a value for this field. You should use the same timezone "
"that is otherwise used to pick and render date and time values: your computer's timezone."),
'user_id': fields.many2one('res.users', 'Salesperson', help='The internal user that is in charge of communicating with this partner if any.'),
'vat': fields.char('VAT',size=32 ,help="Value Added Tax number. Check the box if the partner is subjected to the VAT. Used by the VAT legal statement."),
'bank_ids': fields.one2many('res.partner.bank', 'partner_id', 'Banks'),
@ -165,10 +175,10 @@ class res_partner(osv.osv):
'supplier': fields.boolean('Supplier', help="Check this box if the partner is a supplier. If it's not checked, purchase people will not see it when encoding a purchase order."),
'employee': fields.boolean('Employee', help="Check this box if the partner is an Employee."),
'function': fields.char('Job Position', size=128),
'type': fields.selection( [('default','Default'),('invoice','Invoice'),
'type': fields.selection( [('default','Default'), ('invoice','Invoice'),
('delivery','Delivery'), ('contact','Contact'),
('other','Other')],
'Address Type', help="Used to select automatically the right address according to the context in sales and purchases documents."),
('other', 'Other')], 'Address Type',
help="Used to select automatically the right address according to the context in sales and purchases documents."),
'street': fields.char('Street', size=128),
'street2': fields.char('Street2', size=128),
'zip': fields.char('Zip', change_default=True, size=24),
@ -217,13 +227,15 @@ class res_partner(osv.osv):
def _get_default_image(self, cr, uid, is_company, context=None):
if is_company:
image_path = os.path.join( tools.config['root_path'], 'addons', 'base', 'res', 'company_icon.png')
image_path = openerp.modules.get_module_resource('base', 'static/src/img', 'company_image.png')
else:
image_path = os.path.join( tools.config['root_path'], 'addons', 'base', 'res', 'photo.png')
image_path = openerp.modules.get_module_resource('base', 'static/src/img', 'partner_image.png')
return tools.image_resize_image_big(open(image_path, 'rb').read().encode('base64'))
_defaults = {
'active': True,
'lang': lambda self, cr, uid, context: context.get('lang', 'en_US'),
'tz': lambda self, cr, uid, context: context.get('tz', False),
'customer': True,
'category_id': _default_category,
'company_id': lambda s,cr,uid,c: s.pool.get('res.company')._company_default_get(cr, uid, 'res.partner', context=c),
@ -318,7 +330,8 @@ class res_partner(osv.osv):
def update_address(self, cr, uid, ids, vals, context=None):
addr_vals = dict((key, vals[key]) for key in POSTAL_ADDRESS_FIELDS if vals.get(key))
return super(res_partner, self).write(cr, uid, ids, addr_vals, context)
if addr_vals:
return super(res_partner, self).write(cr, uid, ids, addr_vals, context)
def name_get(self, cr, uid, ids, context=None):
if context is None:

16
openerp/addons/base/res/res_partner_demo.xml
View File

@ -6,7 +6,7 @@
-->
<record id="res_partner_category_0" model="res.partner.category">
<field name="name">Customer</field>
<field name="name">Partner</field>
</record>
<record id="res_partner_category_1" model="res.partner.category">
<field name="name">Supplier</field>
@ -18,15 +18,15 @@
<field name="name">Employee</field>
</record>
<record id="res_partner_category_4" model="res.partner.category">
<field name="name">Gold Partner</field>
<field name="name">Gold</field>
<field name="parent_id" ref="res_partner_category_0"/>
</record>
<record id="res_partner_category_5" model="res.partner.category">
<field name="name">Silver Partner</field>
<field name="name">Silver</field>
<field name="parent_id" ref="res_partner_category_0"/>
</record>
<record id="res_partner_category_6" model="res.partner.category">
<field name="name">Bronze Partner</field>
<field name="name">Bronze</field>
<field name="parent_id" ref="res_partner_category_0"/>
</record>
<record id="res_partner_category_7" model="res.partner.category">
@ -35,35 +35,27 @@
</record>
<record id="res_partner_category_8" model="res.partner.category">
<field name="name">Consultancy Services</field>
<field name="parent_id" ref="res_partner_category_0"/>
</record>
<record id="res_partner_category_9" model="res.partner.category">
<field name="name">Components Buyer</field>
<field name="parent_id" ref="res_partner_category_0"/>
</record>
<record id="res_partner_category_11" model="res.partner.category">
<field name="name">Services</field>
<field name="parent_id" ref="res_partner_category_1"/>
</record>
<record id="res_partner_category_12" model="res.partner.category">
<field name="name">Office Supplies</field>
<field name="parent_id" ref="res_partner_category_1"/>
</record>
<record id="res_partner_category_13" model="res.partner.category">
<field name="name">Distributor</field>
<field name="parent_id" ref="res_partner_category_1"/>
</record>
<record id="res_partner_category_14" model="res.partner.category">
<field name="name">Manufacturer</field>
<field name="parent_id" ref="res_partner_category_1"/>
</record>
<record id="res_partner_category_15" model="res.partner.category">
<field name="name">Wholesaler</field>
<field name="parent_id" ref="res_partner_category_1"/>
</record>
<record id="res_partner_category_16" model="res.partner.category">
<field name="name">Retailer</field>
<field name="parent_id" ref="res_partner_category_1"/>
</record>
<record id="res_partner_category_17" model="res.partner.category">
<field name="name">Company Contact</field>

2
openerp/addons/base/res/res_partner_view.xml
View File

@ -95,7 +95,7 @@
<field name="arch" type="xml">
<form string="Partners" version="7.0">
<sheet>
<field name="image_small" widget='image' class="oe_avatar oe_left"/>
<field name="image_medium" widget='image' class="oe_avatar oe_left"/>
<div class="oe_title">
<div class="oe_edit_only">
<label for="name"/> (

346
openerp/addons/base/res/res_users.py
View File

@ -20,11 +20,9 @@
#
##############################################################################
import logging
from functools import partial
import pytz
import logging
from lxml import etree
from lxml.builder import E
import netsvc
@ -96,59 +94,22 @@ class groups(osv.osv):
groups()
def _lang_get(self, cr, uid, context=None):
obj = self.pool.get('res.lang')
ids = obj.search(cr, uid, [('translatable','=',True)])
res = obj.read(cr, uid, ids, ['code', 'name'], context=context)
res = [(r['code'], r['name']) for r in res]
return res
class res_users(osv.osv):
""" User class. A res.users record models an OpenERP user and is different
from an employee.
def _tz_get(self,cr,uid, context=None):
return [(x, x) for x in pytz.all_timezones]
class users(osv.osv):
res.users class now inherits from res.partner. The partner model is
used to store the data related to the partner: lang, name, address,
avatar, ... The user model is now dedicated to technical data.
"""
__admin_ids = {}
_uid_cache = {}
_inherits = {
'res.partner': 'partner_id',
}
_name = "res.users"
_description = 'Users'
_order = 'name'
WELCOME_MAIL_SUBJECT = u"Welcome to OpenERP"
WELCOME_MAIL_BODY = u"An OpenERP account has been created for you, "\
"\"%(name)s\".\n\nYour login is %(login)s, "\
"you should ask your supervisor or system administrator if you "\
"haven't been given your password yet.\n\n"\
"If you aren't %(name)s, this email reached you errorneously, "\
"please delete it."
def get_welcome_mail_subject(self, cr, uid, context=None):
""" Returns the subject of the mail new users receive (when
created via the res.config.users wizard), default implementation
is to return config_users.WELCOME_MAIL_SUBJECT
"""
return self.WELCOME_MAIL_SUBJECT
def get_welcome_mail_body(self, cr, uid, context=None):
""" Returns the subject of the mail new users receive (when
created via the res.config.users wizard), default implementation
is to return config_users.WELCOME_MAIL_BODY
"""
return self.WELCOME_MAIL_BODY
def get_current_company(self, cr, uid):
cr.execute('select company_id, res_company.name from res_users left join res_company on res_company.id = company_id where res_users.id=%s' %uid)
return cr.fetchall()
def send_welcome_email(self, cr, uid, id, context=None):
if isinstance(id,list): id = id[0]
user = self.read(cr, uid, id, ['email','login','name', 'user_email'], context=context)
email = user['email'] or user['user_email']
ir_mail_server = self.pool.get('ir.mail_server')
msg = ir_mail_server.build_email(email_from=None, # take config default
email_to=[email],
subject=self.get_welcome_mail_subject(cr, uid, context=context),
body=(self.get_welcome_mail_body(cr, uid, context=context) % user))
return ir_mail_server.send_email(cr, uid, msg, context=context)
_order = 'login'
def _set_new_password(self, cr, uid, id, name, value, args, context=None):
if value is False:
@ -164,85 +125,67 @@ class users(osv.osv):
def _get_password(self, cr, uid, ids, arg, karg, context=None):
return dict.fromkeys(ids, '')
def _get_image(self, cr, uid, ids, name, args, context=None):
result = dict.fromkeys(ids, False)
for obj in self.browse(cr, uid, ids, context=context):
result[obj.id] = tools.image_get_resized_images(obj.image)
return result
def _set_image(self, cr, uid, id, name, value, args, context=None):
return self.write(cr, uid, [id], {'image': tools.image_resize_image_big(value)}, context=context)
_columns = {
'id': fields.integer('ID'),
'name': fields.char('User Name', size=64, required=True, select=True,
help="The new user's real name, used for searching"
" and most listings"),
'login_date': fields.date('Latest connection', select=1),
'partner_id': fields.many2one('res.partner', required=True,
string='Related Partner', ondelete='cascade',
help='Partner-related data of the user'),
'login': fields.char('Login', size=64, required=True,
help="Used to log into the system"),
'password': fields.char('Password', size=64, invisible=True, help="Keep empty if you don't want the user to be able to connect on the system."),
help="Used to log into the system"),
'password': fields.char('Password', size=64, invisible=True,
help="Keep empty if you don't want the user to be able to connect on the system."),
'new_password': fields.function(_get_password, type='char', size=64,
fnct_inv=_set_new_password,
string='Set Password', help="Specify a value only when creating a user or if you're changing the user's password, "
"otherwise leave empty. After a change of password, the user has to login again."),
'user_email': fields.char('Email', size=64),
fnct_inv=_set_new_password, string='Set Password',
help="Specify a value only when creating a user or if you're "\
"changing the user's password, otherwise leave empty. After "\
"a change of password, the user has to login again."),
'signature': fields.text('Signature', size=64),
'image': fields.binary("Avatar",
help="This field holds the image used as avatar for the "\
"user. The image is base64 encoded, and PIL-supported. "\
"It is limited to a 1024x1024 px image."),
'image_medium': fields.function(_get_image, fnct_inv=_set_image,
string="Medium-sized avatar", type="binary", multi="_get_image",
store = {
'res.users': (lambda self, cr, uid, ids, c={}: ids, ['image'], 10),
},
help="Medium-sized image of the user. It is automatically "\
"resized as a 180x180 px image, with aspect ratio preserved. "\
"Use this field in form views or some kanban views."),
'image_small': fields.function(_get_image, fnct_inv=_set_image,
string="Smal-sized avatar", type="binary", multi="_get_image",
store = {
'res.users': (lambda self, cr, uid, ids, c={}: ids, ['image'], 10),
},
help="Small-sized image of the user. It is automatically "\
"resized as a 50x50 px image, with aspect ratio preserved. "\
"Use this field anywhere a small image is required."),
'active': fields.boolean('Active'),
'action_id': fields.many2one('ir.actions.actions', 'Home Action', help="If specified, this action will be opened at logon for this user, in addition to the standard menu."),
'menu_id': fields.many2one('ir.actions.actions', 'Menu Action', help="If specified, the action will replace the standard menu for this user."),
'groups_id': fields.many2many('res.groups', 'res_groups_users_rel', 'uid', 'gid', 'Groups'),
# Special behavior for this field: res.company.search() will only return the companies
# available to the current user (should be the user's companies?), when the user_preference
# context is set.
'company_id': fields.many2one('res.company', 'Company', required=True,
help="The company this user is currently working for.", context={'user_preference': True}),
help='The company this user is currently working for.', context={'user_preference': True}),
'company_ids':fields.many2many('res.company','res_company_users_rel','user_id','cid','Companies'),
'context_lang': fields.selection(_lang_get, 'Language', required=True,
help="The default language used in the graphical user interface, when translations are available. To add a new language, you can use the 'Load a Translation' wizard available from the 'Administration' menu."),
'context_tz': fields.selection(_tz_get, 'Timezone', size=64,
help="The user's timezone, used to output proper date and time values inside printed reports. "
"It is important to set a value for this field. You should use the same timezone "
"that is otherwise used to pick and render date and time values: your computer's timezone."),
'date': fields.datetime('Latest Connection', readonly=True),
# backward compatibility fields
'user_email': fields.related('email', type='char',
deprecated='Use the email field instead of user_email. This field will be removed with OpenERP 7.1.'),
}
def on_change_company_id(self, cr, uid, ids, company_id):
return {
'warning' : {
return {'warning' : {
'title': _("Company Switch Warning"),
'message': _("Please keep in mind that documents currently displayed may not be relevant after switching to another company. If you have unsaved changes, please make sure to save and close all forms before switching to a different company. (You can click on Cancel in the User Preferences now)"),
}
}
def onchange_type(self, cr, uid, ids, is_company, context=None):
""" Wrapper on the user.partner onchange_type, because some calls to the
partner form view applied to the user may trigger the
partner.onchange_type method, but applied to the user object.
"""
partner_ids = [user.partner_id.id for user in self.browse(cr, uid, ids, context=context)]
return self.pool.get('res.partner').onchange_type(cr, uid, partner_ids, is_company, context=context)
def onchange_address(self, cr, uid, ids, use_parent_address, parent_id, context=None):
""" Wrapper on the user.partner onchange_address, because some calls to the
partner form view applied to the user may trigger the
partner.onchange_type method, but applied to the user object.
"""
partner_ids = [user.partner_id.id for user in self.browse(cr, uid, ids, context=context)]
return self.pool.get('res.partner').onchange_address(cr, uid, partner_ids, use_parent_address, parent_id, context=context)
def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
def override_password(o):
if 'password' in o and ( 'id' not in o or o['id'] != uid ):
o['password'] = '********'
return o
result = super(users, self).read(cr, uid, ids, fields, context, load)
result = super(res_users, self).read(cr, uid, ids, fields, context, load)
canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', False)
if not canwrite:
if isinstance(ids, (int, float)):
@ -263,21 +206,10 @@ class users(osv.osv):
('login_key', 'UNIQUE (login)', 'You can not have two users with the same login !')
]
def _get_email_from(self, cr, uid, ids, context=None):
if not isinstance(ids, list):
ids = [ids]
res = dict.fromkeys(ids, False)
for user in self.browse(cr, uid, ids, context=context):
if user.user_email:
res[user.id] = "%s <%s>" % (user.name, user.user_email)
return res
def _get_admin_id(self, cr):
if self.__admin_ids.get(cr.dbname) is None:
ir_model_data_obj = self.pool.get('ir.model.data')
mdid = ir_model_data_obj._get_id(cr, 1, 'base', 'user_root')
self.__admin_ids[cr.dbname] = ir_model_data_obj.read(cr, 1, [mdid], ['res_id'])[0]['res_id']
return self.__admin_ids[cr.dbname]
def _get_default_image(self, cr, uid, context=None):
""" Override of res.partner: multicolor avatars ! """
image_path = openerp.modules.get_module_resource('base', 'static/src/img', 'avatar%d.png' % random.randint(0, 6))
return tools.image_resize_image_big(open(image_path, 'rb').read().encode('base64'))
def _get_company(self,cr, uid, context=None, uid2=False):
if not uid2:
@ -315,27 +247,29 @@ class users(osv.osv):
pass
return result
def _get_default_image(self, cr, uid, context=None):
# default image file name: avatar0 -> avatar6.png, choose randomly
image_path = openerp.modules.get_module_resource('base', 'static/src/img', 'avatar%d.png' % random.randint(0, 6))
return tools.image_resize_image_big(open(image_path, 'rb').read().encode('base64'))
_defaults = {
'password' : '',
'context_lang': lambda self, cr, uid, context: context.get('lang', 'en_US'),
'context_tz': lambda self, cr, uid, context: context.get('tz', False),
'image': _get_default_image,
'image_small': _get_default_image,
'image_medium': _get_default_image,
'active' : True,
'customer': False,
'menu_id': _get_menu,
'company_id': _get_company,
'company_ids': _get_companies,
'groups_id': _get_group,
'image': lambda self, cr, uid, context: self._get_default_image(cr, uid, context),
}
def fields_view_get(self, cr, uid, view_id=None, view_type='form', context=None, toolbar=False, submenu=False):
""" Override of res.users fields_view_get.
- if the view is specified: resume with normal behavior
- else: the default view is overrided and redirected to the partner
view
"""
if not view_id and view_type == 'form':
return self.pool.get('res.partner').fields_view_get(cr, uid, view_id, view_type, context, toolbar, submenu)
return super(res_users, self).fields_view_get(cr, uid, view_id, view_type, context, toolbar, submenu)
# User can write to a few of her own fields (but not her groups for example)
SELF_WRITEABLE_FIELDS = ['password', 'signature', 'action_id', 'company_id', 'user_email', 'name', 'image', 'image_medium', 'image_small']
SELF_WRITEABLE_FIELDS = ['password', 'signature', 'action_id', 'company_id', 'email', 'name', 'image', 'image_medium', 'image_small']
def write(self, cr, uid, ids, values, context=None):
if not hasattr(ids, '__iter__'):
@ -350,7 +284,7 @@ class users(osv.osv):
del values['company_id']
uid = 1 # safe fields only, so we write as super-user to bypass access rights
res = super(users, self).write(cr, uid, ids, values, context=context)
res = super(res_users, self).write(cr, uid, ids, values, context=context)
# clear caches linked to the users
self.pool.get('ir.model.access').call_cache_clearing_methods(cr)
@ -372,7 +306,7 @@ class users(osv.osv):
for id in ids:
if id in self._uid_cache[db]:
del self._uid_cache[db][id]
return super(users, self).unlink(cr, uid, ids, context=context)
return super(res_users, self).unlink(cr, uid, ids, context=context)
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=100):
if not args:
@ -395,17 +329,23 @@ class users(osv.osv):
name=(copy_pattern % user2copy['name']),
)
copydef.update(default)
return super(users, self).copy(cr, uid, id, copydef, context)
return super(res_users, self).copy(cr, uid, id, copydef, context)
def context_get(self, cr, uid, context=None):
user = self.browse(cr, uid, uid, context)
result = {}
for k in self._columns.keys():
for k in self._all_columns.keys():
if k.startswith('context_'):
context_key = k[8:]
elif k in ['lang', 'tz']:
context_key = k
else:
context_key = False
if context_key:
res = getattr(user,k) or False
if isinstance(res, browse_record):
res = res.id
result[k[8:]] = res or False
result[context_key] = res or False
return result
def action_get(self, cr, uid, context=None):
@ -413,6 +353,57 @@ class users(osv.osv):
data_id = dataobj._get_id(cr, 1, 'base', 'action_res_users_my')
return dataobj.browse(cr, uid, data_id, context=context).res_id
def check_super(self, passwd):
if passwd == tools.config['admin_passwd']:
return True
else:
raise openerp.exceptions.AccessDenied()
def check_credentials(self, cr, uid, password):
""" Override this method to plug additional authentication methods"""
res = self.search(cr, 1, [('id','=',uid),('password','=',password)])
if not res:
raise openerp.exceptions.AccessDenied()
def login(self, db, login, password):
if not password:
return False
user_id = False
cr = pooler.get_db(db).cursor()
try:
# autocommit: our single update request will be performed atomically.
# (In this way, there is no opportunity to have two transactions
# interleaving their cr.execute()..cr.commit() calls and have one
# of them rolled back due to a concurrent access.)
cr.autocommit(True)
# check if user exists
res = self.search(cr, 1, [('login','=',login)])
if res:
user_id = res[0]
# check credentials
self.check_credentials(cr, user_id, password)
# We effectively unconditionally write the res_users line.
# Even w/ autocommit there's a chance the user row will be locked,
# in which case we can't delay the login just for the purpose of
# update the last login date - hence we use FOR UPDATE NOWAIT to
# try to get the lock - fail-fast
# Failing to acquire the lock on the res_users row probably means
# another request is holding it. No big deal, we don't want to
# prevent/delay login in that case. It will also have been logged
# as a SQL error, if anyone cares.
try:
cr.execute("SELECT id FROM res_users WHERE id=%s FOR UPDATE NOWAIT", str(user_id))
cr.execute("UPDATE res_users SET login_date = now() AT TIME ZONE 'UTC' WHERE id=%s", str(user_id))
except Exception, e:
_logger.exception("Failed to update last_login for db:%s login:%s", db, login)
except openerp.exceptions.AccessDenied:
_logger.info("Login failed for db:%s login:%s", db, login)
user_id = False
finally:
cr.close()
return user_id
def authenticate(self, db, login, password, user_agent_env):
"""Verifies and returns the user ID corresponding to the given
``login`` and ``password`` combination, or False if there was
@ -431,8 +422,8 @@ class users(osv.osv):
if user_agent_env and user_agent_env.get('base_location'):
cr = pooler.get_db(db).cursor()
try:
self.pool.get('ir.config_parameter').set_param(cr, uid, 'web.base.url',
user_agent_env['base_location'])
base = user_agent_env['base_location']
self.pool.get('ir.config_parameter').set_param(cr, uid, 'web.base.url', base)
cr.commit()
except Exception:
_logger.exception("Failed to update web.base.url configuration parameter")
@ -440,54 +431,8 @@ class users(osv.osv):
cr.close()
return uid
def login(self, db, login, password):
if not password:
return False
cr = pooler.get_db(db).cursor()
try:
# autocommit: our single request will be performed atomically.
# (In this way, there is no opportunity to have two transactions
# interleaving their cr.execute()..cr.commit() calls and have one
# of them rolled back due to a concurrent access.)
# We effectively unconditionally write the res_users line.
cr.autocommit(True)
# Even w/ autocommit there's a chance the user row will be locked,
# in which case we can't delay the login just for the purpose of
# update the last login date - hence we use FOR UPDATE NOWAIT to
# try to get the lock - fail-fast
cr.execute("""SELECT id from res_users
WHERE login=%s AND password=%s
AND active FOR UPDATE NOWAIT""",
(tools.ustr(login), tools.ustr(password)))
cr.execute("""UPDATE res_users
SET date = now() AT TIME ZONE 'UTC'
WHERE login=%s AND password=%s AND active
RETURNING id""",
(tools.ustr(login), tools.ustr(password)))
except Exception:
# Failing to acquire the lock on the res_users row probably means
# another request is holding it. No big deal, we don't want to
# prevent/delay login in that case. It will also have been logged
# as a SQL error, if anyone cares.
cr.execute("""SELECT id from res_users
WHERE login=%s AND password=%s
AND active""",
(tools.ustr(login), tools.ustr(password)))
finally:
res = cr.fetchone()
cr.close()
if res:
return res[0]
return False
def check_super(self, passwd):
if passwd == tools.config['admin_passwd']:
return True
else:
raise openerp.exceptions.AccessDenied()
def check(self, db, uid, passwd):
"""Verifies that the given (uid, password) pair is authorized for the database ``db`` and
"""Verifies that the given (uid, password) is authorized for the database ``db`` and
raise an exception if it is not."""
if not passwd:
# empty passwords disallowed for obvious security reasons
@ -496,32 +441,14 @@ class users(osv.osv):
return
cr = pooler.get_db(db).cursor()
try:
cr.execute('SELECT COUNT(1) FROM res_users WHERE id=%s AND password=%s AND active=%s',
(int(uid), passwd, True))
res = cr.fetchone()[0]
if not res:
raise openerp.exceptions.AccessDenied()
self.check_credentials(cr, uid, passwd)
if self._uid_cache.has_key(db):
ulist = self._uid_cache[db]
ulist[uid] = passwd
self._uid_cache[db][uid] = passwd
else:
self._uid_cache[db] = {uid:passwd}
finally:
cr.close()
def access(self, db, uid, passwd, sec_level, ids):
if not passwd:
return False
cr = pooler.get_db(db).cursor()
try:
cr.execute('SELECT id FROM res_users WHERE id=%s AND password=%s', (uid, passwd))
res = cr.fetchone()
if not res:
raise openerp.exceptions.AccessDenied()
return res[0]
finally:
cr.close()
def change_password(self, cr, uid, old_passwd, new_passwd, context=None):
"""Change current user password. Old password must be provided explicitly
to prevent hijacking an existing user session, or for cases where the cleartext
@ -565,9 +492,6 @@ class users(osv.osv):
(uid, module, ext_id))
return bool(cr.fetchone())
users()
#
# Extension of res.groups and res.users with a relation for "implied" or
@ -647,8 +571,6 @@ class groups_implied(osv.osv):
super(groups_implied, self).write(cr, uid, gids, vals, context)
return res
groups_implied()
class users_implied(osv.osv):
_inherit = 'res.users'
@ -672,10 +594,6 @@ class users_implied(osv.osv):
super(users_implied, self).write(cr, uid, [user.id], vals, context)
return res
users_implied()
#
# Extension of res.groups and res.users for the special groups view in the users
# form. This extension presents groups with selection and boolean widgets:
@ -818,8 +736,6 @@ class groups_view(osv.osv):
res.append((False, 'boolean', others))
return res
groups_view()
class users_view(osv.osv):
_inherit = 'res.users'
@ -911,6 +827,4 @@ class users_view(osv.osv):
}
return res
users_view()
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:

14
openerp/addons/base/res/res_users_view.xml
View File

@ -109,8 +109,8 @@
<page string="Preferences">
<group>
<group name="preferences">
<field name="context_lang"/>
<field name="context_tz"/>
<field name="lang"/>
<field name="tz"/>
</group>
<group groups="base.group_no_one">
<field name="action_id"/>
@ -118,7 +118,7 @@
</group>
</group>
<group>
<field name="user_email" widget="email"/>
<field name="email" widget="email"/>
<field name="signature"/>
</group>
</page>
@ -142,7 +142,7 @@
<tree string="Users">
<field name="name"/>
<field name="login"/>
<field name="context_lang"/>
<field name="lang"/>
<field name="date"/>
</tree>
</field>
@ -203,15 +203,15 @@
(<field name="login" readonly="1" class="oe_inline"/>)
</h1>
<group name="preferences" col="4">
<field name="context_lang" readonly="0"/>
<field name="lang" readonly="0"/>
<field name="company_id" readonly="0"
groups="base.group_multi_company" on_change="on_change_company_id(company_id)"/>
<field name="context_tz" readonly="0"/>
<field name="tz" readonly="0"/>
<field name="company_id" widget="selection" readonly="0"
groups="base.group_multi_company" on_change="on_change_company_id(company_id)"/>
</group>
<group string="Email Preferences">
<field name="user_email" widget="email" readonly="0"/>
<field name="email" widget="email" readonly="0"/>
<field name="signature" readonly="0"/>
</group>
<footer>

0
openerp/addons/base/res/company_icon.png → openerp/addons/base/static/src/img/company_image.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 4.0 KiB

After

Width:  |  Height:  |  Size: 4.0 KiB

BIN
openerp/addons/base/static/src/img/partner_image.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.7 KiB

16
openerp/addons/base/test/test_osv_expression.yml
View File

@ -2,22 +2,8 @@
Testing for hierarchical search in M2M
-
!python {model: res.partner }: |
ids = self.search(cr, uid, [('category_id', 'child_of','supplier')])
ids = self.search(cr, uid, [('category_id', 'child_of',ref('res_partner_category_0'))])
assert len(ids) >= 1, ids
-
Test hierarchical search in M2M with child ID1
-
!python {model: res.partner }: |
ids = self.search(cr, uid, [('category_id', 'child_of','Customer')])
assert len(ids) >= 1, ids
-
Test hierarchical search in M2M with child ID2
-
!python {model: res.partner }: |
ids = self.search(cr, uid, [('category_id', 'child_of','Manufacturer')])
assert len(ids) == 2, ids
-
"1.0 Setup test partner categories: parent root"
-

36
openerp/osv/fields.py
View File

@ -45,6 +45,7 @@ import openerp.tools as tools
from openerp.tools.translate import _
from openerp.tools import float_round, float_repr
import simplejson
from openerp.tools.html_sanitize import html_sanitize
_logger = logging.getLogger(__name__)
@ -228,6 +229,14 @@ class char(_column):
class text(_column):
_type = 'text'
class html(text):
_type = 'html'
_symbol_c = '%s'
def _symbol_f(x):
return html_sanitize(x)
_symbol_set = (_symbol_c, _symbol_f)
import __builtin__
class float(_column):
@ -649,6 +658,20 @@ class many2many(_column):
col2 = '%s_id' % dest_model._table
return (tbl, col1, col2)
def _get_query_and_where_params(self, cr, model, ids, values, where_params):
""" Extracted from ``get`` to facilitate fine-tuning of the generated
query. """
query = 'SELECT %(rel)s.%(id2)s, %(rel)s.%(id1)s \
FROM %(rel)s, %(from_c)s \
WHERE %(rel)s.%(id1)s IN %%s \
AND %(rel)s.%(id2)s = %(tbl)s.id \
%(where_c)s \
%(order_by)s \
%(limit)s \
OFFSET %(offset)d' \
% values
return query, where_params
def get(self, cr, model, ids, name, user=None, offset=0, context=None, values=None):
if not context:
context = {}
@ -686,15 +709,7 @@ class many2many(_column):
if self._limit is not None:
limit_str = ' LIMIT %d' % self._limit
query = 'SELECT %(rel)s.%(id2)s, %(rel)s.%(id1)s \
FROM %(rel)s, %(from_c)s \
WHERE %(rel)s.%(id1)s IN %%s \
AND %(rel)s.%(id2)s = %(tbl)s.id \
%(where_c)s \
%(order_by)s \
%(limit)s \
OFFSET %(offset)d' \
% {'rel': rel,
query, where_params = self._get_query_and_where_params(cr, model, ids, {'rel': rel,
'from_c': from_c,
'tbl': obj._table,
'id1': id1,
@ -703,7 +718,8 @@ class many2many(_column):
'limit': limit_str,
'order_by': order_by,
'offset': offset,
}
}, where_params)
cr.execute(query, [tuple(ids),] + where_params)
for r in cr.fetchall():
res[r[1]].append(r[0])

1
openerp/osv/orm.py
View File

@ -545,6 +545,7 @@ FIELDS_TO_PGTYPES = {
fields.boolean: 'bool',
fields.integer: 'int4',
fields.text: 'text',
fields.html: 'text',
fields.date: 'date',
fields.datetime: 'timestamp',
fields.binary: 'bytea',

8
openerp/service/web_services.py
View File

@ -75,10 +75,10 @@ def _initialize_db(serv, id, db_name, demo, lang, user_password):
mids = modobj.search(cr, 1, [('state', '=', 'installed')])
modobj.update_translations(cr, 1, mids, lang)
cr.execute('UPDATE res_users SET password=%s, context_lang=%s, active=True WHERE login=%s', (
cr.execute('UPDATE res_users SET password=%s, lang=%s, active=True WHERE login=%s', (
user_password, lang, 'admin'))
cr.execute('SELECT login, password, name ' \
' FROM res_users ' \
cr.execute('SELECT login, password ' \
' FROM res_users ' \
' ORDER BY login')
serv.actions[id].update(users=cr.dictfetchall(), clean=True)
cr.commit()
@ -425,7 +425,7 @@ OpenERP is an ERP+CRM program for small and medium businesses.
The whole source code is distributed under the terms of the
GNU Public Licence.
(c) 2003-TODAY, Fabien Pinckaers - Tiny sprl''')
(c) 2003-TODAY - OpenERP SA''')
if extended:
return info, release.version

37
openerp/tests/test_html_sanitize.py Executable file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import unittest
from openerp.tools.html_sanitize import html_sanitize
test_case = """
<font size="2" style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; ">test1</font>
<div style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; font-size: 12px; font-style: normal; ">
<b>test2</b></div><div style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; font-size: 12px; ">
<i>test3</i></div><div style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; font-size: 12px; ">
<u>test4</u></div><div style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; font-size: 12px; ">
<strike>test5</strike></div><div style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; ">
<font size="5">test6</font></div><div><ul><li><font color="#1f1f1f" face="monospace" size="2">test7</font></li><li>
<font color="#1f1f1f" face="monospace" size="2">test8</font></li></ul><div><ol><li><font color="#1f1f1f" face="monospace" size="2">test9</font>
</li><li><font color="#1f1f1f" face="monospace" size="2">test10</font></li></ol></div></div>
<blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><div><div><font color="#1f1f1f" face="monospace" size="2">
test11</font></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;">
<blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><font color="#1f1f1f" face="monospace" size="2">
test12</font></div><div><font color="#1f1f1f" face="monospace" size="2"><br></font></div></blockquote></blockquote>
<font color="#1f1f1f" face="monospace" size="2"><a href="http://google.com">google</a></font>
<a href="javascript:alert('malicious code')">test link</a>
"""
class TestSanitizer(unittest.TestCase):
def test_simple(self):
x = "yop"
self.assertEqual(x, html_sanitize(x))
def test_test_case(self):
html_sanitize(test_case)
def test_crm(self):
html_sanitize("Merci à l'intérêt pour notre produit.nous vous contacterons bientôt. Merci")
if __name__ == '__main__':
unittest.main()

1
openerp/tools/__init__.py
View File

@ -33,6 +33,7 @@ from pdf_utils import *
from yaml_import import *
from sql import *
from float_utils import *
from html_sanitize import *
#.apidoc title: Tools

62
openerp/tools/html_sanitize.py Normal file
View File

@ -0,0 +1,62 @@
from pyquery import PyQuery as pq
import re
def html_sanitize(x):
if not x:
return x
root = pq("<div />")
if type(x) == str:
x = unicode(x, "utf8", "replace")
root.html(x)
result = handle_element(root[0])
new = pq(result)
return new.html()
to_remove = set(["script", "head", "meta", "title", "link", "img"])
to_unwrap = set(["html", "body"])
javascript_regex = re.compile("""^\s*javascript\s*\:.*$""")
def handle_a(el, new):
href = el.get("href", "#")
if javascript_regex.search(href):
href = "#"
new.set("href", href)
special = {
"a": handle_a,
}
def handle_element(el):
if type(el) == str or type(el) == unicode:
return [el]
if el.tag in to_remove:
return []
if el.tag in to_unwrap:
return reduce(lambda x,y: x+y, [handle_element(x) for x in children(el)])
new = pq("<%s />" % el.tag)[0]
for i in children(el):
append_to(handle_element(i), new)
if el.tag in special:
special[el.tag](el, new)
return [new]
def children(el):
res = []
if el.text is not None:
res.append(el.text)
for i in el.getchildren():
res.append(i)
if i.tail is not None:
res.append(i.tail)
return res
def append_to(new_ones, el):
for i in new_ones:
if type(i) == str or type(i) == unicode:
children = el.getchildren()
if len(children) == 0:
el.text = i
else:
children[-1].tail = i
else:
el.append(i)

1
setup.py
View File

@ -102,6 +102,7 @@ setuptools.setup(
'mako',
'psycopg2',
'pydot',
'pyquery',
'python-dateutil < 2',
'python-ldap',
'python-openid',