[MERGE]: Merge with latest trunk-server
bzr revid: rpa@tinyerp.com-20120816052255-anabrq2e0q74ba0e
This commit is contained in:
commit
327e7d095f
|
@ -146,17 +146,15 @@ select setval('ir_ui_menu_id_seq', 2);
|
|||
|
||||
CREATE TABLE res_users (
|
||||
id serial NOT NULL,
|
||||
name varchar(64) not null,
|
||||
active boolean default True,
|
||||
login varchar(64) NOT NULL UNIQUE,
|
||||
password varchar(64) default null,
|
||||
email varchar(64) default null,
|
||||
context_tz varchar(64) default null,
|
||||
signature text,
|
||||
context_lang varchar(64) default '',
|
||||
tz varchar(64) default null,
|
||||
lang varchar(64) default '',
|
||||
-- No FK references below, will be added later by ORM
|
||||
-- (when the destination rows exist)
|
||||
company_id int,
|
||||
partner_id int,
|
||||
primary key(id)
|
||||
);
|
||||
alter table res_users add constraint res_users_login_uniq unique (login);
|
||||
|
@ -385,7 +383,7 @@ CREATE TABLE ir_model_relation (
|
|||
-- Users
|
||||
---------------------------------
|
||||
|
||||
insert into res_users (id,login,password,name,active,company_id,context_lang) values (1,'admin','admin','Administrator',True,1,'en_US');
|
||||
insert into res_users (id,login,password,active,company_id,partner_id,lang) values (1,'admin','admin',True,1,1,'en_US');
|
||||
insert into ir_model_data (name,module,model,noupdate,res_id) values ('user_root','base','res.users',True,1);
|
||||
|
||||
-- Compatibility purpose, to remove V6.0
|
||||
|
|
|
@ -1094,19 +1094,23 @@
|
|||
<field name="currency_id" ref="base.EUR"/>
|
||||
</record>
|
||||
|
||||
<record model="res.users" id="base.user_root">
|
||||
<field name="signature">Administrator</field>
|
||||
<record model="res.partner" id="base.partner_root">
|
||||
<field name="name">Administrator</field>
|
||||
<field name="company_id" ref="main_company"/>
|
||||
<field name="customer" eval="False"/>
|
||||
</record>
|
||||
|
||||
<record model="res.users" id="base.user_root">
|
||||
<field name="partner_id" ref="base.partner_root"/>
|
||||
<field name="company_id" ref="main_company"/>
|
||||
<field name="menu_id" ref="action_menu_admin"/>
|
||||
<field name="company_ids" eval="[(4, ref('main_company'))]"/>
|
||||
<field name="menu_id" ref="action_menu_admin"/>
|
||||
<field name="signature">Administrator</field>
|
||||
</record>
|
||||
|
||||
<record id="main_partner" model="res.partner">
|
||||
<field name="company_id" ref="main_company"/>
|
||||
</record>
|
||||
<record id="EUR" model="res.currency">
|
||||
<field name="company_id" ref="main_company"/>
|
||||
</record>
|
||||
|
||||
<!-- The Following currency rates are considered as on 1st Jan,2010 against EUR. -->
|
||||
<!-- Currencies -->
|
||||
|
|
|
@ -625,8 +625,8 @@ class actions_server(osv.osv):
|
|||
|
||||
if not email_from:
|
||||
_logger.debug('--email-from command line option is not specified, using a fallback value instead.')
|
||||
if user.user_email:
|
||||
email_from = user.user_email
|
||||
if user.email:
|
||||
email_from = user.email
|
||||
else:
|
||||
email_from = "%s@%s" % (user.login, gethostname())
|
||||
|
||||
|
|
|
@ -86,7 +86,7 @@ class publisher_warranty_contract(osv.osv):
|
|||
db_create_date = self.pool.get('ir.config_parameter').get_param(cr, uid, 'database.create_date')
|
||||
user = self.pool.get("res.users").browse(cr, uid, uid)
|
||||
user_name = user.name
|
||||
email = user.user_email
|
||||
email = user.email
|
||||
|
||||
msg = {'contract_name': valid_contract.name,
|
||||
'tb': tb,
|
||||
|
@ -333,7 +333,7 @@ def get_sys_logs(cr, uid):
|
|||
"db_create_date": db_create_date,
|
||||
"version": release.version,
|
||||
"contracts": [c.name for c in contracts],
|
||||
"language": user.context_lang,
|
||||
"language": user.lang,
|
||||
}
|
||||
|
||||
add_arg = {"timeout":30} if sys.version_info >= (2,6) else {}
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 2.6 KiB |
|
@ -149,11 +149,9 @@ class res_company(osv.osv):
|
|||
|
||||
def _search(self, cr, uid, args, offset=0, limit=None, order=None,
|
||||
context=None, count=False, access_rights_uid=None):
|
||||
|
||||
if context is None:
|
||||
context = {}
|
||||
user_preference = context.get('user_preference', False)
|
||||
if user_preference:
|
||||
if context.get('user_preference'):
|
||||
# We browse as superuser. Otherwise, the user would be able to
|
||||
# select only the currently visible companies (according to rules,
|
||||
# which are probably to allow to see the child companies) even if
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
##############################################################################
|
||||
|
||||
import math
|
||||
import openerp
|
||||
import os
|
||||
from osv import osv, fields
|
||||
import re
|
||||
|
@ -27,6 +28,10 @@ import tools
|
|||
from tools.translate import _
|
||||
import logging
|
||||
import pooler
|
||||
import pytz
|
||||
|
||||
def _tz_get(self,cr,uid, context=None):
|
||||
return [(x, x) for x in pytz.all_timezones]
|
||||
|
||||
class res_payterm(osv.osv):
|
||||
_description = 'Payment term'
|
||||
|
@ -150,7 +155,12 @@ class res_partner(osv.osv):
|
|||
'parent_id': fields.many2one('res.partner', 'Owned by'),
|
||||
'child_ids': fields.one2many('res.partner', 'parent_id', 'Contacts'),
|
||||
'ref': fields.char('Reference', size=64, select=1),
|
||||
'lang': fields.selection(_lang_get, 'Language', help="If the selected language is loaded in the system, all documents related to this partner will be printed in this language. If not, it will be english."),
|
||||
'lang': fields.selection(_lang_get, 'Language',
|
||||
help="If the selected language is loaded in the system, all documents related to this partner will be printed in this language. If not, it will be english."),
|
||||
'tz': fields.selection(_tz_get, 'Timezone', size=64,
|
||||
help="The partner's timezone, used to output proper date and time values inside printed reports. "
|
||||
"It is important to set a value for this field. You should use the same timezone "
|
||||
"that is otherwise used to pick and render date and time values: your computer's timezone."),
|
||||
'user_id': fields.many2one('res.users', 'Salesperson', help='The internal user that is in charge of communicating with this partner if any.'),
|
||||
'vat': fields.char('VAT',size=32 ,help="Value Added Tax number. Check the box if the partner is subjected to the VAT. Used by the VAT legal statement."),
|
||||
'bank_ids': fields.one2many('res.partner.bank', 'partner_id', 'Banks'),
|
||||
|
@ -165,10 +175,10 @@ class res_partner(osv.osv):
|
|||
'supplier': fields.boolean('Supplier', help="Check this box if the partner is a supplier. If it's not checked, purchase people will not see it when encoding a purchase order."),
|
||||
'employee': fields.boolean('Employee', help="Check this box if the partner is an Employee."),
|
||||
'function': fields.char('Job Position', size=128),
|
||||
'type': fields.selection( [('default','Default'),('invoice','Invoice'),
|
||||
'type': fields.selection( [('default','Default'), ('invoice','Invoice'),
|
||||
('delivery','Delivery'), ('contact','Contact'),
|
||||
('other','Other')],
|
||||
'Address Type', help="Used to select automatically the right address according to the context in sales and purchases documents."),
|
||||
('other', 'Other')], 'Address Type',
|
||||
help="Used to select automatically the right address according to the context in sales and purchases documents."),
|
||||
'street': fields.char('Street', size=128),
|
||||
'street2': fields.char('Street2', size=128),
|
||||
'zip': fields.char('Zip', change_default=True, size=24),
|
||||
|
@ -217,13 +227,15 @@ class res_partner(osv.osv):
|
|||
|
||||
def _get_default_image(self, cr, uid, is_company, context=None):
|
||||
if is_company:
|
||||
image_path = os.path.join( tools.config['root_path'], 'addons', 'base', 'res', 'company_icon.png')
|
||||
image_path = openerp.modules.get_module_resource('base', 'static/src/img', 'company_image.png')
|
||||
else:
|
||||
image_path = os.path.join( tools.config['root_path'], 'addons', 'base', 'res', 'photo.png')
|
||||
image_path = openerp.modules.get_module_resource('base', 'static/src/img', 'partner_image.png')
|
||||
return tools.image_resize_image_big(open(image_path, 'rb').read().encode('base64'))
|
||||
|
||||
_defaults = {
|
||||
'active': True,
|
||||
'lang': lambda self, cr, uid, context: context.get('lang', 'en_US'),
|
||||
'tz': lambda self, cr, uid, context: context.get('tz', False),
|
||||
'customer': True,
|
||||
'category_id': _default_category,
|
||||
'company_id': lambda s,cr,uid,c: s.pool.get('res.company')._company_default_get(cr, uid, 'res.partner', context=c),
|
||||
|
@ -318,7 +330,8 @@ class res_partner(osv.osv):
|
|||
|
||||
def update_address(self, cr, uid, ids, vals, context=None):
|
||||
addr_vals = dict((key, vals[key]) for key in POSTAL_ADDRESS_FIELDS if vals.get(key))
|
||||
return super(res_partner, self).write(cr, uid, ids, addr_vals, context)
|
||||
if addr_vals:
|
||||
return super(res_partner, self).write(cr, uid, ids, addr_vals, context)
|
||||
|
||||
def name_get(self, cr, uid, ids, context=None):
|
||||
if context is None:
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
-->
|
||||
|
||||
<record id="res_partner_category_0" model="res.partner.category">
|
||||
<field name="name">Customer</field>
|
||||
<field name="name">Partner</field>
|
||||
</record>
|
||||
<record id="res_partner_category_1" model="res.partner.category">
|
||||
<field name="name">Supplier</field>
|
||||
|
@ -18,15 +18,15 @@
|
|||
<field name="name">Employee</field>
|
||||
</record>
|
||||
<record id="res_partner_category_4" model="res.partner.category">
|
||||
<field name="name">Gold Partner</field>
|
||||
<field name="name">Gold</field>
|
||||
<field name="parent_id" ref="res_partner_category_0"/>
|
||||
</record>
|
||||
<record id="res_partner_category_5" model="res.partner.category">
|
||||
<field name="name">Silver Partner</field>
|
||||
<field name="name">Silver</field>
|
||||
<field name="parent_id" ref="res_partner_category_0"/>
|
||||
</record>
|
||||
<record id="res_partner_category_6" model="res.partner.category">
|
||||
<field name="name">Bronze Partner</field>
|
||||
<field name="name">Bronze</field>
|
||||
<field name="parent_id" ref="res_partner_category_0"/>
|
||||
</record>
|
||||
<record id="res_partner_category_7" model="res.partner.category">
|
||||
|
@ -35,35 +35,27 @@
|
|||
</record>
|
||||
<record id="res_partner_category_8" model="res.partner.category">
|
||||
<field name="name">Consultancy Services</field>
|
||||
<field name="parent_id" ref="res_partner_category_0"/>
|
||||
</record>
|
||||
<record id="res_partner_category_9" model="res.partner.category">
|
||||
<field name="name">Components Buyer</field>
|
||||
<field name="parent_id" ref="res_partner_category_0"/>
|
||||
</record>
|
||||
<record id="res_partner_category_11" model="res.partner.category">
|
||||
<field name="name">Services</field>
|
||||
<field name="parent_id" ref="res_partner_category_1"/>
|
||||
</record>
|
||||
<record id="res_partner_category_12" model="res.partner.category">
|
||||
<field name="name">Office Supplies</field>
|
||||
<field name="parent_id" ref="res_partner_category_1"/>
|
||||
</record>
|
||||
<record id="res_partner_category_13" model="res.partner.category">
|
||||
<field name="name">Distributor</field>
|
||||
<field name="parent_id" ref="res_partner_category_1"/>
|
||||
</record>
|
||||
<record id="res_partner_category_14" model="res.partner.category">
|
||||
<field name="name">Manufacturer</field>
|
||||
<field name="parent_id" ref="res_partner_category_1"/>
|
||||
</record>
|
||||
<record id="res_partner_category_15" model="res.partner.category">
|
||||
<field name="name">Wholesaler</field>
|
||||
<field name="parent_id" ref="res_partner_category_1"/>
|
||||
</record>
|
||||
<record id="res_partner_category_16" model="res.partner.category">
|
||||
<field name="name">Retailer</field>
|
||||
<field name="parent_id" ref="res_partner_category_1"/>
|
||||
</record>
|
||||
<record id="res_partner_category_17" model="res.partner.category">
|
||||
<field name="name">Company Contact</field>
|
||||
|
|
|
@ -95,7 +95,7 @@
|
|||
<field name="arch" type="xml">
|
||||
<form string="Partners" version="7.0">
|
||||
<sheet>
|
||||
<field name="image_small" widget='image' class="oe_avatar oe_left"/>
|
||||
<field name="image_medium" widget='image' class="oe_avatar oe_left"/>
|
||||
<div class="oe_title">
|
||||
<div class="oe_edit_only">
|
||||
<label for="name"/> (
|
||||
|
|
|
@ -20,11 +20,9 @@
|
|||
#
|
||||
##############################################################################
|
||||
|
||||
import logging
|
||||
|
||||
from functools import partial
|
||||
|
||||
import pytz
|
||||
|
||||
import logging
|
||||
from lxml import etree
|
||||
from lxml.builder import E
|
||||
import netsvc
|
||||
|
@ -96,59 +94,22 @@ class groups(osv.osv):
|
|||
|
||||
groups()
|
||||
|
||||
def _lang_get(self, cr, uid, context=None):
|
||||
obj = self.pool.get('res.lang')
|
||||
ids = obj.search(cr, uid, [('translatable','=',True)])
|
||||
res = obj.read(cr, uid, ids, ['code', 'name'], context=context)
|
||||
res = [(r['code'], r['name']) for r in res]
|
||||
return res
|
||||
class res_users(osv.osv):
|
||||
""" User class. A res.users record models an OpenERP user and is different
|
||||
from an employee.
|
||||
|
||||
def _tz_get(self,cr,uid, context=None):
|
||||
return [(x, x) for x in pytz.all_timezones]
|
||||
|
||||
class users(osv.osv):
|
||||
res.users class now inherits from res.partner. The partner model is
|
||||
used to store the data related to the partner: lang, name, address,
|
||||
avatar, ... The user model is now dedicated to technical data.
|
||||
"""
|
||||
__admin_ids = {}
|
||||
_uid_cache = {}
|
||||
_inherits = {
|
||||
'res.partner': 'partner_id',
|
||||
}
|
||||
_name = "res.users"
|
||||
_description = 'Users'
|
||||
_order = 'name'
|
||||
|
||||
WELCOME_MAIL_SUBJECT = u"Welcome to OpenERP"
|
||||
WELCOME_MAIL_BODY = u"An OpenERP account has been created for you, "\
|
||||
"\"%(name)s\".\n\nYour login is %(login)s, "\
|
||||
"you should ask your supervisor or system administrator if you "\
|
||||
"haven't been given your password yet.\n\n"\
|
||||
"If you aren't %(name)s, this email reached you errorneously, "\
|
||||
"please delete it."
|
||||
|
||||
def get_welcome_mail_subject(self, cr, uid, context=None):
|
||||
""" Returns the subject of the mail new users receive (when
|
||||
created via the res.config.users wizard), default implementation
|
||||
is to return config_users.WELCOME_MAIL_SUBJECT
|
||||
"""
|
||||
return self.WELCOME_MAIL_SUBJECT
|
||||
def get_welcome_mail_body(self, cr, uid, context=None):
|
||||
""" Returns the subject of the mail new users receive (when
|
||||
created via the res.config.users wizard), default implementation
|
||||
is to return config_users.WELCOME_MAIL_BODY
|
||||
"""
|
||||
return self.WELCOME_MAIL_BODY
|
||||
|
||||
def get_current_company(self, cr, uid):
|
||||
cr.execute('select company_id, res_company.name from res_users left join res_company on res_company.id = company_id where res_users.id=%s' %uid)
|
||||
return cr.fetchall()
|
||||
|
||||
def send_welcome_email(self, cr, uid, id, context=None):
|
||||
if isinstance(id,list): id = id[0]
|
||||
user = self.read(cr, uid, id, ['email','login','name', 'user_email'], context=context)
|
||||
email = user['email'] or user['user_email']
|
||||
|
||||
ir_mail_server = self.pool.get('ir.mail_server')
|
||||
msg = ir_mail_server.build_email(email_from=None, # take config default
|
||||
email_to=[email],
|
||||
subject=self.get_welcome_mail_subject(cr, uid, context=context),
|
||||
body=(self.get_welcome_mail_body(cr, uid, context=context) % user))
|
||||
return ir_mail_server.send_email(cr, uid, msg, context=context)
|
||||
_order = 'login'
|
||||
|
||||
def _set_new_password(self, cr, uid, id, name, value, args, context=None):
|
||||
if value is False:
|
||||
|
@ -164,85 +125,67 @@ class users(osv.osv):
|
|||
|
||||
def _get_password(self, cr, uid, ids, arg, karg, context=None):
|
||||
return dict.fromkeys(ids, '')
|
||||
|
||||
def _get_image(self, cr, uid, ids, name, args, context=None):
|
||||
result = dict.fromkeys(ids, False)
|
||||
for obj in self.browse(cr, uid, ids, context=context):
|
||||
result[obj.id] = tools.image_get_resized_images(obj.image)
|
||||
return result
|
||||
|
||||
def _set_image(self, cr, uid, id, name, value, args, context=None):
|
||||
return self.write(cr, uid, [id], {'image': tools.image_resize_image_big(value)}, context=context)
|
||||
|
||||
_columns = {
|
||||
'id': fields.integer('ID'),
|
||||
'name': fields.char('User Name', size=64, required=True, select=True,
|
||||
help="The new user's real name, used for searching"
|
||||
" and most listings"),
|
||||
'login_date': fields.date('Latest connection', select=1),
|
||||
'partner_id': fields.many2one('res.partner', required=True,
|
||||
string='Related Partner', ondelete='cascade',
|
||||
help='Partner-related data of the user'),
|
||||
'login': fields.char('Login', size=64, required=True,
|
||||
help="Used to log into the system"),
|
||||
'password': fields.char('Password', size=64, invisible=True, help="Keep empty if you don't want the user to be able to connect on the system."),
|
||||
help="Used to log into the system"),
|
||||
'password': fields.char('Password', size=64, invisible=True,
|
||||
help="Keep empty if you don't want the user to be able to connect on the system."),
|
||||
'new_password': fields.function(_get_password, type='char', size=64,
|
||||
fnct_inv=_set_new_password,
|
||||
string='Set Password', help="Specify a value only when creating a user or if you're changing the user's password, "
|
||||
"otherwise leave empty. After a change of password, the user has to login again."),
|
||||
'user_email': fields.char('Email', size=64),
|
||||
fnct_inv=_set_new_password, string='Set Password',
|
||||
help="Specify a value only when creating a user or if you're "\
|
||||
"changing the user's password, otherwise leave empty. After "\
|
||||
"a change of password, the user has to login again."),
|
||||
'signature': fields.text('Signature', size=64),
|
||||
'image': fields.binary("Avatar",
|
||||
help="This field holds the image used as avatar for the "\
|
||||
"user. The image is base64 encoded, and PIL-supported. "\
|
||||
"It is limited to a 1024x1024 px image."),
|
||||
'image_medium': fields.function(_get_image, fnct_inv=_set_image,
|
||||
string="Medium-sized avatar", type="binary", multi="_get_image",
|
||||
store = {
|
||||
'res.users': (lambda self, cr, uid, ids, c={}: ids, ['image'], 10),
|
||||
},
|
||||
help="Medium-sized image of the user. It is automatically "\
|
||||
"resized as a 180x180 px image, with aspect ratio preserved. "\
|
||||
"Use this field in form views or some kanban views."),
|
||||
'image_small': fields.function(_get_image, fnct_inv=_set_image,
|
||||
string="Smal-sized avatar", type="binary", multi="_get_image",
|
||||
store = {
|
||||
'res.users': (lambda self, cr, uid, ids, c={}: ids, ['image'], 10),
|
||||
},
|
||||
help="Small-sized image of the user. It is automatically "\
|
||||
"resized as a 50x50 px image, with aspect ratio preserved. "\
|
||||
"Use this field anywhere a small image is required."),
|
||||
'active': fields.boolean('Active'),
|
||||
'action_id': fields.many2one('ir.actions.actions', 'Home Action', help="If specified, this action will be opened at logon for this user, in addition to the standard menu."),
|
||||
'menu_id': fields.many2one('ir.actions.actions', 'Menu Action', help="If specified, the action will replace the standard menu for this user."),
|
||||
'groups_id': fields.many2many('res.groups', 'res_groups_users_rel', 'uid', 'gid', 'Groups'),
|
||||
|
||||
# Special behavior for this field: res.company.search() will only return the companies
|
||||
# available to the current user (should be the user's companies?), when the user_preference
|
||||
# context is set.
|
||||
'company_id': fields.many2one('res.company', 'Company', required=True,
|
||||
help="The company this user is currently working for.", context={'user_preference': True}),
|
||||
|
||||
help='The company this user is currently working for.', context={'user_preference': True}),
|
||||
'company_ids':fields.many2many('res.company','res_company_users_rel','user_id','cid','Companies'),
|
||||
'context_lang': fields.selection(_lang_get, 'Language', required=True,
|
||||
help="The default language used in the graphical user interface, when translations are available. To add a new language, you can use the 'Load a Translation' wizard available from the 'Administration' menu."),
|
||||
'context_tz': fields.selection(_tz_get, 'Timezone', size=64,
|
||||
help="The user's timezone, used to output proper date and time values inside printed reports. "
|
||||
"It is important to set a value for this field. You should use the same timezone "
|
||||
"that is otherwise used to pick and render date and time values: your computer's timezone."),
|
||||
'date': fields.datetime('Latest Connection', readonly=True),
|
||||
# backward compatibility fields
|
||||
'user_email': fields.related('email', type='char',
|
||||
deprecated='Use the email field instead of user_email. This field will be removed with OpenERP 7.1.'),
|
||||
}
|
||||
|
||||
def on_change_company_id(self, cr, uid, ids, company_id):
|
||||
return {
|
||||
'warning' : {
|
||||
return {'warning' : {
|
||||
'title': _("Company Switch Warning"),
|
||||
'message': _("Please keep in mind that documents currently displayed may not be relevant after switching to another company. If you have unsaved changes, please make sure to save and close all forms before switching to a different company. (You can click on Cancel in the User Preferences now)"),
|
||||
}
|
||||
}
|
||||
|
||||
def onchange_type(self, cr, uid, ids, is_company, context=None):
|
||||
""" Wrapper on the user.partner onchange_type, because some calls to the
|
||||
partner form view applied to the user may trigger the
|
||||
partner.onchange_type method, but applied to the user object.
|
||||
"""
|
||||
partner_ids = [user.partner_id.id for user in self.browse(cr, uid, ids, context=context)]
|
||||
return self.pool.get('res.partner').onchange_type(cr, uid, partner_ids, is_company, context=context)
|
||||
|
||||
def onchange_address(self, cr, uid, ids, use_parent_address, parent_id, context=None):
|
||||
""" Wrapper on the user.partner onchange_address, because some calls to the
|
||||
partner form view applied to the user may trigger the
|
||||
partner.onchange_type method, but applied to the user object.
|
||||
"""
|
||||
partner_ids = [user.partner_id.id for user in self.browse(cr, uid, ids, context=context)]
|
||||
return self.pool.get('res.partner').onchange_address(cr, uid, partner_ids, use_parent_address, parent_id, context=context)
|
||||
|
||||
def read(self,cr, uid, ids, fields=None, context=None, load='_classic_read'):
|
||||
def override_password(o):
|
||||
if 'password' in o and ( 'id' not in o or o['id'] != uid ):
|
||||
o['password'] = '********'
|
||||
return o
|
||||
result = super(users, self).read(cr, uid, ids, fields, context, load)
|
||||
result = super(res_users, self).read(cr, uid, ids, fields, context, load)
|
||||
canwrite = self.pool.get('ir.model.access').check(cr, uid, 'res.users', 'write', False)
|
||||
if not canwrite:
|
||||
if isinstance(ids, (int, float)):
|
||||
|
@ -263,21 +206,10 @@ class users(osv.osv):
|
|||
('login_key', 'UNIQUE (login)', 'You can not have two users with the same login !')
|
||||
]
|
||||
|
||||
def _get_email_from(self, cr, uid, ids, context=None):
|
||||
if not isinstance(ids, list):
|
||||
ids = [ids]
|
||||
res = dict.fromkeys(ids, False)
|
||||
for user in self.browse(cr, uid, ids, context=context):
|
||||
if user.user_email:
|
||||
res[user.id] = "%s <%s>" % (user.name, user.user_email)
|
||||
return res
|
||||
|
||||
def _get_admin_id(self, cr):
|
||||
if self.__admin_ids.get(cr.dbname) is None:
|
||||
ir_model_data_obj = self.pool.get('ir.model.data')
|
||||
mdid = ir_model_data_obj._get_id(cr, 1, 'base', 'user_root')
|
||||
self.__admin_ids[cr.dbname] = ir_model_data_obj.read(cr, 1, [mdid], ['res_id'])[0]['res_id']
|
||||
return self.__admin_ids[cr.dbname]
|
||||
def _get_default_image(self, cr, uid, context=None):
|
||||
""" Override of res.partner: multicolor avatars ! """
|
||||
image_path = openerp.modules.get_module_resource('base', 'static/src/img', 'avatar%d.png' % random.randint(0, 6))
|
||||
return tools.image_resize_image_big(open(image_path, 'rb').read().encode('base64'))
|
||||
|
||||
def _get_company(self,cr, uid, context=None, uid2=False):
|
||||
if not uid2:
|
||||
|
@ -315,27 +247,29 @@ class users(osv.osv):
|
|||
pass
|
||||
return result
|
||||
|
||||
def _get_default_image(self, cr, uid, context=None):
|
||||
# default image file name: avatar0 -> avatar6.png, choose randomly
|
||||
image_path = openerp.modules.get_module_resource('base', 'static/src/img', 'avatar%d.png' % random.randint(0, 6))
|
||||
return tools.image_resize_image_big(open(image_path, 'rb').read().encode('base64'))
|
||||
|
||||
_defaults = {
|
||||
'password' : '',
|
||||
'context_lang': lambda self, cr, uid, context: context.get('lang', 'en_US'),
|
||||
'context_tz': lambda self, cr, uid, context: context.get('tz', False),
|
||||
'image': _get_default_image,
|
||||
'image_small': _get_default_image,
|
||||
'image_medium': _get_default_image,
|
||||
'active' : True,
|
||||
'customer': False,
|
||||
'menu_id': _get_menu,
|
||||
'company_id': _get_company,
|
||||
'company_ids': _get_companies,
|
||||
'groups_id': _get_group,
|
||||
'image': lambda self, cr, uid, context: self._get_default_image(cr, uid, context),
|
||||
}
|
||||
|
||||
def fields_view_get(self, cr, uid, view_id=None, view_type='form', context=None, toolbar=False, submenu=False):
|
||||
""" Override of res.users fields_view_get.
|
||||
- if the view is specified: resume with normal behavior
|
||||
- else: the default view is overrided and redirected to the partner
|
||||
view
|
||||
"""
|
||||
if not view_id and view_type == 'form':
|
||||
return self.pool.get('res.partner').fields_view_get(cr, uid, view_id, view_type, context, toolbar, submenu)
|
||||
return super(res_users, self).fields_view_get(cr, uid, view_id, view_type, context, toolbar, submenu)
|
||||
|
||||
# User can write to a few of her own fields (but not her groups for example)
|
||||
SELF_WRITEABLE_FIELDS = ['password', 'signature', 'action_id', 'company_id', 'user_email', 'name', 'image', 'image_medium', 'image_small']
|
||||
SELF_WRITEABLE_FIELDS = ['password', 'signature', 'action_id', 'company_id', 'email', 'name', 'image', 'image_medium', 'image_small']
|
||||
|
||||
def write(self, cr, uid, ids, values, context=None):
|
||||
if not hasattr(ids, '__iter__'):
|
||||
|
@ -350,7 +284,7 @@ class users(osv.osv):
|
|||
del values['company_id']
|
||||
uid = 1 # safe fields only, so we write as super-user to bypass access rights
|
||||
|
||||
res = super(users, self).write(cr, uid, ids, values, context=context)
|
||||
res = super(res_users, self).write(cr, uid, ids, values, context=context)
|
||||
|
||||
# clear caches linked to the users
|
||||
self.pool.get('ir.model.access').call_cache_clearing_methods(cr)
|
||||
|
@ -372,7 +306,7 @@ class users(osv.osv):
|
|||
for id in ids:
|
||||
if id in self._uid_cache[db]:
|
||||
del self._uid_cache[db][id]
|
||||
return super(users, self).unlink(cr, uid, ids, context=context)
|
||||
return super(res_users, self).unlink(cr, uid, ids, context=context)
|
||||
|
||||
def name_search(self, cr, user, name='', args=None, operator='ilike', context=None, limit=100):
|
||||
if not args:
|
||||
|
@ -395,17 +329,23 @@ class users(osv.osv):
|
|||
name=(copy_pattern % user2copy['name']),
|
||||
)
|
||||
copydef.update(default)
|
||||
return super(users, self).copy(cr, uid, id, copydef, context)
|
||||
return super(res_users, self).copy(cr, uid, id, copydef, context)
|
||||
|
||||
def context_get(self, cr, uid, context=None):
|
||||
user = self.browse(cr, uid, uid, context)
|
||||
result = {}
|
||||
for k in self._columns.keys():
|
||||
for k in self._all_columns.keys():
|
||||
if k.startswith('context_'):
|
||||
context_key = k[8:]
|
||||
elif k in ['lang', 'tz']:
|
||||
context_key = k
|
||||
else:
|
||||
context_key = False
|
||||
if context_key:
|
||||
res = getattr(user,k) or False
|
||||
if isinstance(res, browse_record):
|
||||
res = res.id
|
||||
result[k[8:]] = res or False
|
||||
result[context_key] = res or False
|
||||
return result
|
||||
|
||||
def action_get(self, cr, uid, context=None):
|
||||
|
@ -413,6 +353,57 @@ class users(osv.osv):
|
|||
data_id = dataobj._get_id(cr, 1, 'base', 'action_res_users_my')
|
||||
return dataobj.browse(cr, uid, data_id, context=context).res_id
|
||||
|
||||
def check_super(self, passwd):
|
||||
if passwd == tools.config['admin_passwd']:
|
||||
return True
|
||||
else:
|
||||
raise openerp.exceptions.AccessDenied()
|
||||
|
||||
def check_credentials(self, cr, uid, password):
|
||||
""" Override this method to plug additional authentication methods"""
|
||||
res = self.search(cr, 1, [('id','=',uid),('password','=',password)])
|
||||
if not res:
|
||||
raise openerp.exceptions.AccessDenied()
|
||||
|
||||
def login(self, db, login, password):
|
||||
if not password:
|
||||
return False
|
||||
user_id = False
|
||||
cr = pooler.get_db(db).cursor()
|
||||
try:
|
||||
# autocommit: our single update request will be performed atomically.
|
||||
# (In this way, there is no opportunity to have two transactions
|
||||
# interleaving their cr.execute()..cr.commit() calls and have one
|
||||
# of them rolled back due to a concurrent access.)
|
||||
cr.autocommit(True)
|
||||
# check if user exists
|
||||
res = self.search(cr, 1, [('login','=',login)])
|
||||
if res:
|
||||
user_id = res[0]
|
||||
# check credentials
|
||||
self.check_credentials(cr, user_id, password)
|
||||
# We effectively unconditionally write the res_users line.
|
||||
# Even w/ autocommit there's a chance the user row will be locked,
|
||||
# in which case we can't delay the login just for the purpose of
|
||||
# update the last login date - hence we use FOR UPDATE NOWAIT to
|
||||
# try to get the lock - fail-fast
|
||||
# Failing to acquire the lock on the res_users row probably means
|
||||
# another request is holding it. No big deal, we don't want to
|
||||
# prevent/delay login in that case. It will also have been logged
|
||||
# as a SQL error, if anyone cares.
|
||||
try:
|
||||
cr.execute("SELECT id FROM res_users WHERE id=%s FOR UPDATE NOWAIT", str(user_id))
|
||||
cr.execute("UPDATE res_users SET login_date = now() AT TIME ZONE 'UTC' WHERE id=%s", str(user_id))
|
||||
except Exception, e:
|
||||
_logger.exception("Failed to update last_login for db:%s login:%s", db, login)
|
||||
except openerp.exceptions.AccessDenied:
|
||||
_logger.info("Login failed for db:%s login:%s", db, login)
|
||||
user_id = False
|
||||
finally:
|
||||
cr.close()
|
||||
|
||||
return user_id
|
||||
|
||||
def authenticate(self, db, login, password, user_agent_env):
|
||||
"""Verifies and returns the user ID corresponding to the given
|
||||
``login`` and ``password`` combination, or False if there was
|
||||
|
@ -431,8 +422,8 @@ class users(osv.osv):
|
|||
if user_agent_env and user_agent_env.get('base_location'):
|
||||
cr = pooler.get_db(db).cursor()
|
||||
try:
|
||||
self.pool.get('ir.config_parameter').set_param(cr, uid, 'web.base.url',
|
||||
user_agent_env['base_location'])
|
||||
base = user_agent_env['base_location']
|
||||
self.pool.get('ir.config_parameter').set_param(cr, uid, 'web.base.url', base)
|
||||
cr.commit()
|
||||
except Exception:
|
||||
_logger.exception("Failed to update web.base.url configuration parameter")
|
||||
|
@ -440,54 +431,8 @@ class users(osv.osv):
|
|||
cr.close()
|
||||
return uid
|
||||
|
||||
def login(self, db, login, password):
|
||||
if not password:
|
||||
return False
|
||||
cr = pooler.get_db(db).cursor()
|
||||
try:
|
||||
# autocommit: our single request will be performed atomically.
|
||||
# (In this way, there is no opportunity to have two transactions
|
||||
# interleaving their cr.execute()..cr.commit() calls and have one
|
||||
# of them rolled back due to a concurrent access.)
|
||||
# We effectively unconditionally write the res_users line.
|
||||
cr.autocommit(True)
|
||||
# Even w/ autocommit there's a chance the user row will be locked,
|
||||
# in which case we can't delay the login just for the purpose of
|
||||
# update the last login date - hence we use FOR UPDATE NOWAIT to
|
||||
# try to get the lock - fail-fast
|
||||
cr.execute("""SELECT id from res_users
|
||||
WHERE login=%s AND password=%s
|
||||
AND active FOR UPDATE NOWAIT""",
|
||||
(tools.ustr(login), tools.ustr(password)))
|
||||
cr.execute("""UPDATE res_users
|
||||
SET date = now() AT TIME ZONE 'UTC'
|
||||
WHERE login=%s AND password=%s AND active
|
||||
RETURNING id""",
|
||||
(tools.ustr(login), tools.ustr(password)))
|
||||
except Exception:
|
||||
# Failing to acquire the lock on the res_users row probably means
|
||||
# another request is holding it. No big deal, we don't want to
|
||||
# prevent/delay login in that case. It will also have been logged
|
||||
# as a SQL error, if anyone cares.
|
||||
cr.execute("""SELECT id from res_users
|
||||
WHERE login=%s AND password=%s
|
||||
AND active""",
|
||||
(tools.ustr(login), tools.ustr(password)))
|
||||
finally:
|
||||
res = cr.fetchone()
|
||||
cr.close()
|
||||
if res:
|
||||
return res[0]
|
||||
return False
|
||||
|
||||
def check_super(self, passwd):
|
||||
if passwd == tools.config['admin_passwd']:
|
||||
return True
|
||||
else:
|
||||
raise openerp.exceptions.AccessDenied()
|
||||
|
||||
def check(self, db, uid, passwd):
|
||||
"""Verifies that the given (uid, password) pair is authorized for the database ``db`` and
|
||||
"""Verifies that the given (uid, password) is authorized for the database ``db`` and
|
||||
raise an exception if it is not."""
|
||||
if not passwd:
|
||||
# empty passwords disallowed for obvious security reasons
|
||||
|
@ -496,32 +441,14 @@ class users(osv.osv):
|
|||
return
|
||||
cr = pooler.get_db(db).cursor()
|
||||
try:
|
||||
cr.execute('SELECT COUNT(1) FROM res_users WHERE id=%s AND password=%s AND active=%s',
|
||||
(int(uid), passwd, True))
|
||||
res = cr.fetchone()[0]
|
||||
if not res:
|
||||
raise openerp.exceptions.AccessDenied()
|
||||
self.check_credentials(cr, uid, passwd)
|
||||
if self._uid_cache.has_key(db):
|
||||
ulist = self._uid_cache[db]
|
||||
ulist[uid] = passwd
|
||||
self._uid_cache[db][uid] = passwd
|
||||
else:
|
||||
self._uid_cache[db] = {uid:passwd}
|
||||
finally:
|
||||
cr.close()
|
||||
|
||||
def access(self, db, uid, passwd, sec_level, ids):
|
||||
if not passwd:
|
||||
return False
|
||||
cr = pooler.get_db(db).cursor()
|
||||
try:
|
||||
cr.execute('SELECT id FROM res_users WHERE id=%s AND password=%s', (uid, passwd))
|
||||
res = cr.fetchone()
|
||||
if not res:
|
||||
raise openerp.exceptions.AccessDenied()
|
||||
return res[0]
|
||||
finally:
|
||||
cr.close()
|
||||
|
||||
def change_password(self, cr, uid, old_passwd, new_passwd, context=None):
|
||||
"""Change current user password. Old password must be provided explicitly
|
||||
to prevent hijacking an existing user session, or for cases where the cleartext
|
||||
|
@ -565,9 +492,6 @@ class users(osv.osv):
|
|||
(uid, module, ext_id))
|
||||
return bool(cr.fetchone())
|
||||
|
||||
users()
|
||||
|
||||
|
||||
|
||||
#
|
||||
# Extension of res.groups and res.users with a relation for "implied" or
|
||||
|
@ -647,8 +571,6 @@ class groups_implied(osv.osv):
|
|||
super(groups_implied, self).write(cr, uid, gids, vals, context)
|
||||
return res
|
||||
|
||||
groups_implied()
|
||||
|
||||
class users_implied(osv.osv):
|
||||
_inherit = 'res.users'
|
||||
|
||||
|
@ -672,10 +594,6 @@ class users_implied(osv.osv):
|
|||
super(users_implied, self).write(cr, uid, [user.id], vals, context)
|
||||
return res
|
||||
|
||||
users_implied()
|
||||
|
||||
|
||||
|
||||
#
|
||||
# Extension of res.groups and res.users for the special groups view in the users
|
||||
# form. This extension presents groups with selection and boolean widgets:
|
||||
|
@ -818,8 +736,6 @@ class groups_view(osv.osv):
|
|||
res.append((False, 'boolean', others))
|
||||
return res
|
||||
|
||||
groups_view()
|
||||
|
||||
class users_view(osv.osv):
|
||||
_inherit = 'res.users'
|
||||
|
||||
|
@ -911,6 +827,4 @@ class users_view(osv.osv):
|
|||
}
|
||||
return res
|
||||
|
||||
users_view()
|
||||
|
||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
|
@ -109,8 +109,8 @@
|
|||
<page string="Preferences">
|
||||
<group>
|
||||
<group name="preferences">
|
||||
<field name="context_lang"/>
|
||||
<field name="context_tz"/>
|
||||
<field name="lang"/>
|
||||
<field name="tz"/>
|
||||
</group>
|
||||
<group groups="base.group_no_one">
|
||||
<field name="action_id"/>
|
||||
|
@ -118,7 +118,7 @@
|
|||
</group>
|
||||
</group>
|
||||
<group>
|
||||
<field name="user_email" widget="email"/>
|
||||
<field name="email" widget="email"/>
|
||||
<field name="signature"/>
|
||||
</group>
|
||||
</page>
|
||||
|
@ -142,7 +142,7 @@
|
|||
<tree string="Users">
|
||||
<field name="name"/>
|
||||
<field name="login"/>
|
||||
<field name="context_lang"/>
|
||||
<field name="lang"/>
|
||||
<field name="date"/>
|
||||
</tree>
|
||||
</field>
|
||||
|
@ -203,15 +203,15 @@
|
|||
(<field name="login" readonly="1" class="oe_inline"/>)
|
||||
</h1>
|
||||
<group name="preferences" col="4">
|
||||
<field name="context_lang" readonly="0"/>
|
||||
<field name="lang" readonly="0"/>
|
||||
<field name="company_id" readonly="0"
|
||||
groups="base.group_multi_company" on_change="on_change_company_id(company_id)"/>
|
||||
<field name="context_tz" readonly="0"/>
|
||||
<field name="tz" readonly="0"/>
|
||||
<field name="company_id" widget="selection" readonly="0"
|
||||
groups="base.group_multi_company" on_change="on_change_company_id(company_id)"/>
|
||||
</group>
|
||||
<group string="Email Preferences">
|
||||
<field name="user_email" widget="email" readonly="0"/>
|
||||
<field name="email" widget="email" readonly="0"/>
|
||||
<field name="signature" readonly="0"/>
|
||||
</group>
|
||||
<footer>
|
||||
|
|
Before Width: | Height: | Size: 4.0 KiB After Width: | Height: | Size: 4.0 KiB |
Binary file not shown.
After Width: | Height: | Size: 2.7 KiB |
|
@ -2,22 +2,8 @@
|
|||
Testing for hierarchical search in M2M
|
||||
-
|
||||
!python {model: res.partner }: |
|
||||
ids = self.search(cr, uid, [('category_id', 'child_of','supplier')])
|
||||
ids = self.search(cr, uid, [('category_id', 'child_of',ref('res_partner_category_0'))])
|
||||
assert len(ids) >= 1, ids
|
||||
|
||||
-
|
||||
Test hierarchical search in M2M with child ID1
|
||||
-
|
||||
!python {model: res.partner }: |
|
||||
ids = self.search(cr, uid, [('category_id', 'child_of','Customer')])
|
||||
assert len(ids) >= 1, ids
|
||||
-
|
||||
Test hierarchical search in M2M with child ID2
|
||||
-
|
||||
!python {model: res.partner }: |
|
||||
ids = self.search(cr, uid, [('category_id', 'child_of','Manufacturer')])
|
||||
assert len(ids) == 2, ids
|
||||
|
||||
-
|
||||
"1.0 Setup test partner categories: parent root"
|
||||
-
|
||||
|
|
|
@ -45,6 +45,7 @@ import openerp.tools as tools
|
|||
from openerp.tools.translate import _
|
||||
from openerp.tools import float_round, float_repr
|
||||
import simplejson
|
||||
from openerp.tools.html_sanitize import html_sanitize
|
||||
|
||||
_logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -228,6 +229,14 @@ class char(_column):
|
|||
class text(_column):
|
||||
_type = 'text'
|
||||
|
||||
class html(text):
|
||||
_type = 'html'
|
||||
_symbol_c = '%s'
|
||||
def _symbol_f(x):
|
||||
return html_sanitize(x)
|
||||
|
||||
_symbol_set = (_symbol_c, _symbol_f)
|
||||
|
||||
import __builtin__
|
||||
|
||||
class float(_column):
|
||||
|
@ -649,6 +658,20 @@ class many2many(_column):
|
|||
col2 = '%s_id' % dest_model._table
|
||||
return (tbl, col1, col2)
|
||||
|
||||
def _get_query_and_where_params(self, cr, model, ids, values, where_params):
|
||||
""" Extracted from ``get`` to facilitate fine-tuning of the generated
|
||||
query. """
|
||||
query = 'SELECT %(rel)s.%(id2)s, %(rel)s.%(id1)s \
|
||||
FROM %(rel)s, %(from_c)s \
|
||||
WHERE %(rel)s.%(id1)s IN %%s \
|
||||
AND %(rel)s.%(id2)s = %(tbl)s.id \
|
||||
%(where_c)s \
|
||||
%(order_by)s \
|
||||
%(limit)s \
|
||||
OFFSET %(offset)d' \
|
||||
% values
|
||||
return query, where_params
|
||||
|
||||
def get(self, cr, model, ids, name, user=None, offset=0, context=None, values=None):
|
||||
if not context:
|
||||
context = {}
|
||||
|
@ -686,15 +709,7 @@ class many2many(_column):
|
|||
if self._limit is not None:
|
||||
limit_str = ' LIMIT %d' % self._limit
|
||||
|
||||
query = 'SELECT %(rel)s.%(id2)s, %(rel)s.%(id1)s \
|
||||
FROM %(rel)s, %(from_c)s \
|
||||
WHERE %(rel)s.%(id1)s IN %%s \
|
||||
AND %(rel)s.%(id2)s = %(tbl)s.id \
|
||||
%(where_c)s \
|
||||
%(order_by)s \
|
||||
%(limit)s \
|
||||
OFFSET %(offset)d' \
|
||||
% {'rel': rel,
|
||||
query, where_params = self._get_query_and_where_params(cr, model, ids, {'rel': rel,
|
||||
'from_c': from_c,
|
||||
'tbl': obj._table,
|
||||
'id1': id1,
|
||||
|
@ -703,7 +718,8 @@ class many2many(_column):
|
|||
'limit': limit_str,
|
||||
'order_by': order_by,
|
||||
'offset': offset,
|
||||
}
|
||||
}, where_params)
|
||||
|
||||
cr.execute(query, [tuple(ids),] + where_params)
|
||||
for r in cr.fetchall():
|
||||
res[r[1]].append(r[0])
|
||||
|
|
|
@ -545,6 +545,7 @@ FIELDS_TO_PGTYPES = {
|
|||
fields.boolean: 'bool',
|
||||
fields.integer: 'int4',
|
||||
fields.text: 'text',
|
||||
fields.html: 'text',
|
||||
fields.date: 'date',
|
||||
fields.datetime: 'timestamp',
|
||||
fields.binary: 'bytea',
|
||||
|
|
|
@ -75,10 +75,10 @@ def _initialize_db(serv, id, db_name, demo, lang, user_password):
|
|||
mids = modobj.search(cr, 1, [('state', '=', 'installed')])
|
||||
modobj.update_translations(cr, 1, mids, lang)
|
||||
|
||||
cr.execute('UPDATE res_users SET password=%s, context_lang=%s, active=True WHERE login=%s', (
|
||||
cr.execute('UPDATE res_users SET password=%s, lang=%s, active=True WHERE login=%s', (
|
||||
user_password, lang, 'admin'))
|
||||
cr.execute('SELECT login, password, name ' \
|
||||
' FROM res_users ' \
|
||||
cr.execute('SELECT login, password ' \
|
||||
' FROM res_users ' \
|
||||
' ORDER BY login')
|
||||
serv.actions[id].update(users=cr.dictfetchall(), clean=True)
|
||||
cr.commit()
|
||||
|
@ -425,7 +425,7 @@ OpenERP is an ERP+CRM program for small and medium businesses.
|
|||
The whole source code is distributed under the terms of the
|
||||
GNU Public Licence.
|
||||
|
||||
(c) 2003-TODAY, Fabien Pinckaers - Tiny sprl''')
|
||||
(c) 2003-TODAY - OpenERP SA''')
|
||||
|
||||
if extended:
|
||||
return info, release.version
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
import unittest
|
||||
from openerp.tools.html_sanitize import html_sanitize
|
||||
|
||||
test_case = """
|
||||
<font size="2" style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; ">test1</font>
|
||||
<div style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; font-size: 12px; font-style: normal; ">
|
||||
<b>test2</b></div><div style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; font-size: 12px; ">
|
||||
<i>test3</i></div><div style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; font-size: 12px; ">
|
||||
<u>test4</u></div><div style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; font-size: 12px; ">
|
||||
<strike>test5</strike></div><div style="color: rgb(31, 31, 31); font-family: monospace; font-variant: normal; line-height: normal; ">
|
||||
<font size="5">test6</font></div><div><ul><li><font color="#1f1f1f" face="monospace" size="2">test7</font></li><li>
|
||||
<font color="#1f1f1f" face="monospace" size="2">test8</font></li></ul><div><ol><li><font color="#1f1f1f" face="monospace" size="2">test9</font>
|
||||
</li><li><font color="#1f1f1f" face="monospace" size="2">test10</font></li></ol></div></div>
|
||||
<blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><div><div><font color="#1f1f1f" face="monospace" size="2">
|
||||
test11</font></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;">
|
||||
<blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><font color="#1f1f1f" face="monospace" size="2">
|
||||
test12</font></div><div><font color="#1f1f1f" face="monospace" size="2"><br></font></div></blockquote></blockquote>
|
||||
<font color="#1f1f1f" face="monospace" size="2"><a href="http://google.com">google</a></font>
|
||||
<a href="javascript:alert('malicious code')">test link</a>
|
||||
"""
|
||||
|
||||
class TestSanitizer(unittest.TestCase):
|
||||
|
||||
def test_simple(self):
|
||||
x = "yop"
|
||||
self.assertEqual(x, html_sanitize(x))
|
||||
|
||||
def test_test_case(self):
|
||||
html_sanitize(test_case)
|
||||
|
||||
def test_crm(self):
|
||||
html_sanitize("Merci à l'intérêt pour notre produit.nous vous contacterons bientôt. Merci")
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
|
@ -33,6 +33,7 @@ from pdf_utils import *
|
|||
from yaml_import import *
|
||||
from sql import *
|
||||
from float_utils import *
|
||||
from html_sanitize import *
|
||||
|
||||
#.apidoc title: Tools
|
||||
|
||||
|
|
|
@ -0,0 +1,62 @@
|
|||
|
||||
from pyquery import PyQuery as pq
|
||||
import re
|
||||
|
||||
def html_sanitize(x):
|
||||
if not x:
|
||||
return x
|
||||
root = pq("<div />")
|
||||
if type(x) == str:
|
||||
x = unicode(x, "utf8", "replace")
|
||||
root.html(x)
|
||||
result = handle_element(root[0])
|
||||
new = pq(result)
|
||||
return new.html()
|
||||
|
||||
to_remove = set(["script", "head", "meta", "title", "link", "img"])
|
||||
to_unwrap = set(["html", "body"])
|
||||
|
||||
javascript_regex = re.compile("""^\s*javascript\s*\:.*$""")
|
||||
def handle_a(el, new):
|
||||
href = el.get("href", "#")
|
||||
if javascript_regex.search(href):
|
||||
href = "#"
|
||||
new.set("href", href)
|
||||
special = {
|
||||
"a": handle_a,
|
||||
}
|
||||
|
||||
def handle_element(el):
|
||||
if type(el) == str or type(el) == unicode:
|
||||
return [el]
|
||||
if el.tag in to_remove:
|
||||
return []
|
||||
if el.tag in to_unwrap:
|
||||
return reduce(lambda x,y: x+y, [handle_element(x) for x in children(el)])
|
||||
new = pq("<%s />" % el.tag)[0]
|
||||
for i in children(el):
|
||||
append_to(handle_element(i), new)
|
||||
if el.tag in special:
|
||||
special[el.tag](el, new)
|
||||
return [new]
|
||||
|
||||
def children(el):
|
||||
res = []
|
||||
if el.text is not None:
|
||||
res.append(el.text)
|
||||
for i in el.getchildren():
|
||||
res.append(i)
|
||||
if i.tail is not None:
|
||||
res.append(i.tail)
|
||||
return res
|
||||
|
||||
def append_to(new_ones, el):
|
||||
for i in new_ones:
|
||||
if type(i) == str or type(i) == unicode:
|
||||
children = el.getchildren()
|
||||
if len(children) == 0:
|
||||
el.text = i
|
||||
else:
|
||||
children[-1].tail = i
|
||||
else:
|
||||
el.append(i)
|
Loading…
Reference in New Issue