[FIX] ir_qweb: search assets as superuser
A security has been introduce in eb9113c04d
to restrict access to orphan attachments to employees only
Assets need to be build and accessed as superuser, thus
This commit is contained in:
parent
5544cf0036
commit
40c8dd9a28
|
@ -1161,7 +1161,7 @@ class AssetsBundle(object):
|
|||
def get_cache(self, type):
|
||||
content = None
|
||||
domain = [('url', '=', '/web/%s/%s/%s' % (type, self.xmlid, self.version))]
|
||||
bundle = self.registry['ir.attachment'].search_read(self.cr, self.uid, domain, ['datas'], context=self.context)
|
||||
bundle = self.registry['ir.attachment'].search_read(self.cr, openerp.SUPERUSER_ID, domain, ['datas'], context=self.context)
|
||||
if bundle and bundle[0]['datas']:
|
||||
content = bundle[0]['datas'].decode('base64')
|
||||
return content
|
||||
|
@ -1170,7 +1170,7 @@ class AssetsBundle(object):
|
|||
ira = self.registry['ir.attachment']
|
||||
url_prefix = '/web/%s/%s/' % (type, self.xmlid)
|
||||
# Invalidate previous caches
|
||||
oids = ira.search(self.cr, self.uid, [('url', '=like', url_prefix + '%')], context=self.context)
|
||||
oids = ira.search(self.cr, openerp.SUPERUSER_ID, [('url', '=like', url_prefix + '%')], context=self.context)
|
||||
if oids:
|
||||
ira.unlink(self.cr, openerp.SUPERUSER_ID, oids, context=self.context)
|
||||
url = url_prefix + self.version
|
||||
|
@ -1278,7 +1278,7 @@ class WebAsset(object):
|
|||
fields = ['__last_update', 'datas', 'mimetype']
|
||||
domain = [('type', '=', 'binary'), ('url', '=', self.url)]
|
||||
ira = self.registry['ir.attachment']
|
||||
attach = ira.search_read(self.cr, self.uid, domain, fields, context=self.context)
|
||||
attach = ira.search_read(self.cr, openerp.SUPERUSER_ID, domain, fields, context=self.context)
|
||||
self._ir_attach = attach[0]
|
||||
except Exception:
|
||||
raise AssetNotFound("Could not find %s" % self.name)
|
||||
|
@ -1420,7 +1420,7 @@ class SassAsset(StylesheetAsset):
|
|||
ira = self.registry['ir.attachment']
|
||||
url = self.html_url % self.url
|
||||
domain = [('type', '=', 'binary'), ('url', '=', self.url)]
|
||||
ira_id = ira.search(self.cr, self.uid, domain, context=self.context)
|
||||
ira_id = ira.search(self.cr, openerp.SUPERUSER_ID, domain, context=self.context)
|
||||
if ira_id:
|
||||
# TODO: update only if needed
|
||||
ira.write(self.cr, openerp.SUPERUSER_ID, [ira_id], {'datas': self.content}, context=self.context)
|
||||
|
|
Loading…
Reference in New Issue