[IMP] mail_mesage: fixed message_dict_get (getting values is now inside try/except, not having access rigths on some details of the mail.message should not crash, just hide the data); My Feeds -> My Posts; mis cleaning in mail.js, xml and css.
bzr revid: tde@openerp.com-20120919101339-d1k16lxk5e4gwxxg
This commit is contained in:
parent
585ec570d2
commit
470c0fa818
|
@ -26,8 +26,7 @@ import tools
|
|||
from email.header import decode_header
|
||||
from openerp import SUPERUSER_ID
|
||||
from operator import itemgetter
|
||||
from osv import osv, fields
|
||||
from osv.orm import except_orm
|
||||
from osv import osv, orm, fields
|
||||
from tools.translate import _
|
||||
|
||||
_logger = logging.getLogger(__name__)
|
||||
|
@ -64,7 +63,7 @@ class mail_message(osv.Model):
|
|||
continue
|
||||
try:
|
||||
result[message.id] = self._shorten_name(self.pool.get(message.model).name_get(cr, uid, [message.res_id], context=context)[0][1])
|
||||
except openerp.exceptions.AccessDenied, e:
|
||||
except (orm.except_orm, osv.except_osv):
|
||||
pass
|
||||
return result
|
||||
|
||||
|
@ -175,22 +174,31 @@ class mail_message(osv.Model):
|
|||
#------------------------------------------------------
|
||||
|
||||
def _message_dict_get(self, cr, uid, msg, context=None):
|
||||
""" Return a dict representation of the message browse record. """
|
||||
""" Return a dict representation of the message browse record. A read
|
||||
is performed to because of access rights issues (reading many2one
|
||||
fields allow to have the foreign record name without having
|
||||
to check external access rights).
|
||||
"""
|
||||
has_voted = False
|
||||
vote_ids = self.pool.get('res.users').name_get(cr, SUPERUSER_ID, [user.id for user in msg.vote_user_ids], context=context)
|
||||
for vote in vote_ids:
|
||||
if vote[0] == uid:
|
||||
has_voted = True
|
||||
break
|
||||
# TDE TEMP: use SUPERUSER_ID
|
||||
# attachment_ids = [{'id': attach[0], 'name': attach[1]} for attach in self.pool.get('ir.attachment').name_get(cr, SUPERUSER_ID, [x.id for x in msg.attachment_ids], context=context)]
|
||||
attachment_ids = []
|
||||
# author_id = self.pool.get('res.partner').name_get(cr, SUPERUSER_ID, [msg.author_id.id], context=context)[0]
|
||||
author_id = False
|
||||
# author_user_id = self.pool.get('res.users').name_get(cr, SUPERUSER_ID, [msg.author_id.user_ids[0].id], context=context)[0]
|
||||
author_user_id = False
|
||||
# partner_ids = self.pool.get('res.partner').name_get(cr, SUPERUSER_ID, [x.id for x in msg.partner_ids], context=context)
|
||||
partner_ids = []
|
||||
try:
|
||||
attachment_ids = [{'id': attach[0], 'name': attach[1]} for attach in self.pool.get('ir.attachment').name_get(cr, uid, [x.id for x in msg.attachment_ids], context=context)]
|
||||
except (orm.except_orm, osv.except_osv):
|
||||
attachment_ids = []
|
||||
try:
|
||||
author_id = self.pool.get('res.partner').name_get(cr, uid, [msg.author_id.id], context=context)[0]
|
||||
is_author = uid in msg.author_id.user_ids
|
||||
except (orm.except_orm, osv.except_osv):
|
||||
author_id = False
|
||||
is_author = False
|
||||
try:
|
||||
partner_ids = self.pool.get('res.partner').name_get(cr, uid, [x.id for x in msg.partner_ids], context=context)
|
||||
except (orm.except_orm, osv.except_osv):
|
||||
partner_ids = []
|
||||
return {
|
||||
'id': msg.id,
|
||||
'type': msg.type,
|
||||
|
@ -202,7 +210,7 @@ class mail_message(osv.Model):
|
|||
'subject': msg.subject,
|
||||
'date': msg.date,
|
||||
'author_id': author_id,
|
||||
'author_user_id': author_user_id,
|
||||
'is_author': is_author,
|
||||
'partner_ids': partner_ids,
|
||||
'child_ids': [],
|
||||
'vote_user_ids': vote_ids,
|
||||
|
@ -393,7 +401,7 @@ class mail_message(osv.Model):
|
|||
other_ids = set(ids).difference(set(notified_ids), set(author_ids), set(doc_follower_ids), set(document_related_ids))
|
||||
if not other_ids:
|
||||
return
|
||||
raise except_orm(_('Access Denied'),
|
||||
raise orm.except_orm(_('Access Denied'),
|
||||
_('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % \
|
||||
(self._description, operation))
|
||||
|
||||
|
@ -408,7 +416,6 @@ class mail_message(osv.Model):
|
|||
""" Override to explicitely call check_access_rule, that is not called
|
||||
by the ORM. It instead directly fetches ir.rules and apply them. """
|
||||
res = super(mail_message, self).read(cr, uid, ids, fields=fields, context=context, load=load)
|
||||
# print '-->', res
|
||||
self.check_access_rule(cr, uid, ids, 'read', context=context)
|
||||
return res
|
||||
|
||||
|
@ -441,6 +448,8 @@ class mail_message(osv.Model):
|
|||
if missing_notified:
|
||||
self.write(cr, SUPERUSER_ID, [newid], {'partner_ids': [(4, p_id) for p_id in missing_notified]}, context=context)
|
||||
partners_to_notify |= extra_notified
|
||||
# # remove uid from partners
|
||||
self.write(cr, SUPERUSER_ID, [newid], {'partner_ids': [(3, uid)]}, context=context)
|
||||
self.pool.get('mail.notification').notify(cr, uid, list(partners_to_notify), newid, context=context)
|
||||
|
||||
def copy(self, cr, uid, id, default=None, context=None):
|
||||
|
|
|
@ -95,7 +95,7 @@
|
|||
</record>
|
||||
|
||||
<record id="action_mail_my_feeds" model="ir.actions.client">
|
||||
<field name="name">My Feeds</field>
|
||||
<field name="name">My Posts</field>
|
||||
<field name="tag">mail.wall</field>
|
||||
<field name="params" eval=""{'domain': [('author_id.user_ids', 'in', [uid])],
|
||||
'context': {'default_model': 'res.users', 'default_res_id': uid} }""/>
|
||||
|
|
|
@ -268,30 +268,6 @@
|
|||
display: none;
|
||||
}
|
||||
|
||||
/*--------------------------------------------------------------*/
|
||||
/* mail.vote
|
||||
/*--------------------------------------------------------------*/
|
||||
|
||||
.openerp .oe_mail_msg_content button.oe_mail_msg_vote {
|
||||
height:21px;
|
||||
width: 30px;
|
||||
padding: 1px;
|
||||
background: #8A89BA;
|
||||
margin-top: -4px;
|
||||
}
|
||||
|
||||
.openerp .oe_mail_msg_content button.oe_mail_msg_vote_true {
|
||||
background:#DC5F59;
|
||||
}
|
||||
|
||||
.openerp .oe_mail_msg_content button.oe_mail_msg_vote span {
|
||||
color: white;
|
||||
}
|
||||
|
||||
.openerp .oe_mail_msg_content span.oe_mail_vote_count{
|
||||
color: #807FB4;
|
||||
}
|
||||
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/* mail.compose.message form view & OpenERP hacks
|
||||
|
|
|
@ -56,11 +56,6 @@ openerp.mail = function(session) {
|
|||
return session.origin + '/web/binary/saveas?session_id=' + session.session_id + '&model=ir.attachment&field=datas&filename_field=datas_fname&id=' + attachment['id'];
|
||||
},
|
||||
|
||||
/** Check if the current user is the message author */
|
||||
is_author: function (widget, message_user_id) {
|
||||
return (widget.session && widget.session.uid != 0 && widget.session.uid == message_user_id);
|
||||
},
|
||||
|
||||
/** Replaces some expressions
|
||||
* - :name - shortcut to an image
|
||||
*/
|
||||
|
@ -301,6 +296,7 @@ openerp.mail = function(session) {
|
|||
// TDE TODO: check for deferred, not sure it is correct
|
||||
this._super.apply(this, arguments);
|
||||
this.bind_events();
|
||||
this.display_user_avatar();
|
||||
// fetch and display message, using message_ids if set
|
||||
var display_done = $.when(this.message_fetch(true, [], {})).then(this.proxy('do_customize_display'));
|
||||
// add message composition form view
|
||||
|
@ -313,7 +309,6 @@ openerp.mail = function(session) {
|
|||
/** Customize the display
|
||||
* - show_header_compose: show the composition form in the header */
|
||||
do_customize_display: function() {
|
||||
this.display_user_avatar();
|
||||
if (this.options.show_header_compose) {
|
||||
this.$el.find('div.oe_mail_thread_action').eq(0).show();
|
||||
}
|
||||
|
@ -489,8 +484,7 @@ openerp.mail = function(session) {
|
|||
* - record.date: formatting according to the user timezone
|
||||
* - record.timerelative: relative time givein by timeago lib
|
||||
* - record.avatar: image url
|
||||
* - record.attachment_ids[].url: url of each attachment
|
||||
* - record.is_author: is the current user the author of the record */
|
||||
* - record.attachment_ids[].url: url of each attachment */
|
||||
display_record: function (record) {
|
||||
// formatting and additional fields
|
||||
record.date = session.web.format_value(record.date, {type:"datetime"});
|
||||
|
@ -504,7 +498,6 @@ openerp.mail = function(session) {
|
|||
var attach = record.attachment_ids[l];
|
||||
attach['url'] = mail.ChatterUtils.get_attachment_url(this.session, attach);
|
||||
}
|
||||
record.is_author = mail.ChatterUtils.is_author(this, record.author_user_id[0]);
|
||||
// add to internal storage
|
||||
this.records[record.id] = record;
|
||||
// render, add the expand feature
|
||||
|
|
|
@ -140,7 +140,7 @@
|
|||
<li t-if="options.show_record_name and record.record_name and record.subject and options.thread_level > 0">
|
||||
<a t-attf-href="#model=#{record.model}&id=#{record.res_id}"><t t-raw="record.record_name"/></a>
|
||||
</li>
|
||||
<li><a t-attf-href="#model=res.partner&id=#{record.author_id[0]}"><t t-raw="record.author_id[1]"/></a></li>
|
||||
<li t-if="record.author_id"><a t-attf-href="#model=res.partner&id=#{record.author_id[0]}"><t t-raw="record.author_id[1]"/></a></li>
|
||||
<li><span t-att-title="record.date"><t t-raw="record.timerelative"/></span></li>
|
||||
<t t-call="mail.thread.message.vote"/>
|
||||
<li t-if="options.show_reply"><a class="oe_mail_msg_reply">Reply</a></li>
|
||||
|
@ -185,7 +185,7 @@
|
|||
<t t-if='record.vote_user_ids.length > 0'>
|
||||
<span class="oe_left oe_mail_vote_count"><t t-esc="record.vote_user_ids.length"/> votes</span>
|
||||
</t>
|
||||
<button t-attf-class="oe_mail_msg_vote oe_mail_msg_vote_#{record.has_voted}" t-attf-data-msg_id="{record.id}">
|
||||
<button t-attf-class="oe_mail_msg_vote oe_tag" t-attf-data-msg_id="{record.id}">
|
||||
<t t-if="! record.has_voted"><span>+1</span></t>
|
||||
<t t-if="record.has_voted"><span>-1</span></t>
|
||||
</button>
|
||||
|
|
Loading…
Reference in New Issue