[IMP] security improvement, removing empty doc
bzr revid: fp@tinyerp.com-20140322221507-4xya3el8uxsvkfdz
This commit is contained in:
parent
552222b14a
commit
48afa1fac7
|
@ -41,9 +41,7 @@ OpenERP Blog
|
|||
'demo': [
|
||||
'data/website_blog_demo.xml'
|
||||
],
|
||||
'test': [
|
||||
'tests/test_website_blog.yml'
|
||||
],
|
||||
'test': [],
|
||||
'qweb': [
|
||||
'static/src/xml/*.xml'
|
||||
],
|
||||
|
|
|
@ -60,7 +60,7 @@ class WebsiteBlog(http.Controller):
|
|||
page=page,
|
||||
step=BYPAGE,
|
||||
)
|
||||
bids = blog_obj.search(cr, uid, [], offset=(page-1)*BYPAGE, limit=BYPAGE, context=context)
|
||||
bids = blog_obj.search(cr, uid, [], offset=pager['offset'], limit=BYPAGE, context=context)
|
||||
blogs = blog_obj.browse(cr, uid, bids, context=context)
|
||||
return request.website.render("website_blog.latest_blogs", {
|
||||
'blogs': blogs,
|
||||
|
@ -202,7 +202,7 @@ class WebsiteBlog(http.Controller):
|
|||
d = datetime.now() - datetime.strptime(blog_post.create_date, "%Y-%m-%d %H:%M:%S")
|
||||
blog_post_obj.write(cr, SUPERUSER_ID, [blog_post.id], {
|
||||
'visits': blog_post.visits+1,
|
||||
'ranking': (blog_post.visits+1) * (0.5+random.random()) / max(1, d.days+10)
|
||||
'ranking': blog_post.visits * (0.5+random.random()) / max(1, d.days+10)
|
||||
},context=context)
|
||||
return response
|
||||
|
||||
|
@ -223,13 +223,10 @@ class WebsiteBlog(http.Controller):
|
|||
def blog_post_comment(self, blog_post_id=0, **post):
|
||||
cr, uid, context = request.cr, request.uid, request.context
|
||||
if post.get('comment'):
|
||||
user = request.registry['res.users'].browse(cr, SUPERUSER_ID, uid, context=context)
|
||||
group_ids = user.groups_id
|
||||
group_id = request.registry["ir.model.data"].get_object_reference(cr, uid, 'website_mail', 'group_comment')[1]
|
||||
if group_id in [group.id for group in group_ids]:
|
||||
blog_post = request.registry['blog.post']
|
||||
blog_post.check_access_rights(cr, uid, 'read')
|
||||
self._blog_post_message(user, blog_post_id, **post)
|
||||
user = request.registry['res.users'].browse(cr, uid, uid, context=context)
|
||||
blog_post = request.registry['blog.post']
|
||||
blog_post.check_access_rights(cr, uid, 'read')
|
||||
self._blog_post_message(user, blog_post_id, **post)
|
||||
return werkzeug.utils.redirect(request.httprequest.referrer + "#comments")
|
||||
|
||||
@http.route(['/blogpost/post_discussion'], type='json', auth="public", website=True)
|
||||
|
@ -237,10 +234,10 @@ class WebsiteBlog(http.Controller):
|
|||
cr, uid, context = request.cr, request.uid, request.context
|
||||
values = []
|
||||
if post.get('comment'):
|
||||
user = request.registry['res.users'].browse(cr, SUPERUSER_ID, uid, context=context)
|
||||
user = request.registry['res.users'].browse(cr, uid, uid, context=context)
|
||||
id = self._blog_post_message(user, blog_post_id, **post)
|
||||
mail_obj = request.registry.get('mail.message')
|
||||
post = mail_obj.browse(cr, SUPERUSER_ID, id)
|
||||
post = mail_obj.browse(cr, uid, id)
|
||||
values = {
|
||||
"author_name": post.author_id.name,
|
||||
"date": post.date,
|
||||
|
@ -278,11 +275,12 @@ class WebsiteBlog(http.Controller):
|
|||
|
||||
@http.route('/blogpost/get_discussion/', type='json', auth="public", website=True)
|
||||
def discussion(self, post_id=0, discussion=None, **post):
|
||||
cr, uid, context = request.cr, request.uid, request.context
|
||||
mail_obj = request.registry.get('mail.message')
|
||||
values = []
|
||||
ids = mail_obj.search(request.cr, SUPERUSER_ID, [('res_id', '=', int(post_id)) ,('model','=','blog.post'), ('discussion', '=', discussion)])
|
||||
ids = mail_obj.search(cr, uid, [('res_id', '=', int(post_id)) ,('model','=','blog.post'), ('discussion', '=', discussion)])
|
||||
if ids:
|
||||
for post in mail_obj.browse(request.cr, SUPERUSER_ID, ids):
|
||||
for post in mail_obj.browse(cr, uid, ids, context=context):
|
||||
values.append({
|
||||
"author_name": post.author_id.name,
|
||||
"date": post.date,
|
||||
|
@ -292,9 +290,9 @@ class WebsiteBlog(http.Controller):
|
|||
return values
|
||||
|
||||
@http.route('/blogpsot/change_background', type='json', auth="public", website=True)
|
||||
def change_bg(self, post_id=0,image=None, **post):
|
||||
def change_bg(self, post_id=0, image=None, **post):
|
||||
post_obj = request.registry.get('blog.post')
|
||||
values = {'content_image' : image}
|
||||
ids = post_obj.write(request.cr, SUPERUSER_ID, [int(post_id)], values)
|
||||
ids = post_obj.write(request.cr, request.uid, [int(post_id)], values, request.context)
|
||||
return []
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
<field name="website_meta_description">The Future of Emails</field>
|
||||
<field name="content_image">/website_blog/static/src/img/post1.jpg</field>
|
||||
<field name="content"><![CDATA[
|
||||
<section class="mt16 mb16 readable" data-snippet-id='image-text'>
|
||||
<section class="mt16 mb16 readable">
|
||||
<iframe width="361" height="200" src="http://www.youtube.com/embed/EkbBFmIWoTE" frameborder="0" allowfullscreen></iframe>
|
||||
<p>
|
||||
Emails are broken.
|
||||
|
@ -45,7 +45,7 @@
|
|||
my job in 10 minutes!
|
||||
</p>
|
||||
</section>
|
||||
<section class="mt16 mb16 readable" data-snippet-id='text-image'>
|
||||
<section class="mt16 mb16 readable">
|
||||
<p>
|
||||
At OpenERP, we build tools to bring productivity to
|
||||
enterprises. As emails and information flows are one of
|
||||
|
@ -127,23 +127,23 @@
|
|||
<field name="tag_ids" eval="[(6, 0, [ref('blog_tag_1')])]"/>
|
||||
<field name="content_image">/website_blog/static/src/img/post2.jpg</field>
|
||||
<field name="content">
|
||||
<![CDATA[<section class="mt16 mb16 readable" data-snippet-id='image-text'>
|
||||
<div class="col-md-12">
|
||||
<![CDATA[<section class="row readable">
|
||||
<div class="col-md-12 mb32">
|
||||
<img class="img-responsive" src="/website_blog/static/src/img/CMS_WMS_screens.jpg"/>
|
||||
</div>
|
||||
<div class="col-md-6 col-md-offset-3 mb16 mt16">
|
||||
<p class="text-center">
|
||||
New Features Launched
|
||||
</p>
|
||||
<h4 class="text-center">
|
||||
<p class="text-center">
|
||||
To add to an already comprehensive set of OpenERP
|
||||
features, a website content management system (CMS
|
||||
or WMS) has been developed and a beta release is
|
||||
available from today, 31st January 2014.
|
||||
</h4>
|
||||
</p>
|
||||
</div>
|
||||
</section>
|
||||
<section class="readable" data-snippet-id='text'>
|
||||
<section class="readable">
|
||||
<p>
|
||||
OpenERP claims to be 'the Open Source software that makes
|
||||
building your company's website and selling your products
|
||||
|
@ -158,11 +158,13 @@
|
|||
enterprise to compete at a level of functionality and
|
||||
performance previously reserved for the big IT investors."
|
||||
</p>
|
||||
<h4>
|
||||
"Finally, the leading edge is being brought to the masses.
|
||||
It will now be the turn of the big players to catch up to
|
||||
the superior technologies of the SME."
|
||||
</h4>
|
||||
<blockquote>
|
||||
<p>
|
||||
"Finally, the leading edge is being brought to the masses.
|
||||
It will now be the turn of the big players to catch up to
|
||||
the superior technologies of the SME."
|
||||
</p>
|
||||
</blockquote>
|
||||
<p>
|
||||
"This is another clever and highly disruptive move by
|
||||
OpenERP,which will force other technology providers to
|
||||
|
@ -252,8 +254,6 @@
|
|||
years of industry experience across many platforms.
|
||||
</p>
|
||||
</section>
|
||||
|
||||
|
||||
]]>
|
||||
</field>
|
||||
</record>
|
||||
|
@ -266,7 +266,7 @@
|
|||
<field name="website_meta_description">Sorry SAP Campaign - The Making Of</field>
|
||||
<field name="content_image">/website_blog/static/src/img/post3.jpg</field>
|
||||
<field name="content"><![CDATA[
|
||||
<section class="readable" data-snippet-id="text">
|
||||
<section class="readable">
|
||||
<p>I needed to change the world. I wanted to ... You know how
|
||||
it is when you are young; you have big dreams, a lot of energ
|
||||
and naïve stupidity. My dream was to lead the enterprise
|
||||
|
@ -275,7 +275,7 @@
|
|||
self-financed company but I failed this one by a few months).
|
||||
</p>
|
||||
</section>
|
||||
<section class="readable" data-snippet-id="text-image">
|
||||
<section class="readable">
|
||||
<p>
|
||||
To fuel my motivation, I had to pick someone to fight
|
||||
against. In business, it's like a playground. When you
|
||||
|
@ -330,8 +330,8 @@
|
|||
We wanted to switch from a service company to a software
|
||||
publisher company. This would allow to increase our efforts
|
||||
in our research and development activities. As a result,
|
||||
we <a href="http://v6.openerp.com/node/465">changed our
|
||||
business model</a> and decided to stop our services to
|
||||
we changed our
|
||||
business model and decided to stop our services to
|
||||
customers and focus on building a strong partner network
|
||||
and maintenance offer. This would cost money, so I had to
|
||||
raise a few million euros.
|
||||
|
@ -406,8 +406,7 @@
|
|||
more lucid than I am. Every week I complained to her "it's
|
||||
not good enough, we should grow faster, what am I missing?"
|
||||
and she used to reply; "But you already are the
|
||||
<a href="http://v6.openerp.com/node/1244/2012/10">
|
||||
fastest growing company in Belgium!". </a>(Deloitte awarded
|
||||
fastest growing company in Belgium!". (Deloitte awarded
|
||||
us as the fastest growing company of Belgium with 1549%
|
||||
growth of the turnover between 2007 and 2011)
|
||||
</p>
|
||||
|
@ -446,9 +445,6 @@
|
|||
</p><p>
|
||||
It's time to pull out the Ace: the SorrySAP.com domain
|
||||
name that I bought 6 years ago.
|
||||
</p><p>
|
||||
If you want to test the v7 version online, just go
|
||||
<a href="https://www.openerp.com/"> the homepage.</a>
|
||||
</p>
|
||||
</section>
|
||||
]]>
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
.. _changelog:
|
||||
|
||||
Changelog
|
||||
=========
|
||||
|
||||
`trunk (saas-3)`
|
||||
----------------
|
||||
|
||||
- created ``website_blog`` menu, build on defunct document_page module.
|
|
@ -1,10 +0,0 @@
|
|||
Blog Module documentation topics
|
||||
''''''''''''''''''''''''''''''''
|
||||
|
||||
Changelog
|
||||
'''''''''
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
changelog.rst
|
|
@ -1,8 +1,6 @@
|
|||
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
|
||||
blog_blog_all,blog.blog,model_blog_blog,,1,0,0,0
|
||||
blog_post_all,blog.post,model_blog_post,,1,1,0,0
|
||||
blog_post_all,blog.post,model_blog_post,,1,0,0,0
|
||||
blog_post,blog.post,model_blog_post,base.group_document_user,1,1,1,1
|
||||
blog_tag,blog.tag,model_blog_tag,,1,0,0,0
|
||||
blog_tag_edition,blog.tag,model_blog_tag,base.group_document_user,1,1,1,1
|
||||
blog_message_post,mail_message,mail.model_mail_message,base.group_public,1,1,1,0
|
||||
blog_mail_notification,mail_notification,mail.model_mail_notification,base.group_public,1,1,1,0
|
||||
|
|
|
|
@ -9,13 +9,5 @@
|
|||
<field name="groups" eval="[(4, ref('base.group_public'))]"/>
|
||||
</record>
|
||||
|
||||
<record model="ir.rule" id="base.res_partner_portal_public_rule">
|
||||
<field name="name">res_partner: portal/public: read access on my commercial partner</field>
|
||||
<field name="model_id" ref="base.model_res_partner"/>
|
||||
<field name="domain_force">[]</field>
|
||||
<field name="perm_create" eval="False"/>
|
||||
<field name="perm_unlink" eval="False"/>
|
||||
<field name="perm_write" eval="False"/>
|
||||
</record>
|
||||
</data>
|
||||
</openerp>
|
||||
|
|
|
@ -1,33 +0,0 @@
|
|||
-
|
||||
In order to test the document_page in OpenERP, I create a new page to blog blog_blog_1
|
||||
-
|
||||
!record {model: blog.post, id: test_page0}:
|
||||
name: Test Page0
|
||||
blog_id: blog_blog_1
|
||||
content: 'Test content
|
||||
|
||||
The Open ERP wiki allows you to manage your enterprise contents using wiki
|
||||
|
||||
restructured texts. This module provides a collaborative way to manage internal
|
||||
|
||||
FAQs, quality manuals, technical references, etc.'
|
||||
|
||||
-
|
||||
!record {model: blog.post, id: test_page0}:
|
||||
content: 'Test updated content
|
||||
|
||||
The Open ERP wiki allows you to manage your enterprise contents using wiki
|
||||
|
||||
restructured texts. This module provides a collaborative way to manage internal
|
||||
|
||||
FAQs, quality manuals, technical references, etc.
|
||||
|
||||
Wiki text can easily be edited
|
||||
'
|
||||
-
|
||||
I check the page history for the current page by clicking on "Page History".After that find difference between history.
|
||||
-
|
||||
!python {model: blog.post.history.show_diff}: |
|
||||
hist_obj = model.pool.get('blog.post.history')
|
||||
ids = hist_obj.search(cr, uid, [('post_id', '=', ref("test_page0"))])
|
||||
model.get_diff(cr, uid, {'active_ids': ids[:] })
|
Loading…
Reference in New Issue