odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[IMP] security improvement, removing empty doc 

bzr revid: fp@tinyerp.com-20140322221507-4xya3el8uxsvkfdz
This commit is contained in:
Fabien Pinckaers 2014-03-22 23:15:07 +01:00
parent 552222b14a
commit 48afa1fac7
8 changed files with 34 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
addons/website_blog/__openerp__.py
View File

@ -41,9 +41,7 @@ OpenERP Blog
'demo': [
'data/website_blog_demo.xml'
],
'test': [
'tests/test_website_blog.yml'
],
'test': [],
'qweb': [
'static/src/xml/*.xml'
],

28
addons/website_blog/controllers/main.py
View File

@ -60,7 +60,7 @@ class WebsiteBlog(http.Controller):
page=page,
step=BYPAGE,
)
bids = blog_obj.search(cr, uid, [], offset=(page-1)*BYPAGE, limit=BYPAGE, context=context)
bids = blog_obj.search(cr, uid, [], offset=pager['offset'], limit=BYPAGE, context=context)
blogs = blog_obj.browse(cr, uid, bids, context=context)
return request.website.render("website_blog.latest_blogs", {
'blogs': blogs,
@ -202,7 +202,7 @@ class WebsiteBlog(http.Controller):
d = datetime.now() - datetime.strptime(blog_post.create_date, "%Y-%m-%d %H:%M:%S")
blog_post_obj.write(cr, SUPERUSER_ID, [blog_post.id], {
'visits': blog_post.visits+1,
'ranking': (blog_post.visits+1) * (0.5+random.random()) / max(1, d.days+10)
'ranking': blog_post.visits * (0.5+random.random()) / max(1, d.days+10)
},context=context)
return response
@ -223,13 +223,10 @@ class WebsiteBlog(http.Controller):
def blog_post_comment(self, blog_post_id=0, **post):
cr, uid, context = request.cr, request.uid, request.context
if post.get('comment'):
user = request.registry['res.users'].browse(cr, SUPERUSER_ID, uid, context=context)
group_ids = user.groups_id
group_id = request.registry["ir.model.data"].get_object_reference(cr, uid, 'website_mail', 'group_comment')[1]
if group_id in [group.id for group in group_ids]:
blog_post = request.registry['blog.post']
blog_post.check_access_rights(cr, uid, 'read')
self._blog_post_message(user, blog_post_id, **post)
user = request.registry['res.users'].browse(cr, uid, uid, context=context)
blog_post = request.registry['blog.post']
blog_post.check_access_rights(cr, uid, 'read')
self._blog_post_message(user, blog_post_id, **post)
return werkzeug.utils.redirect(request.httprequest.referrer + "#comments")
@http.route(['/blogpost/post_discussion'], type='json', auth="public", website=True)
@ -237,10 +234,10 @@ class WebsiteBlog(http.Controller):
cr, uid, context = request.cr, request.uid, request.context
values = []
if post.get('comment'):
user = request.registry['res.users'].browse(cr, SUPERUSER_ID, uid, context=context)
user = request.registry['res.users'].browse(cr, uid, uid, context=context)
id = self._blog_post_message(user, blog_post_id, **post)
mail_obj = request.registry.get('mail.message')
post = mail_obj.browse(cr, SUPERUSER_ID, id)
post = mail_obj.browse(cr, uid, id)
values = {
"author_name": post.author_id.name,
"date": post.date,
@ -278,11 +275,12 @@ class WebsiteBlog(http.Controller):
@http.route('/blogpost/get_discussion/', type='json', auth="public", website=True)
def discussion(self, post_id=0, discussion=None, **post):
cr, uid, context = request.cr, request.uid, request.context
mail_obj = request.registry.get('mail.message')
values = []
ids = mail_obj.search(request.cr, SUPERUSER_ID, [('res_id', '=', int(post_id)) ,('model','=','blog.post'), ('discussion', '=', discussion)])
ids = mail_obj.search(cr, uid, [('res_id', '=', int(post_id)) ,('model','=','blog.post'), ('discussion', '=', discussion)])
if ids:
for post in mail_obj.browse(request.cr, SUPERUSER_ID, ids):
for post in mail_obj.browse(cr, uid, ids, context=context):
values.append({
"author_name": post.author_id.name,
"date": post.date,
@ -292,9 +290,9 @@ class WebsiteBlog(http.Controller):
return values
@http.route('/blogpsot/change_background', type='json', auth="public", website=True)
def change_bg(self, post_id=0,image=None, **post):
def change_bg(self, post_id=0, image=None, **post):
post_obj = request.registry.get('blog.post')
values = {'content_image' : image}
ids = post_obj.write(request.cr, SUPERUSER_ID, [int(post_id)], values)
ids = post_obj.write(request.cr, request.uid, [int(post_id)], values, request.context)
return []

42
addons/website_blog/data/website_blog_demo.xml
View File

@ -25,7 +25,7 @@
<field name="website_meta_description">The Future of Emails</field>
<field name="content_image">/website_blog/static/src/img/post1.jpg</field>
<field name="content"><![CDATA[
<section class="mt16 mb16 readable" data-snippet-id='image-text'>
<section class="mt16 mb16 readable">
<iframe width="361" height="200" src="http://www.youtube.com/embed/EkbBFmIWoTE" frameborder="0" allowfullscreen></iframe>
<p>
Emails are broken.
@ -45,7 +45,7 @@
my job in 10 minutes!
</p>
</section>
<section class="mt16 mb16 readable" data-snippet-id='text-image'>
<section class="mt16 mb16 readable">
<p>
At OpenERP, we build tools to bring productivity to
enterprises. As emails and information flows are one of
@ -127,23 +127,23 @@
<field name="tag_ids" eval="[(6, 0, [ref('blog_tag_1')])]"/>
<field name="content_image">/website_blog/static/src/img/post2.jpg</field>
<field name="content">
<![CDATA[<section class="mt16 mb16 readable" data-snippet-id='image-text'>
<div class="col-md-12">
<![CDATA[<section class="row readable">
<div class="col-md-12 mb32">
<img class="img-responsive" src="/website_blog/static/src/img/CMS_WMS_screens.jpg"/>
</div>
<div class="col-md-6 col-md-offset-3 mb16 mt16">
<p class="text-center">
New Features Launched
</p>
<h4 class="text-center">
<p class="text-center">
To add to an already comprehensive set of OpenERP
features, a website content management system (CMS
or WMS) has been developed and a beta release is
available from today, 31st January 2014.
</h4>
</p>
</div>
</section>
<section class="readable" data-snippet-id='text'>
<section class="readable">
<p>
OpenERP claims to be 'the Open Source software that makes
building your company's website and selling your products
@ -158,11 +158,13 @@
enterprise to compete at a level of functionality and
performance previously reserved for the big IT investors."
</p>
<h4>
"Finally, the leading edge is being brought to the masses.
It will now be the turn of the big players to catch up to
the superior technologies of the SME."
</h4>
<blockquote>
<p>
"Finally, the leading edge is being brought to the masses.
It will now be the turn of the big players to catch up to
the superior technologies of the SME."
</p>
</blockquote>
<p>
"This is another clever and highly disruptive move by
OpenERP,which will force other technology providers to
@ -252,8 +254,6 @@
years of industry experience across many platforms.
</p>
</section>
]]>
</field>
</record>
@ -266,7 +266,7 @@
<field name="website_meta_description">Sorry SAP Campaign - The Making Of</field>
<field name="content_image">/website_blog/static/src/img/post3.jpg</field>
<field name="content"><![CDATA[
<section class="readable" data-snippet-id="text">
<section class="readable">
<p>I needed to change the world. I wanted to ... You know how
it is when you are young; you have big dreams, a lot of energ
and naïve stupidity. My dream was to lead the enterprise
@ -275,7 +275,7 @@
self-financed company but I failed this one by a few months).
</p>
</section>
<section class="readable" data-snippet-id="text-image">
<section class="readable">
<p>
To fuel my motivation, I had to pick someone to fight
against. In business, it's like a playground. When you
@ -330,8 +330,8 @@
We wanted to switch from a service company to a software
publisher company. This would allow to increase our efforts
in our research and development activities. As a result,
we <a href="http://v6.openerp.com/node/465">changed our
business model</a> and decided to stop our services to
we changed our
business model and decided to stop our services to
customers and focus on building a strong partner network
and maintenance offer. This would cost money, so I had to
raise a few million euros.
@ -406,8 +406,7 @@
more lucid than I am. Every week I complained to her "it's
not good enough, we should grow faster, what am I missing?"
and she used to reply; "But you already are the
<a href="http://v6.openerp.com/node/1244/2012/10">
fastest growing company in Belgium!". </a>(Deloitte awarded
fastest growing company in Belgium!". (Deloitte awarded
us as the fastest growing company of Belgium with 1549%
growth of the turnover between 2007 and 2011)
</p>
@ -446,9 +445,6 @@
</p><p>
It's time to pull out the Ace: the SorrySAP.com domain
name that I bought 6 years ago.
</p><p>
If you want to test the v7 version online, just go
<a href="https://www.openerp.com/"> the homepage.</a>
</p>
</section>
]]>

9
addons/website_blog/doc/changelog.rst
View File

@ -1,9 +0,0 @@
.. _changelog:
Changelog
=========
`trunk (saas-3)`
----------------
- created ``website_blog`` menu, build on defunct document_page module.

10
addons/website_blog/doc/index.rst
View File

@ -1,10 +0,0 @@
Blog Module documentation topics
''''''''''''''''''''''''''''''''
Changelog
'''''''''
.. toctree::
:maxdepth: 1
changelog.rst

4
addons/website_blog/security/ir.model.access.csv
View File

@ -1,8 +1,6 @@
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
blog_blog_all,blog.blog,model_blog_blog,,1,0,0,0
blog_post_all,blog.post,model_blog_post,,1,1,0,0
blog_post_all,blog.post,model_blog_post,,1,0,0,0
blog_post,blog.post,model_blog_post,base.group_document_user,1,1,1,1
blog_tag,blog.tag,model_blog_tag,,1,0,0,0
blog_tag_edition,blog.tag,model_blog_tag,base.group_document_user,1,1,1,1
blog_message_post,mail_message,mail.model_mail_message,base.group_public,1,1,1,0
blog_mail_notification,mail_notification,mail.model_mail_notification,base.group_public,1,1,1,0

1 id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
2 blog_blog_all blog.blog model_blog_blog 1 0 0 0
3 blog_post_all blog.post model_blog_post 1 1 0 0 0
4 blog_post blog.post model_blog_post base.group_document_user 1 1 1 1
5 blog_tag blog.tag model_blog_tag 1 0 0 0
6 blog_tag_edition blog.tag model_blog_tag base.group_document_user 1 1 1 1
blog_message_post mail_message mail.model_mail_message base.group_public 1 1 1 0
blog_mail_notification mail_notification mail.model_mail_notification base.group_public 1 1 1 0

8
addons/website_blog/security/website_blog.xml
View File

@ -9,13 +9,5 @@
<field name="groups" eval="[(4, ref('base.group_public'))]"/>
</record>
<record model="ir.rule" id="base.res_partner_portal_public_rule">
<field name="name">res_partner: portal/public: read access on my commercial partner</field>
<field name="model_id" ref="base.model_res_partner"/>
<field name="domain_force">[]</field>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
<field name="perm_write" eval="False"/>
</record>
</data>
</openerp>

33
addons/website_blog/tests/test_website_blog.yml
View File

@ -1,33 +0,0 @@
-
In order to test the document_page in OpenERP, I create a new page to blog blog_blog_1
-
!record {model: blog.post, id: test_page0}:
name: Test Page0
blog_id: blog_blog_1
content: 'Test content
The Open ERP wiki allows you to manage your enterprise contents using wiki
restructured texts. This module provides a collaborative way to manage internal
FAQs, quality manuals, technical references, etc.'
-
!record {model: blog.post, id: test_page0}:
content: 'Test updated content
The Open ERP wiki allows you to manage your enterprise contents using wiki
restructured texts. This module provides a collaborative way to manage internal
FAQs, quality manuals, technical references, etc.
Wiki text can easily be edited
'
-
I check the page history for the current page by clicking on "Page History".After that find difference between history.
-
!python {model: blog.post.history.show_diff}: |
hist_obj = model.pool.get('blog.post.history')
ids = hist_obj.search(cr, uid, [('post_id', '=', ref("test_page0"))])
model.get_diff(cr, uid, {'active_ids': ids[:] })