[FIX] web: use search_read instead of read on form reload and record reload in list, to check if the user can still read the record

bzr revid: dle@openerp.com-20140326142040-pls0dk2kd03z55ro
2014-03-26 15:20:40 +01:00 · 2014-03-26 15:20:40 +01:00 · 7acaaf5894
parent b9d9e781d5 162ad1c0f1
commit 7acaaf5894
4 changed files with 37 additions and 15 deletions
--- a/addons/web/static/src/js/view_form.js
+++ b/addons/web/static/src/js/view_form.js
@ -962,14 +962,21 @@ instance.web.FormView = instance.web.View.extend(instance.web.form.FieldManagerM
            } else {
                var fields = _.keys(self.fields_view.fields);
                fields.push('display_name');
-                return self.dataset.read_index(fields,
+                // Use of search_read instead of read to check if we can still read the record (security rules)
+                return self.dataset.call('search_read', [[['id', '=', self.dataset.ids[self.dataset.index]]], fields],
                    {
                        context: {
                            'bin_size': true,
-                            'future_display_name': true
+                            'future_display_name': true,
+                            'active_test': false
                        }
                    }).then(function(r) {
-                        self.trigger('load_record', r);
+                        if (_.isEmpty(r)){
+                            self.do_action('history_back');
+                        }
+                        else{
+                            self.trigger('load_record', r[0]);
+                        }
                    });
            }
        });
--- a/addons/web/static/src/js/view_list.js
+++ b/addons/web/static/src/js/view_list.js
@ -533,13 +533,14 @@ instance.web.ListView = instance.web.View.extend( /** @lends instance.web.ListVi
    },
    reload_record: function (record) {
        var self = this;
-        return this.dataset.read_ids(
-            [record.get('id')],
+        // Use of search_read instead of read to check if we can still read the record (security rules)
+        return this.dataset.call('search_read', [
+            [['id', '=', record.get('id')]],
            _.pluck(_(this.columns).filter(function (r) {
                    return r.tag === 'field';
-                }), 'name')
+                }), 'name')]
        ).done(function (records) {
-            var values = records[0];
+            var values = _.isEmpty(records) ? undefined : records[0];
            if (!values) {
                self.records.remove(record);
                return;
--- a/addons/web/static/test/list-editable.js
+++ b/addons/web/static/test/list-editable.js
@ -81,7 +81,7 @@ openerp.testing.section('editor', {
    test('toggle-edition-save', {
        asserts: 4,
        setup: function (instance, $s, mock) {
-            mock('test.model:read', function () {
+            mock('test.model:search_read', function () {
                return [{id: 42, a: false, b: false, c: false}];
            });
        }
@ -183,6 +183,15 @@ openerp.testing.section('list.edition', {
            }
            return [];
        });
+        mock('demo:search_read', function (args) {
+            // args[0][0] = ["id", "=", 42] 
+            // args[0][0] = 42
+            var id = args[0][0][2];
+            if (id in records) {
+                return [records[id]];
+            }
+            return [];
+        });
        mock('demo:fields_view_get', function () {
            return {
                type: 'tree',
@ -316,11 +325,13 @@ openerp.testing.section('list.edition.onwrite', {
        mock('demo:read', function (args, kwargs) {
            if (_.isEmpty(args[0])) {
                return [];
-            } else if (_.isEqual(args[0], [1])) {
-                return [
-                    {id: 1, a: 'some value'}
-                ];
-            } else if (_.isEqual(args[0], [42])) {
+            }
+            throw new Error(JSON.stringify(_.toArray(arguments)));
+        });
+        mock('demo:search_read', function (args, kwargs) {
+            if (_.isEqual(args[0], [['id', '=', 1]])) {
+                return [{id: 1, a: 'some value'}];
+            } else if (_.isEqual(args[0], [['id', '=', 42]])) {
                return [ {id: 42, a: 'foo'} ];
            }
            throw new Error(JSON.stringify(_.toArray(arguments)));
--- a/addons/web/static/test/list.js
+++ b/addons/web/static/test/list.js
@ -18,8 +18,11 @@ openerp.testing.section('list.buttons', {
                return [
                    {id: 1, a: 'foo'}, {id: 2, a: 'bar'}, {id: 3, a: 'baz'}
                ];
-            } else if (_.isEqual(args[0], [2])) {
-                // button action virtually removed record
+            }
+            throw new Error(JSON.stringify(_.toArray(arguments)));
+        });
+        mock('demo:search_read', function (args, kwargs) {
+            if (_.isEqual(args[0], [['id', '=', 2]])) {
                return [];
            }
            throw new Error(JSON.stringify(_.toArray(arguments)));