From 4c335588a1f5d6d1f03e17aa20e37ffe4197447c Mon Sep 17 00:00:00 2001 From: Bhavik Bagdiya Date: Tue, 19 Aug 2014 10:37:54 +0530 Subject: [PATCH 01/20] [FIX] web: grid headers should be aligned properly --- addons/web/static/src/css/base.css | 1 + addons/web/static/src/css/base.sass | 1 + 2 files changed, 2 insertions(+) diff --git a/addons/web/static/src/css/base.css b/addons/web/static/src/css/base.css index d221dfba409..463876f92b3 100644 --- a/addons/web/static/src/css/base.css +++ b/addons/web/static/src/css/base.css @@ -2842,6 +2842,7 @@ .openerp .oe_list_content td, .openerp .oe_list_content th { padding: 3px 6px; line-height: 18px; + white-space: nowrap; } .openerp .oe_list_content th.oe_sortable, .openerp .oe_list_content th.oe_sortable div { cursor: pointer; diff --git a/addons/web/static/src/css/base.sass b/addons/web/static/src/css/base.sass index 05270c0b68f..b1b866684b1 100644 --- a/addons/web/static/src/css/base.sass +++ b/addons/web/static/src/css/base.sass @@ -2287,6 +2287,7 @@ $sheet-padding: 16px td, th padding: 3px 6px line-height: 18px + white-space: nowrap th.oe_sortable, th.oe_sortable div cursor: pointer th.oe_sortable div From b160f99e2d0e5eb2de176f3e3dbcd7f3aa843c22 Mon Sep 17 00:00:00 2001 From: Martin Trigaux Date: Fri, 22 Aug 2014 12:49:39 +0200 Subject: [PATCH 02/20] [FIX] fetchmail: do not delete a failing email when using POP In case of IMAP, the email is simply set as read but in case of POP, the email is deleted. To avoid loosing data (e.g. misconfiguration of server), the email is kept for POP. Bug lp:1296724, opw 605667 --- addons/fetchmail/fetchmail.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/fetchmail/fetchmail.py b/addons/fetchmail/fetchmail.py index 515881e8582..4d32cc13139 100644 --- a/addons/fetchmail/fetchmail.py +++ b/addons/fetchmail/fetchmail.py @@ -236,12 +236,12 @@ openerp_mailgate: "|/path/to/openerp-mailgate.py --host=localhost -u %(uid)d -p save_original=server.original, strip_attachments=(not server.attach), context=context) + pop_server.dele(num) except Exception: _logger.exception('Failed to process mail from %s server %s.', server.type, server.name) failed += 1 if res_id and server.action_id: action_pool.run(cr, uid, [server.action_id.id], {'active_id': res_id, 'active_ids': [res_id], 'active_model': context.get("thread_model", server.object_id.model)}) - pop_server.dele(num) cr.commit() _logger.info("Fetched %d email(s) on %s server %s; %d succeeded, %d failed.", numMsgs, server.type, server.name, (numMsgs - failed), failed) except Exception: From 73546f70ca16ff9bcb51d62273ac3ec6b810e6c4 Mon Sep 17 00:00:00 2001 From: Martin Trigaux Date: Fri, 22 Aug 2014 15:29:23 +0200 Subject: [PATCH 03/20] [FIX] point_of_sale: generate bank statement with commerical partner When a pos session is closed & confirmed, the account.move were generated with the commercial partner except for the bank statement which prevented automatic reconciliation. This patch uses the commercial partner also for bank statement. Fixes #1558, #1764 --- addons/point_of_sale/point_of_sale.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/point_of_sale/point_of_sale.py b/addons/point_of_sale/point_of_sale.py index 2768cf8aa44..a6131bca31b 100644 --- a/addons/point_of_sale/point_of_sale.py +++ b/addons/point_of_sale/point_of_sale.py @@ -757,12 +757,12 @@ class pos_order(osv.osv): 'amount': data['amount'], 'date': data.get('payment_date', time.strftime('%Y-%m-%d')), 'name': order.name + ': ' + (data.get('payment_name', '') or ''), + 'partner_id': order.partner_id and self.pool.get("res.partner")._find_accounting_partner(order.partner_id).id or False, } account_def = property_obj.get(cr, uid, 'property_account_receivable', 'res.partner', context=context) args['account_id'] = (order.partner_id and order.partner_id.property_account_receivable \ and order.partner_id.property_account_receivable.id) or (account_def and account_def.id) or False - args['partner_id'] = order.partner_id and order.partner_id.id or None if not args['account_id']: if not args['partner_id']: From bc3991b4c58d20969816c644dd57bae68b103ba8 Mon Sep 17 00:00:00 2001 From: Ravish Murari Date: Thu, 7 Aug 2014 18:04:42 +0530 Subject: [PATCH 04/20] [FIX] board: Do not offer to create dashboard when there is no action In case we have no defined action (e.g. redirection by python code), adding a dashboard should not be possible as the rendering based on the action. This patch hides the 'Add to Dashboard' button in search view (opw 611288) --- addons/board/static/src/js/dashboard.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/board/static/src/js/dashboard.js b/addons/board/static/src/js/dashboard.js index 65737ad234e..d2587c87add 100644 --- a/addons/board/static/src/js/dashboard.js +++ b/addons/board/static/src/js/dashboard.js @@ -424,7 +424,7 @@ instance.web.SearchView.include({ add_common_inputs: function() { this._super(); var vm = this.getParent().getParent(); - if (vm.inner_action && vm.inner_action.views) { + if (vm.inner_action && vm.inner_action.id && vm.inner_action.views) { (new instance.board.AddToDashboard(this)); } } From 9b3f3fecfe5e5487dce6c24b1ee18a5b23faf474 Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Mon, 25 Aug 2014 14:51:03 +0200 Subject: [PATCH 05/20] [FIX] hr_holidays: employees cannot approve their holidays Nor modify once approved It wasn't possible for employees to approve their holidays themself, thanks to the GUI, but this was possible through xmlrpc calls, or when altering the html directly in the browser. Besides, this was also possible to edit the holiday through the same trick once the holiday validated --- addons/hr_holidays/hr_holidays.py | 4 ++++ addons/hr_holidays/security/ir_rule.xml | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/addons/hr_holidays/hr_holidays.py b/addons/hr_holidays/hr_holidays.py index fbe72a1898c..38130149825 100644 --- a/addons/hr_holidays/hr_holidays.py +++ b/addons/hr_holidays/hr_holidays.py @@ -305,10 +305,14 @@ class hr_holidays(osv.osv): if context is None: context = {} context = dict(context, mail_create_nolog=True) + if values.get('state') and values['state'] not in ['draft', 'confirm', 'cancel'] and not self.pool['res.users'].has_group(cr, uid, 'base.group_hr_user'): + raise osv.except_osv(_('Warning!'), _('You cannot set a leave request as \'%s\'. Contact a human resource manager.') % values.get('state')) return super(hr_holidays, self).create(cr, uid, values, context=context) def write(self, cr, uid, ids, vals, context=None): check_fnct = self.pool.get('hr.holidays.status').check_access_rights + if vals.get('state') and vals['state'] not in ['draft', 'confirm', 'cancel'] and not self.pool['res.users'].has_group(cr, uid, 'base.group_hr_user'): + raise osv.except_osv(_('Warning!'), _('You cannot set a leave request as \'%s\'. Contact a human resource manager.') % vals.get('state')) for holiday in self.browse(cr, uid, ids, context=context): if holiday.state in ('validate','validate1') and not check_fnct(cr, uid, 'write', raise_exception=False): raise osv.except_osv(_('Warning!'),_('You cannot modify a leave request that has been approved. Contact a human resource manager.')) diff --git a/addons/hr_holidays/security/ir_rule.xml b/addons/hr_holidays/security/ir_rule.xml index ff0270026a4..3aa2d4db052 100644 --- a/addons/hr_holidays/security/ir_rule.xml +++ b/addons/hr_holidays/security/ir_rule.xml @@ -5,6 +5,17 @@ Employee Holidays [('employee_id.user_id','=',user.id)] + + + + + + + + Employee Holidays Create, Write, Unlink + + [('employee_id.user_id','=',user.id), ('state', 'in', ['draft', 'confirm', 'cancel'])] + From 180c4734a6eeca87f9a69873a48fe707570e3849 Mon Sep 17 00:00:00 2001 From: Daniel Dico Date: Mon, 25 Aug 2014 11:19:43 -0400 Subject: [PATCH 06/20] [FIX] product_visible_discount: use order date to compute currency instead of current date --- addons/product_visible_discount/product_visible_discount.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/addons/product_visible_discount/product_visible_discount.py b/addons/product_visible_discount/product_visible_discount.py index 6ce35a741e2..595deba1983 100644 --- a/addons/product_visible_discount/product_visible_discount.py +++ b/addons/product_visible_discount/product_visible_discount.py @@ -90,9 +90,11 @@ class sale_order_line(osv.osv): if so_pricelist.visible_discount and list_price[pricelist] != 0 and new_list_price != 0: if product.company_id and so_pricelist.currency_id.id != product.company_id.currency_id.id: # new_list_price is in company's currency while price in pricelist currency + ctx = context.copy() + ctx['date'] = date_order new_list_price = self.pool['res.currency'].compute(cr, uid, product.company_id.currency_id.id, so_pricelist.currency_id.id, - new_list_price, context=context) + new_list_price, context=ctx) discount = (new_list_price - price) / new_list_price * 100 if discount > 0: result['price_unit'] = new_list_price From f880d89cc473d725405bd694550e64b6a56f9d96 Mon Sep 17 00:00:00 2001 From: Daniel Dico Date: Mon, 25 Aug 2014 11:16:35 -0400 Subject: [PATCH 07/20] [FIX] sale_order_line: use order date to compute currency instead of current date --- addons/sale_margin/sale_margin.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/addons/sale_margin/sale_margin.py b/addons/sale_margin/sale_margin.py index dc8c4dfff3c..72d252a7c11 100644 --- a/addons/sale_margin/sale_margin.py +++ b/addons/sale_margin/sale_margin.py @@ -31,11 +31,15 @@ class sale_order_line(osv.osv): lang=lang, update_tax=update_tax, date_order=date_order, packaging=packaging, fiscal_position=fiscal_position, flag=flag, context=context) if not pricelist: return res + if context is None: + context = {} frm_cur = self.pool.get('res.users').browse(cr, uid, uid).company_id.currency_id.id to_cur = self.pool.get('product.pricelist').browse(cr, uid, [pricelist])[0].currency_id.id if product: purchase_price = self.pool.get('product.product').browse(cr, uid, product).standard_price - price = self.pool.get('res.currency').compute(cr, uid, frm_cur, to_cur, purchase_price, round=False) + ctx = context.copy() + ctx['date'] = date_order + price = self.pool.get('res.currency').compute(cr, uid, frm_cur, to_cur, purchase_price, round=False, context=ctx) res['value'].update({'purchase_price': price}) return res From 4b446550c620280884cd29de9b56b51fae672aab Mon Sep 17 00:00:00 2001 From: TheCloneMaster Date: Mon, 25 Aug 2014 01:16:45 -0600 Subject: [PATCH 08/20] [FIX] hw_escpos: Replaced "tab" by space call to self.open() had a tab instead of spaces --- addons/hw_escpos/escpos/printer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/hw_escpos/escpos/printer.py b/addons/hw_escpos/escpos/printer.py index dd5aa93e361..523f9a39779 100644 --- a/addons/hw_escpos/escpos/printer.py +++ b/addons/hw_escpos/escpos/printer.py @@ -31,7 +31,7 @@ class Usb(Escpos): self.interface = interface self.in_ep = in_ep self.out_ep = out_ep - self.open() + self.open() def open(self): From e7f8425a3add575b17e1c0c75e19e699f48847b0 Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Tue, 26 Aug 2014 10:56:44 +0200 Subject: [PATCH 09/20] Revert "[FIX] web: grid headers should be aligned properly" This reverts commit 4c335588a1f5d6d1f03e17aa20e37ffe4197447c. It leads to table widths inconsistencies: The tables take more width then before, and overflow much more than before. This can be seen in "Accounting" > "Journal Entries", in the list of the form view --- addons/web/static/src/css/base.css | 1 - addons/web/static/src/css/base.sass | 1 - 2 files changed, 2 deletions(-) diff --git a/addons/web/static/src/css/base.css b/addons/web/static/src/css/base.css index 463876f92b3..d221dfba409 100644 --- a/addons/web/static/src/css/base.css +++ b/addons/web/static/src/css/base.css @@ -2842,7 +2842,6 @@ .openerp .oe_list_content td, .openerp .oe_list_content th { padding: 3px 6px; line-height: 18px; - white-space: nowrap; } .openerp .oe_list_content th.oe_sortable, .openerp .oe_list_content th.oe_sortable div { cursor: pointer; diff --git a/addons/web/static/src/css/base.sass b/addons/web/static/src/css/base.sass index b1b866684b1..05270c0b68f 100644 --- a/addons/web/static/src/css/base.sass +++ b/addons/web/static/src/css/base.sass @@ -2287,7 +2287,6 @@ $sheet-padding: 16px td, th padding: 3px 6px line-height: 18px - white-space: nowrap th.oe_sortable, th.oe_sortable div cursor: pointer th.oe_sortable div From 80017b04c2fefe895659f56e5e8d34bd59093e13 Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Tue, 26 Aug 2014 12:50:04 +0200 Subject: [PATCH 10/20] [FIX] security: ir.config_parameter should not be readable by externals --- addons/mail/mail_alias.py | 2 +- addons/mail/static/src/js/announcement.js | 2 ++ addons/web/static/src/js/chrome.js | 3 +++ openerp/addons/base/security/ir.model.access.csv | 2 +- 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/addons/mail/mail_alias.py b/addons/mail/mail_alias.py index 91ee6bd1f33..bd935498bc8 100644 --- a/addons/mail/mail_alias.py +++ b/addons/mail/mail_alias.py @@ -59,7 +59,7 @@ class mail_alias(osv.Model): def _get_alias_domain(self, cr, uid, ids, name, args, context=None): ir_config_parameter = self.pool.get("ir.config_parameter") - domain = ir_config_parameter.get_param(cr, uid, "mail.catchall.domain", context=context) + domain = ir_config_parameter.get_param(cr, SUPERUSER_ID, "mail.catchall.domain", context=context) return dict.fromkeys(ids, domain or "") _columns = { diff --git a/addons/mail/static/src/js/announcement.js b/addons/mail/static/src/js/announcement.js index 0dd438d13af..d76e32a5fe8 100644 --- a/addons/mail/static/src/js/announcement.js +++ b/addons/mail/static/src/js/announcement.js @@ -36,6 +36,8 @@ openerp_announcement = function(instance) { }); $('head').append($css); + }).fail(function(result, ev){ + ev.preventDefault(); }); } }); diff --git a/addons/web/static/src/js/chrome.js b/addons/web/static/src/js/chrome.js index 9d69b908f4d..04f903ff9aa 100644 --- a/addons/web/static/src/js/chrome.js +++ b/addons/web/static/src/js/chrome.js @@ -1155,6 +1155,9 @@ instance.web.UserMenu = instance.web.Widget.extend({ scope: 'userinfo', }; instance.web.redirect('https://accounts.openerp.com/oauth2/auth?'+$.param(params)); + }).fail(function(result, ev){ + ev.preventDefault(); + instance.web.redirect('https://accounts.openerp.com/web'); }); } }, diff --git a/openerp/addons/base/security/ir.model.access.csv b/openerp/addons/base/security/ir.model.access.csv index 3fa980f4368..04416f23758 100644 --- a/openerp/addons/base/security/ir.model.access.csv +++ b/openerp/addons/base/security/ir.model.access.csv @@ -111,7 +111,7 @@ "access_multi_company_default user","multi_company_default all","model_multi_company_default",,1,0,0,0 "access_multi_company_default manager","multi_company_default Manager","model_multi_company_default","group_erp_manager",1,1,1,1 "access_ir_filter all","ir_filters all","model_ir_filters",,1,1,1,1 -"access_ir_config_parameter","ir_config_parameter","model_ir_config_parameter",,1,0,0,0 +"access_ir_config_parameter","ir_config_parameter","model_ir_config_parameter","group_user",1,0,0,0 "access_ir_config_parameter_system","ir_config_parameter_system","model_ir_config_parameter","group_system",1,1,1,1 "access_ir_mail_server","ir_mail_server","model_ir_mail_server","group_system",1,1,1,1 "access_ir_actions_client","ir_actions_client all","model_ir_actions_client",,1,0,0,0 From 72d3697fbc77eca9ad8abf43a81bb13a0a8bfb65 Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Tue, 26 Aug 2014 12:55:48 +0200 Subject: [PATCH 11/20] [FIX] security: externals should be able to read attachements without having the rights to read ir.config_parameter --- openerp/addons/base/ir/ir_attachment.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/openerp/addons/base/ir/ir_attachment.py b/openerp/addons/base/ir/ir_attachment.py index 43d13126f3b..2c0af45ee66 100644 --- a/openerp/addons/base/ir/ir_attachment.py +++ b/openerp/addons/base/ir/ir_attachment.py @@ -121,7 +121,7 @@ class ir_attachment(osv.osv): if context is None: context = {} result = {} - location = self.pool.get('ir.config_parameter').get_param(cr, uid, 'ir_attachment.location') + location = self.pool.get('ir.config_parameter').get_param(cr, SUPERUSER_ID, 'ir_attachment.location') bin_size = context.get('bin_size') for attach in self.browse(cr, uid, ids, context=context): if location and attach.store_fname: @@ -136,7 +136,7 @@ class ir_attachment(osv.osv): return True if context is None: context = {} - location = self.pool.get('ir.config_parameter').get_param(cr, uid, 'ir_attachment.location') + location = self.pool.get('ir.config_parameter').get_param(cr, SUPERUSER_ID, 'ir_attachment.location') file_size = len(value.decode('base64')) if location: attach = self.browse(cr, uid, id, context=context) @@ -284,7 +284,7 @@ class ir_attachment(osv.osv): if isinstance(ids, (int, long)): ids = [ids] self.check(cr, uid, ids, 'unlink', context=context) - location = self.pool.get('ir.config_parameter').get_param(cr, uid, 'ir_attachment.location') + location = self.pool.get('ir.config_parameter').get_param(cr, SUPERUSER_ID, 'ir_attachment.location') if location: for attach in self.browse(cr, uid, ids, context=context): if attach.store_fname: From 53582c2ea6c165a03d03cbb52bd8525eff444d90 Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Tue, 26 Aug 2014 13:31:41 +0200 Subject: [PATCH 12/20] [FIX] security: res.groups should be readable by admins only --- addons/portal/acquirer.py | 3 ++- openerp/addons/base/security/ir.model.access.csv | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/addons/portal/acquirer.py b/addons/portal/acquirer.py index 9c18b597a1b..c48853b1706 100644 --- a/addons/portal/acquirer.py +++ b/addons/portal/acquirer.py @@ -22,6 +22,7 @@ import logging from urllib import quote as quote +from openerp import SUPERUSER_ID from openerp.osv import osv, fields from openerp.tools.translate import _ from openerp.tools import float_repr @@ -75,7 +76,7 @@ class acquirer(osv.Model): link = '#action=account.action_account_config' payment_header = _('You can finish the configuration in the Bank&Cash settings') % link amount = _('No online payment acquirers configured') - group_ids = self.pool.get('res.users').browse(cr, uid, uid, context=context).groups_id + group_ids = self.pool.get('res.users').browse(cr, SUPERUSER_ID, uid, context=context).groups_id if any(group.is_portal for group in group_ids): return '' else: diff --git a/openerp/addons/base/security/ir.model.access.csv b/openerp/addons/base/security/ir.model.access.csv index 04416f23758..54f34858360 100644 --- a/openerp/addons/base/security/ir.model.access.csv +++ b/openerp/addons/base/security/ir.model.access.csv @@ -53,7 +53,6 @@ "access_res_currency_group_system","res_currency group_system","model_res_currency","group_system",1,1,1,1 "access_res_currency_rate_group_system","res_currency_rate group_system","model_res_currency_rate","group_system",1,1,1,1 "access_res_groups_group_erp_manager","res_groups group_erp_manager","model_res_groups","group_erp_manager",1,1,1,1 -"access_res_groups_group_user","res_groups group_user","model_res_groups",,1,0,0,0 "access_res_lang_group_all","res_lang group_all","model_res_lang",,1,0,0,0 "access_res_lang_group_user","res_lang group_user","model_res_lang","group_system",1,1,1,1 "access_res_partner_group_partner_manager","res_partner group_partner_manager","model_res_partner","group_partner_manager",1,1,1,1 From 3f7f2a51faa5659f5ae0d22ab722a15be076981e Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Tue, 26 Aug 2014 15:35:47 +0200 Subject: [PATCH 13/20] [FIX] security: remove read access on company critical fields --- addons/auth_ldap/users_ldap.py | 2 +- addons/base_gengo/res_company.py | 8 ++++---- addons/pad/pad.py | 3 ++- addons/pad/res_company.py | 2 +- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/addons/auth_ldap/users_ldap.py b/addons/auth_ldap/users_ldap.py index f6a5d5f25de..a09b6839ab9 100644 --- a/addons/auth_ldap/users_ldap.py +++ b/addons/auth_ldap/users_ldap.py @@ -238,7 +238,7 @@ class res_company(osv.osv): _inherit = "res.company" _columns = { 'ldaps': fields.one2many( - 'res.company.ldap', 'company', 'LDAP Parameters'), + 'res.company.ldap', 'company', 'LDAP Parameters', groups="base.group_system"), } res_company() diff --git a/addons/base_gengo/res_company.py b/addons/base_gengo/res_company.py index 3d038ac0813..448df8d558c 100644 --- a/addons/base_gengo/res_company.py +++ b/addons/base_gengo/res_company.py @@ -26,10 +26,10 @@ class res_company(osv.Model): _name = "res.company" _inherit = "res.company" _columns = { - "gengo_private_key": fields.text("Gengo Private Key"), - "gengo_public_key": fields.text("Gengo Public Key"), - "gengo_comment": fields.text("Comments", help="This comment will be automatically be enclosed in each an every request sent to Gengo"), - "gengo_auto_approve": fields.boolean("Auto Approve Translation ?", help="Jobs are Automatically Approved by Gengo."), + "gengo_private_key": fields.text("Gengo Private Key", groups="base.group_system"), + "gengo_public_key": fields.text("Gengo Public Key", groups="base.group_user"), + "gengo_comment": fields.text("Comments", help="This comment will be automatically be enclosed in each an every request sent to Gengo", groups="base.group_user"), + "gengo_auto_approve": fields.boolean("Auto Approve Translation ?", help="Jobs are Automatically Approved by Gengo.", groups="base.group_user"), } _defaults = { diff --git a/addons/pad/pad.py b/addons/pad/pad.py index 1379e06f184..b79d2f01ca8 100644 --- a/addons/pad/pad.py +++ b/addons/pad/pad.py @@ -5,6 +5,7 @@ import re import string import urllib2 import logging +from openerp import SUPERUSER_ID from openerp.tools.translate import _ from openerp.tools import html2plaintext from py_etherpad import EtherpadLiteClient @@ -19,7 +20,7 @@ class pad_common(osv.osv_memory): return bool(user.company_id.pad_server) def pad_generate_url(self, cr, uid, context=None): - company = self.pool.get('res.users').browse(cr, uid, uid, context=context).company_id; + company = self.pool.get('res.users').browse(cr, SUPERUSER_ID, uid, context=context).company_id pad = { "server" : company.pad_server, diff --git a/addons/pad/res_company.py b/addons/pad/res_company.py index 95f1d9c1118..02c034c3df6 100644 --- a/addons/pad/res_company.py +++ b/addons/pad/res_company.py @@ -5,7 +5,7 @@ class company_pad(osv.osv): _inherit = 'res.company' _columns = { 'pad_server': fields.char('Pad Server', help="Etherpad lite server. Example: beta.primarypad.com"), - 'pad_key': fields.char('Pad Api Key', help="Etherpad lite api key."), + 'pad_key': fields.char('Pad Api Key', help="Etherpad lite api key.", groups="base.group_system"), } From dd86d41eb4d1e756901b9d1fedbd242c98a08f41 Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Tue, 26 Aug 2014 16:17:24 +0200 Subject: [PATCH 14/20] [FIX] security: disallow read on ir.sequence for externals --- openerp/addons/base/security/ir.model.access.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openerp/addons/base/security/ir.model.access.csv b/openerp/addons/base/security/ir.model.access.csv index 54f34858360..27333efa20c 100644 --- a/openerp/addons/base/security/ir.model.access.csv +++ b/openerp/addons/base/security/ir.model.access.csv @@ -28,7 +28,7 @@ "access_ir_property_group_user_manager","ir_property group_manager","model_ir_property","base.group_partner_manager",1,1,1,0 "access_ir_rule_group_user","ir_rule group_user","model_ir_rule",,1,0,0,0 "access_ir_rule_group_erp_manager","ir_rule group_erp_manager","model_ir_rule","group_erp_manager",1,1,1,1 -"access_ir_sequence_group_user","ir_sequence group_user","model_ir_sequence",,1,0,0,0 +"access_ir_sequence_group_user","ir_sequence group_user","model_ir_sequence","group_user",1,0,0,0 "access_ir_sequence_group_system","ir_sequence group_system","model_ir_sequence","group_system",1,1,1,1 "access_ir_sequence_type_group_user","ir_sequence_type group_user","model_ir_sequence_type",,1,0,0,0 "access_ir_sequence_type_group_system","ir_sequence_type group_system","model_ir_sequence_type","group_system",1,1,1,1 From 1f4f0c07681a3fd512c6f388e4c090e2e19d5baf Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Tue, 26 Aug 2014 17:32:04 +0200 Subject: [PATCH 15/20] [FIX] email_template: security, email_template no rights for externals --- addons/email_template/security/ir.model.access.csv | 2 +- addons/email_template/wizard/mail_compose_message.py | 2 +- addons/email_template/wizard/mail_compose_message_view.xml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/addons/email_template/security/ir.model.access.csv b/addons/email_template/security/ir.model.access.csv index adce0420793..80be050ecbc 100644 --- a/addons/email_template/security/ir.model.access.csv +++ b/addons/email_template/security/ir.model.access.csv @@ -1,3 +1,3 @@ id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink -access_email_template,email.template,model_email_template,,1,1,1,0 +access_email_template,email.template,model_email_template,base.group_user,1,1,1,0 access_email_template_system,email.template system,model_email_template,base.group_system,1,1,1,1 diff --git a/addons/email_template/wizard/mail_compose_message.py b/addons/email_template/wizard/mail_compose_message.py index 22bb53beae3..f39cc7f3a90 100644 --- a/addons/email_template/wizard/mail_compose_message.py +++ b/addons/email_template/wizard/mail_compose_message.py @@ -58,7 +58,7 @@ class mail_compose_message(osv.TransientModel): _columns = { # incredible hack of the day: size=-1 means we want an int db column instead of an str one - 'template_id': fields.selection(_get_templates, 'Template', size=-1), + 'template_id': fields.selection(_get_templates, 'Template', size=-1, groups="base.group_user"), } def send_mail(self, cr, uid, ids, context=None): diff --git a/addons/email_template/wizard/mail_compose_message_view.xml b/addons/email_template/wizard/mail_compose_message_view.xml index 34a2112e1ac..01c81e12bf3 100644 --- a/addons/email_template/wizard/mail_compose_message_view.xml +++ b/addons/email_template/wizard/mail_compose_message_view.xml @@ -6,6 +6,7 @@ mail.compose.message.form mail.compose.message + From 362221b6f544b550383defec630530a65a6d3cf0 Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Tue, 26 Aug 2014 18:10:14 +0200 Subject: [PATCH 16/20] [FIX] resource: security, resource not readable by externals --- addons/resource/security/ir.model.access.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/resource/security/ir.model.access.csv b/addons/resource/security/ir.model.access.csv index 533ad419274..b4dc86e2250 100644 --- a/addons/resource/security/ir.model.access.csv +++ b/addons/resource/security/ir.model.access.csv @@ -2,5 +2,5 @@ id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink access_resource_calendar,resource.calendar,model_resource_calendar,base.group_system,1,1,1,1 access_resource_calendar_attendance,resource.calendar.attendance,model_resource_calendar_attendance,base.group_system,1,1,1,1 access_resource_resource,resource.resource,model_resource_resource,base.group_system,1,0,0,0 -access_resource_resource_all,resource.resource all,model_resource_resource,,1,0,0,0 +access_resource_resource_all,resource.resource all,model_resource_resource,base.group_user,1,0,0,0 access_resource_calendar_leaves,resource.calendar.leaves,model_resource_calendar_leaves,base.group_system,1,1,1,1 From 23df2ec28a996e624ed44f3f248df9662a1ff88f Mon Sep 17 00:00:00 2001 From: Nicolas Seinlet Date: Wed, 27 Aug 2014 11:48:40 +0200 Subject: [PATCH 17/20] [FIX] sale: on create, set taxes if product_id_change called --- addons/sale/sale.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/addons/sale/sale.py b/addons/sale/sale.py index 8326fb4a1e5..b3fa9a0ef9a 100644 --- a/addons/sale/sale.py +++ b/addons/sale/sale.py @@ -862,6 +862,8 @@ class sale_order_line(osv.osv): flag=False, # Force name update context=context )['value'] + if defaults.get('tax_id'): + defaults['tax_id'] = [[6, 0, defaults['tax_id']]] values = dict(defaults, **values) return super(sale_order_line, self).create(cr, uid, values, context=context) From df5633dcab8a009a68cc85d8fe1bef2cafb413c6 Mon Sep 17 00:00:00 2001 From: Ravi Gohil Date: Thu, 7 Aug 2014 04:07:09 +0530 Subject: [PATCH 18/20] [FIX] account: avoid date and cache issues Explicitely refresh invoice browse_record(...) in order to have correct 'date' in account.move. Use context_today() date instead of time.strftime() for date_invoice. (opw 611210) --- addons/account/account_invoice.py | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/addons/account/account_invoice.py b/addons/account/account_invoice.py index 6c938e22f17..1e4bc7ad230 100644 --- a/addons/account/account_invoice.py +++ b/addons/account/account_invoice.py @@ -566,7 +566,7 @@ class account_invoice(osv.osv): if isinstance(ids, (int, long)): ids = [ids] if not date_invoice: - date_invoice = time.strftime('%Y-%m-%d') + date_invoice = fields.date.context_today(self, cr, uid) if not payment_term_id: inv = self.browse(cr, uid, ids[0]) #To make sure the invoice due date should contain due date which is entered by user when there is no payment term defined @@ -840,7 +840,7 @@ class account_invoice(osv.osv): cur_obj = self.pool.get('res.currency') for i in invoice_move_lines: if inv.currency_id.id != company_currency: - context.update({'date': inv.date_invoice or time.strftime('%Y-%m-%d')}) + context.update({'date': inv.date_invoice or fields.date.context_today(self, cr, uid, context=context)}) i['currency_id'] = inv.currency_id.id i['amount_currency'] = i['price'] i['price'] = cur_obj.compute(cr, uid, inv.currency_id.id, @@ -912,7 +912,8 @@ class account_invoice(osv.osv): ctx = context.copy() ctx.update({'lang': inv.partner_id.lang}) if not inv.date_invoice: - self.write(cr, uid, [inv.id], {'date_invoice': fields.date.context_today(self,cr,uid,context=context)}, context=ctx) + self.write(cr, uid, [inv.id], {'date_invoice': fields.date.context_today(self, cr, uid, context=context)}, context=ctx) + inv.refresh() company_currency = self.pool['res.company'].browse(cr, uid, inv.company_id.id).currency_id.id # create the analytical lines # one move line per invoice line @@ -1008,11 +1009,9 @@ class account_invoice(osv.osv): 'ref': ref }) - date = inv.date_invoice or time.strftime('%Y-%m-%d') - part = self.pool.get("res.partner")._find_accounting_partner(inv.partner_id) - line = map(lambda x:(0,0,self.line_get_convert(cr, uid, x, part.id, date, context=ctx)),iml) + line = map(lambda x:(0,0,self.line_get_convert(cr, uid, x, part.id, inv.date_invoice, context=ctx)),iml) line = self.group_lines(cr, uid, iml, line, inv) @@ -1028,7 +1027,7 @@ class account_invoice(osv.osv): 'ref': inv.reference and inv.reference or inv.name, 'line_id': line, 'journal_id': journal_id, - 'date': date, + 'date': inv.date_invoice, 'narration': inv.comment, 'company_id': inv.company_id.id, } @@ -1244,7 +1243,7 @@ class account_invoice(osv.osv): refund_journal_ids = obj_journal.search(cr, uid, [('type','=','sale_refund')], context=context) if not date: - date = time.strftime('%Y-%m-%d') + date = fields.date.context_today(self, cr, uid, context=context) invoice_data.update({ 'type': type_dict[invoice['type']], 'date_invoice': date, @@ -1681,7 +1680,7 @@ class account_invoice_tax(osv.osv): if company_id: company_currency = company_obj.read(cr, uid, [company_id], ['currency_id'])[0]['currency_id'][0] if currency_id and company_currency: - base = cur_obj.compute(cr, uid, currency_id, company_currency, base*factor, context={'date': date_invoice or time.strftime('%Y-%m-%d')}, round=False) + base = cur_obj.compute(cr, uid, currency_id, company_currency, base*factor, context={'date': date_invoice or fields.date.context_today(self, cr, uid)}, round=False) return {'value': {'base_amount':base}} def amount_change(self, cr, uid, ids, amount, currency_id=False, company_id=False, date_invoice=False): @@ -1694,7 +1693,7 @@ class account_invoice_tax(osv.osv): if company_id: company_currency = company_obj.read(cr, uid, [company_id], ['currency_id'])[0]['currency_id'][0] if currency_id and company_currency: - amount = cur_obj.compute(cr, uid, currency_id, company_currency, amount*factor, context={'date': date_invoice or time.strftime('%Y-%m-%d')}, round=False) + amount = cur_obj.compute(cr, uid, currency_id, company_currency, amount*factor, context={'date': date_invoice or fields.date.context_today(self, cr, uid)}, round=False) return {'value': {'tax_amount': amount}} _order = 'sequence' @@ -1723,15 +1722,15 @@ class account_invoice_tax(osv.osv): if inv.type in ('out_invoice','in_invoice'): val['base_code_id'] = tax['base_code_id'] val['tax_code_id'] = tax['tax_code_id'] - val['base_amount'] = cur_obj.compute(cr, uid, inv.currency_id.id, company_currency, val['base'] * tax['base_sign'], context={'date': inv.date_invoice or time.strftime('%Y-%m-%d')}, round=False) - val['tax_amount'] = cur_obj.compute(cr, uid, inv.currency_id.id, company_currency, val['amount'] * tax['tax_sign'], context={'date': inv.date_invoice or time.strftime('%Y-%m-%d')}, round=False) + val['base_amount'] = cur_obj.compute(cr, uid, inv.currency_id.id, company_currency, val['base'] * tax['base_sign'], context={'date': inv.date_invoice or fields.date.context_today(self, cr, uid, context=context)}, round=False) + val['tax_amount'] = cur_obj.compute(cr, uid, inv.currency_id.id, company_currency, val['amount'] * tax['tax_sign'], context={'date': inv.date_invoice or fields.date.context_today(self, cr, uid, context=context)}, round=False) val['account_id'] = tax['account_collected_id'] or line.account_id.id val['account_analytic_id'] = tax['account_analytic_collected_id'] else: val['base_code_id'] = tax['ref_base_code_id'] val['tax_code_id'] = tax['ref_tax_code_id'] - val['base_amount'] = cur_obj.compute(cr, uid, inv.currency_id.id, company_currency, val['base'] * tax['ref_base_sign'], context={'date': inv.date_invoice or time.strftime('%Y-%m-%d')}, round=False) - val['tax_amount'] = cur_obj.compute(cr, uid, inv.currency_id.id, company_currency, val['amount'] * tax['ref_tax_sign'], context={'date': inv.date_invoice or time.strftime('%Y-%m-%d')}, round=False) + val['base_amount'] = cur_obj.compute(cr, uid, inv.currency_id.id, company_currency, val['base'] * tax['ref_base_sign'], context={'date': inv.date_invoice or fields.date.context_today(self, cr, uid, context=context)}, round=False) + val['tax_amount'] = cur_obj.compute(cr, uid, inv.currency_id.id, company_currency, val['amount'] * tax['ref_tax_sign'], context={'date': inv.date_invoice or fields.date.context_today(self, cr, uid, context=context)}, round=False) val['account_id'] = tax['account_paid_id'] or line.account_id.id val['account_analytic_id'] = tax['account_analytic_paid_id'] From 3509e15cc9abd8ee662acbe8a450c534d5a48645 Mon Sep 17 00:00:00 2001 From: Leonardo Donelli Date: Fri, 27 Jun 2014 17:30:16 +0200 Subject: [PATCH 19/20] [IMP] report_sxw: missing parameter without_company for display_address Fixes #811 --- openerp/report/report_sxw.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openerp/report/report_sxw.py b/openerp/report/report_sxw.py index bde915b8919..9f0f62b07f5 100644 --- a/openerp/report/report_sxw.py +++ b/openerp/report/report_sxw.py @@ -324,8 +324,11 @@ class rml_parse(object): res='%s %s'%(currency_obj.symbol, res) return res - def display_address(self, address_browse_record): - return self.pool.get('res.partner')._display_address(self.cr, self.uid, address_browse_record) + def display_address(self, address_browse_record, without_company=False): + return self.pool.get('res.partner')._display_address( + self.cr, self.uid, address_browse_record, + without_company=without_company + ) def repeatIn(self, lst, name,nodes_parent=False): ret_lst = [] From 04a56d8f6b401da3c6849dd5581938657e6f450f Mon Sep 17 00:00:00 2001 From: Denis Ledoux Date: Wed, 27 Aug 2014 18:13:53 +0200 Subject: [PATCH 20/20] [FIX] website_blog: controllers blog expects a date, not a datetime --- addons/website_blog/controllers/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/website_blog/controllers/main.py b/addons/website_blog/controllers/main.py index 2e1477e8f2d..6b43f49e700 100644 --- a/addons/website_blog/controllers/main.py +++ b/addons/website_blog/controllers/main.py @@ -37,7 +37,7 @@ class WebsiteBlog(http.Controller): groups = blog_post_obj.read_group(request.cr, request.uid, [], ['name', 'create_date'], groupby="create_date", orderby="create_date asc", context=request.context) for group in groups: - group['date'] = "%s_%s" % (group['__domain'][0][2], group['__domain'][1][2]) + group['date'] = "%s_%s" % (group['__domain'][0][2][:10], group['__domain'][1][2][:10]) return groups @http.route([