[FIX] [IMP] mail: mail_message: when checking that access rights are not
violated in _search, do it in SQL to speedup the query. Indeed doing it via search and browsing the results to validate the various rules is quite costly.
This commit is contained in:
parent
3211ff7c78
commit
863b361707
|
@ -616,10 +616,12 @@ class mail_message(osv.Model):
|
|||
"""
|
||||
# Rules do not apply to administrator
|
||||
if uid == SUPERUSER_ID:
|
||||
return super(mail_message, self)._search(cr, uid, args, offset=offset, limit=limit, order=order,
|
||||
return super(mail_message, self)._search(
|
||||
cr, uid, args, offset=offset, limit=limit, order=order,
|
||||
context=context, count=count, access_rights_uid=access_rights_uid)
|
||||
# Perform a super with count as False, to have the ids, not a counter
|
||||
ids = super(mail_message, self)._search(cr, uid, args, offset=offset, limit=limit, order=order,
|
||||
ids = super(mail_message, self)._search(
|
||||
cr, uid, args, offset=offset, limit=limit, order=order,
|
||||
context=context, count=False, access_rights_uid=access_rights_uid)
|
||||
if not ids and count:
|
||||
return 0
|
||||
|
@ -630,14 +632,20 @@ class mail_message(osv.Model):
|
|||
author_ids, partner_ids, allowed_ids = set([]), set([]), set([])
|
||||
model_ids = {}
|
||||
|
||||
messages = super(mail_message, self).read(cr, uid, ids, ['author_id', 'model', 'res_id', 'notified_partner_ids'], context=context)
|
||||
for message in messages:
|
||||
if message.get('author_id') and message.get('author_id')[0] == pid:
|
||||
author_ids.add(message.get('id'))
|
||||
elif pid in message.get('notified_partner_ids'):
|
||||
partner_ids.add(message.get('id'))
|
||||
elif message.get('model') and message.get('res_id'):
|
||||
model_ids.setdefault(message.get('model'), {}).setdefault(message.get('res_id'), set()).add(message.get('id'))
|
||||
# check read access rights before checking the actual rules on the given ids
|
||||
super(mail_message, self).check_access_rights(cr, access_rights_uid or uid, 'read')
|
||||
|
||||
cr.execute("""SELECT DISTINCT m.id, m.model, m.res_id, m.author_id, n.partner_id
|
||||
FROM "%s" m LEFT JOIN "mail_notification" n
|
||||
ON n.message_id=m.id AND n.partner_id = (%%s)
|
||||
WHERE m.id = ANY (%%s)""" % self._table, (pid, ids,))
|
||||
for id, rmod, rid, author_id, partner_id in cr.fetchall():
|
||||
if author_id == pid:
|
||||
author_ids.add(id)
|
||||
elif partner_id == pid:
|
||||
partner_ids.add(id)
|
||||
elif rmod and rid:
|
||||
model_ids.setdefault(rmod, {}).setdefault(rid, set()).add(id)
|
||||
|
||||
allowed_ids = self._find_allowed_doc_ids(cr, uid, model_ids, context=context)
|
||||
final_ids = author_ids | partner_ids | allowed_ids
|
||||
|
@ -753,7 +761,7 @@ class mail_message(osv.Model):
|
|||
if not other_ids:
|
||||
return
|
||||
raise orm.except_orm(_('Access Denied'),
|
||||
_('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') % \
|
||||
_('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: %s, Operation: %s)') %
|
||||
(self._description, operation))
|
||||
|
||||
def _get_record_name(self, cr, uid, values, context=None):
|
||||
|
|
Loading…
Reference in New Issue