[FIX] web: read_ids of data.js use method search_read if check_access_rule option is true.

This fix is related to revision 3985 revid:dle@openerp.com-20140326142040-pls0dk2kd03z55ro, which did not worked for buffered dataset (virtual one2many line in view form search_read is used instead of read to not return records for which we lose the access rights bzr revid: dle@openerp.com-20140327112456-iyceuf9dnn07hwke
2014-03-27 12:24:56 +01:00 · 2014-03-27 12:24:56 +01:00 · f652402dd7
parent e80a179d02
commit f652402dd7
5 changed files with 27 additions and 22 deletions
--- a/addons/web/static/src/js/data.js
+++ b/addons/web/static/src/js/data.js
@ -457,9 +457,17 @@ instance.web.DataSet =  instance.web.Class.extend(instance.web.PropertiesMixin,
            return $.Deferred().resolve([]);
            
        options = options || {};
-        return this._model.call('read',
-                [ids, fields || false],
-                {context: this.get_context(options.context)})
+        var method = 'read';
+        var ids_arg = ids;
+        var context = this.get_context(options.context);
+        if (options.check_access_rule === true){
+            method = 'search_read';
+            ids_arg = [['id', 'in', ids]];
+            context.active_test = false;
+        }
+        return this._model.call(method,
+                [ids_arg, fields || false],
+                {context: context})
            .then(function (records) {
                if (records.length <= 1) { return records; }
                var indexes = {};
--- a/addons/web/static/src/js/view_form.js
+++ b/addons/web/static/src/js/view_form.js
@ -962,21 +962,17 @@ instance.web.FormView = instance.web.View.extend(instance.web.form.FieldManagerM
            } else {
                var fields = _.keys(self.fields_view.fields);
                fields.push('display_name');
-                // Use of search_read instead of read to check if we can still read the record (security rules)
-                return self.dataset.call('search_read', [[['id', '=', self.dataset.ids[self.dataset.index]]], fields],
+                return self.dataset.read_index(fields,
                    {
                        context: {
                            'bin_size': true,
-                            'future_display_name': true,
-                            'active_test': false
-                        }
+                            'future_display_name': true
+                        },
+                        check_access_rule: true
                    }).then(function(r) {
-                        if (_.isEmpty(r)){
-                            self.do_action('history_back');
-                        }
-                        else{
-                            self.trigger('load_record', r[0]);
-                        }
+                        self.trigger('load_record', r);
+                    }).fail(function (){
+                        self.do_action('history_back');
                    });
            }
        });
--- a/addons/web/static/src/js/view_list.js
+++ b/addons/web/static/src/js/view_list.js
@ -533,14 +533,14 @@ instance.web.ListView = instance.web.View.extend( /** @lends instance.web.ListVi
    },
    reload_record: function (record) {
        var self = this;
-        // Use of search_read instead of read to check if we can still read the record (security rules)
-        return this.dataset.call('search_read', [
-            [['id', '=', record.get('id')]],
+        return this.dataset.read_ids(
+            [record.get('id')],
            _.pluck(_(this.columns).filter(function (r) {
                    return r.tag === 'field';
-                }), 'name')]
+                }), 'name'),
+            {check_access_rule: true}
        ).done(function (records) {
-            var values = _.isEmpty(records) ? undefined : records[0];
+            var values = records[0];
            if (!values) {
                self.records.remove(record);
                return;
--- a/addons/web/static/test/list-editable.js
+++ b/addons/web/static/test/list-editable.js
@ -329,9 +329,9 @@ openerp.testing.section('list.edition.onwrite', {
            throw new Error(JSON.stringify(_.toArray(arguments)));
        });
        mock('demo:search_read', function (args, kwargs) {
-            if (_.isEqual(args[0], [['id', '=', 1]])) {
+            if (_.isEqual(args[0], [['id', 'in', [1]]])) {
                return [{id: 1, a: 'some value'}];
-            } else if (_.isEqual(args[0], [['id', '=', 42]])) {
+            } else if (_.isEqual(args[0], [['id', 'in', [42]]])) {
                return [ {id: 42, a: 'foo'} ];
            }
            throw new Error(JSON.stringify(_.toArray(arguments)));
--- a/addons/web/static/test/list.js
+++ b/addons/web/static/test/list.js
@ -22,7 +22,8 @@ openerp.testing.section('list.buttons', {
            throw new Error(JSON.stringify(_.toArray(arguments)));
        });
        mock('demo:search_read', function (args, kwargs) {
-            if (_.isEqual(args[0], [['id', '=', 2]])) {
+            console.log(args);
+            if (_.isEqual(args[0], [['id', 'in', [2]]])) {
                return [];
            }
            throw new Error(JSON.stringify(_.toArray(arguments)));