[FIX] web: read_ids of data.js use method search_read if check_access_rule option is true.
This fix is related to revision 3985 revid:dle@openerp.com-20140326142040-pls0dk2kd03z55ro, which did not worked for buffered dataset (virtual one2many line in view form search_read is used instead of read to not return records for which we lose the access rights bzr revid: dle@openerp.com-20140327112456-iyceuf9dnn07hwke
This commit is contained in:
parent
e80a179d02
commit
f652402dd7
|
@ -457,9 +457,17 @@ instance.web.DataSet = instance.web.Class.extend(instance.web.PropertiesMixin,
|
||||||
return $.Deferred().resolve([]);
|
return $.Deferred().resolve([]);
|
||||||
|
|
||||||
options = options || {};
|
options = options || {};
|
||||||
return this._model.call('read',
|
var method = 'read';
|
||||||
[ids, fields || false],
|
var ids_arg = ids;
|
||||||
{context: this.get_context(options.context)})
|
var context = this.get_context(options.context);
|
||||||
|
if (options.check_access_rule === true){
|
||||||
|
method = 'search_read';
|
||||||
|
ids_arg = [['id', 'in', ids]];
|
||||||
|
context.active_test = false;
|
||||||
|
}
|
||||||
|
return this._model.call(method,
|
||||||
|
[ids_arg, fields || false],
|
||||||
|
{context: context})
|
||||||
.then(function (records) {
|
.then(function (records) {
|
||||||
if (records.length <= 1) { return records; }
|
if (records.length <= 1) { return records; }
|
||||||
var indexes = {};
|
var indexes = {};
|
||||||
|
|
|
@ -962,21 +962,17 @@ instance.web.FormView = instance.web.View.extend(instance.web.form.FieldManagerM
|
||||||
} else {
|
} else {
|
||||||
var fields = _.keys(self.fields_view.fields);
|
var fields = _.keys(self.fields_view.fields);
|
||||||
fields.push('display_name');
|
fields.push('display_name');
|
||||||
// Use of search_read instead of read to check if we can still read the record (security rules)
|
return self.dataset.read_index(fields,
|
||||||
return self.dataset.call('search_read', [[['id', '=', self.dataset.ids[self.dataset.index]]], fields],
|
|
||||||
{
|
{
|
||||||
context: {
|
context: {
|
||||||
'bin_size': true,
|
'bin_size': true,
|
||||||
'future_display_name': true,
|
'future_display_name': true
|
||||||
'active_test': false
|
},
|
||||||
}
|
check_access_rule: true
|
||||||
}).then(function(r) {
|
}).then(function(r) {
|
||||||
if (_.isEmpty(r)){
|
self.trigger('load_record', r);
|
||||||
self.do_action('history_back');
|
}).fail(function (){
|
||||||
}
|
self.do_action('history_back');
|
||||||
else{
|
|
||||||
self.trigger('load_record', r[0]);
|
|
||||||
}
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
|
@ -533,14 +533,14 @@ instance.web.ListView = instance.web.View.extend( /** @lends instance.web.ListVi
|
||||||
},
|
},
|
||||||
reload_record: function (record) {
|
reload_record: function (record) {
|
||||||
var self = this;
|
var self = this;
|
||||||
// Use of search_read instead of read to check if we can still read the record (security rules)
|
return this.dataset.read_ids(
|
||||||
return this.dataset.call('search_read', [
|
[record.get('id')],
|
||||||
[['id', '=', record.get('id')]],
|
|
||||||
_.pluck(_(this.columns).filter(function (r) {
|
_.pluck(_(this.columns).filter(function (r) {
|
||||||
return r.tag === 'field';
|
return r.tag === 'field';
|
||||||
}), 'name')]
|
}), 'name'),
|
||||||
|
{check_access_rule: true}
|
||||||
).done(function (records) {
|
).done(function (records) {
|
||||||
var values = _.isEmpty(records) ? undefined : records[0];
|
var values = records[0];
|
||||||
if (!values) {
|
if (!values) {
|
||||||
self.records.remove(record);
|
self.records.remove(record);
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -329,9 +329,9 @@ openerp.testing.section('list.edition.onwrite', {
|
||||||
throw new Error(JSON.stringify(_.toArray(arguments)));
|
throw new Error(JSON.stringify(_.toArray(arguments)));
|
||||||
});
|
});
|
||||||
mock('demo:search_read', function (args, kwargs) {
|
mock('demo:search_read', function (args, kwargs) {
|
||||||
if (_.isEqual(args[0], [['id', '=', 1]])) {
|
if (_.isEqual(args[0], [['id', 'in', [1]]])) {
|
||||||
return [{id: 1, a: 'some value'}];
|
return [{id: 1, a: 'some value'}];
|
||||||
} else if (_.isEqual(args[0], [['id', '=', 42]])) {
|
} else if (_.isEqual(args[0], [['id', 'in', [42]]])) {
|
||||||
return [ {id: 42, a: 'foo'} ];
|
return [ {id: 42, a: 'foo'} ];
|
||||||
}
|
}
|
||||||
throw new Error(JSON.stringify(_.toArray(arguments)));
|
throw new Error(JSON.stringify(_.toArray(arguments)));
|
||||||
|
|
|
@ -22,7 +22,8 @@ openerp.testing.section('list.buttons', {
|
||||||
throw new Error(JSON.stringify(_.toArray(arguments)));
|
throw new Error(JSON.stringify(_.toArray(arguments)));
|
||||||
});
|
});
|
||||||
mock('demo:search_read', function (args, kwargs) {
|
mock('demo:search_read', function (args, kwargs) {
|
||||||
if (_.isEqual(args[0], [['id', '=', 2]])) {
|
console.log(args);
|
||||||
|
if (_.isEqual(args[0], [['id', 'in', [2]]])) {
|
||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
throw new Error(JSON.stringify(_.toArray(arguments)));
|
throw new Error(JSON.stringify(_.toArray(arguments)));
|
||||||
|
|
Loading…
Reference in New Issue