Commit 540b753bf8 introduced
support for resources stored as ir.attachment records in
asset bundles too.
This is specifically useful for customizations.
However the HTTP route for reaching those resources
when they are *not* in a bundle was originally created
in the `website` module (as a special handling for
404 requests)
This means that these dynamic resources would only
be partially supported when `website` is not installed,
causing various problems:
- missing resources in debug mode where bundles are skipped
- errors when trying to define new client-side Qweb templates
via XML resources - which are loaded with a direct request
- ...
This commit moves back the supporting code to the web module.
The `mimetype` column is not present in ir.attachment without
the `website` module, but sniffing it based on the attachment
name works fine at serving time too.
Closes#6002
The implementation of `ormcache` does not work on methods that take a `context`
parameter. Because of the decorator `decorator`, the arguments of the call are
passed positionally to the method `ormcache.lookup`, and positional arguments
are used in the cache key.
The fix consists in removing the `context` parameter from the faulty methods,
either directly, or by caching a private method called by the public method.
Since revs 53582c2ea6 & f65c913027,
this was no more possible for portal users to read groups
on purpose, for privacy reasons.
fields_get of res.users model is overriden, for
the access rights form view features
(The groups selections and checkboxes).
At each call to fields_get, which happens at each call
to fields_view_get on the res.users model, operations are
done on the model res.groups (basically, to
build the selection groups and checkboxes). So,
each time a view of model res.users is displayed,
whatever the view, operations on res.group model were performed.
The thing is, these operations on res.groups
are actually needed only for the user access rights
view, or at least only for users having the group
Administration > Access rights. These group operations
aren't needed for the preferences view, nor for portal users.
We therefore avoid to do these if the user is not part of the
Administration > Access rights group, which lead to
performances improvment, and solves the fact
portal users couldn't access their user preferences view.
opw-627391
The mappings model._all_columns takes quite some memory (around 2MB per
registry) because of the numerous dictionaries (one per model) and inefficient
memory storage of column_info. Since it is deprecated and almost no longer
used, it can be computed on demand.
The ormcache is now shared among registries. The cached methods use keys like
(DBNAME, MODELNAME, METHOD, args...). This allows registries with high load to
use more cache than other registries.
When a `noupdate` record is processed during an update,
the update_dummy method marks the record as "seen" so
it won't be deleted at the garbage collection step,
and seen as an obsolete external ID.
This needs to be done also for the parent records via
_inherits, because they have also received an implicit
external ID at creation, and must not be garbage
collected, even if their `noupdate` flag (db side)
is not set because the flag was added later.
This rare problem could be reproduced by creating a product
in a module, then referencing it in e.g. a sales order,
then updating the module after changing the product
record to be in a `noupdate` block.
At the end of the update the implicit product.template
record would be garbage collected, and trigger a cascade
deletion of its children - blocked by the SO reference
to the product.
The invalidation in registry was done only if the field's model was already in
registry. This situation is not the case when you create a custom model with a
custom field.
When deleting a server action, its fields_lines were not deleted.
It causes an issue for example in this case:
Create a new custom field on any model
Create a server action with
Action To Do: Write on a Record
Base model: model of the custom field
Add a line in the value mapping,
using the custom field you just created
Delete the server action
Delete the custom field => Throws an error because
required field col1 is not defined
on the ir_server_object_lines object
It's always dangerous because (cascade-)deleting workitems
has a great chance of killing the workflow instances they
belong to, putting the records in the workflow limbo
permanently. (They will appear stuck as they don't have
enough workitems anymore)
In addition, in some rare cases a subflow activity is
converted into a regular activity during an update, and
nullifying the `subflow_id` column is all there is to
fixing the corresponding workitems. It will simply take
them out of their subflow, and back into the main flow.
This is the case for the modification of the purchase.order
workflow in Odoo 8 (saas-5), for the picking subflow.
For public-facing HTML content provided by the user,
`<style>` tags and `style` attributes should be stripped
automatically, as they can easily be abused to deface
pages for abusive users and spammers.
<style> tags were already stripped, the optional `strip_style`
for fields.html enables the automatic stripping of style
attributes.
This is opt-in because custom style attributes are still
desirable in trusted HTML fields.
As custom views validation is done while `self.pool._init` is set,
filter on currently loaded modules was still applied.
As a side effect, only one custom view per base view was validated.
In case this view is depending on another custom inherited view, the
validation failed.
Now force loading all views when validating custom views.
While `apply_inheritance_specs` apply most of its changes inplace, it may
completely replace the `arch_tree` if the root node is replaced.
This new root node wasn't used for `primary` views that inherit from
another.
When the ORM is cleaning up related attachments upon record deletion, the
search() method hides the attachment of the record that is being deleted.
If the same file is used exactly once in another attachment, the reference
count will be 1 and the file will be deleted.
- Translations lookup normally uses the namespace of the current
QWeb template, after merging all inherited views.
But when a QWeb template is "cloned" by a child view using
inheritance with `primary` mode, the translations are more
likely to exist for the original (parent) template, and would not
be found when using only the "child" namespace.
This patch adds support for looking up each translation
also in the parent namespace in this case, if none was found
for the child template in the first place.
- ir.translation's _get_source() now supports a list of res_id
to search for, in addition to a single res_id
- Also moved the logic of routes /website/customize_template_get
and /website/get_view_translations to the ir.ui.view model where
it belongs.
opw: 615241
Closes#5325
This was due to secondary fields loaded from database in 'onchange' mode. In
that mode, the secondary fields were marked 'dirty', and therefore returned by
the method `onchange`. The fix consists in loading those secondary fields in
cache before processing the onchanges.
This incidentally fixes a test on method `onchange`: in a one2many field, some
dirty fields were unexpectedly returned in the result. This was due to those
fields being loaded while processing onchanges.
Column `name` is required in ir.actions, and thus
automatically required in subclasses such as `ir.actions.act_window`
and `ir.actions.act_url`, due to the specific PostgreSQL inheritance
mechanism. Mark it so in the model to make it explicit.
This does not change the database constraints, as they should already
be set though inheritance.
Closes#4861
When you change the country of your company, each field of a company address keeps
its attrs. This is why the company address stays on readonly when use_parent_address
is checked.
Closes#4808
opw: 627033
When you change the country of your company, each field of a company address keeps
its attrs. This is why the company address stays on readonly when use_parent_address
is checked.
Closes#4808
opw: 627033
This fixes a bug introduced by commit f650522bbf
(related fields should not be copied by default). Inherited fields are a
particular case, and given the implementation of copy(), they must be copied if
their original field is copied.
The test on copy() in test_orm has been modified to show the bug.
The creation of a country is not something to create at flight !
The impact could be bigger that what people was expected (no accounting configured, ...).
The bad manipulation is more often the responsible, eg 'Belgium ' was creating a new country with a trailing whitespace, while the user didn't see the difference and use both country withtout making the diff.
In currencies, advanced search with "equals" or "not equals" on rates
was not possible for something else than a date, in server format (crash).
This is because the name field of the model res.currency.rate is a date
This is now possible to search rates with just a float and the equal operators,
it returns currencies which are having at least one rate set to this float value
This is also possible to search rates with the equal operators with a date in
user (context) date format.
If the variable was existing outside the context of the ``foreach``,
the value is copied at the end of the foreach into the global context.
Fix#4461 - Q74531 - Q71486 - Q71675
Acting as a mailing-list-like distribution system, the system used
to set the enveloper sender (aka bounce address) to the From header
of the message, effectively pretending to be the original sender.
In some cases the domain of the From header explicitly forbids
sending emails from external systems (e.g. with a hardfail SPF
record), so this could cause the email to be rejected by some
spam filters, depending on their policies.
The system will now use a local bounce address in the form:
mail-catchall-alias@mail-catchall-domain
or, if no catchall is configured:
postmaster-odoo@mail-catchall-domain
(as soon there is a mail.catchall.domain configured)
It will only fallback to using the From header when no
catchall domain is configured.
Fixes issue #3347.
Closes#3393.
When a stale XML ID exists in the database, `_update_dummy()`
must consider it as missing entirely, and the next call
to `_update()` will take care of cleaning up the old XML ID.
Failing to do so for `noupdate` records means the `_update`
will never happen, and as soon as another record is created
or updated with a relationship to that stale XML ID, it will
plainly crash the installation/update.
Debian does not allow fetching data from external website at runtime.
This fixes the privacy-breach-generic lintian warnings for Debian packaging.
The removed youtube url was a dead link...
[IMP] base: safer locking at user login
When a users connects, a lock is taken on the res_user table to modify the last login date. If another running transaction uses a foreign key to res.users (e.g. write_uid column), postgres may detect the update as a concurrent update and rollback the transaction.
In pg 9.3, the lock_strength parameter 'NO KEY' allows a weaker lock which is less likely to break another transaction.
Fixes#552
These revs. introduced an API change in the _name_search method.
Indeed, the 'operator' attribute used to have 'ilike' as default value.
This cannot be changed, as every modules overriding this method
overrided it using the signature with operator='ilike'
For instance, _name_search method of addons/base/ir/ir_model.py
expects having 'ilike' as operator.
As it was not anymore the case,
it leaded to a crash when performing a name_search call on the model ir.model,
like when adding a new custom field to a model, from the web client.
opw-626161
As entering a wrong value in the grouping field of res.lang,
for instance '[,]', leads to an unavailability of the web interface,
We add a constraint to prevent entering wrong values.
Issue was the propagation of contextual values across actions, more
precisely conserving the selected fiscal year when selecting an account
from the chart of accounts tree view: the chart of accounts tree view is
generally opened for a specific fiscal year, and it seemed sensible that
opening an account would show only the journal items for the previously
selected fiscal years rather than all items ever.
PR #649 altered action.read by tentatively evaluating the action's
context, however this has the side-effect of providing evaluated
contexts when creating or editing actions via the UI, usually breaking
them in the process (as the context at this point is basically
nonsensical for the action's purpose).
This backs out the previous fix, and creates a fix restricted to the
tree view's JS (thereby removing the feature for window actions not
invoked from a tree view).
closes#4677, closes#4690
If a view inherits from another with a different model (typically
product.product view inherits from product.template view), the terms from
the second view were not translated.
Checking on the parent view in case of different model and look up the terms
on this model.
Fixes some of #1755, opw 621512
The image of a contact of a company was wrongly resized.
Use image_small instead of image for correct ratio (anyway 48x48px).
Remove image_preview as always use image_small (was wrongly positioned and
considered as cache attribute, getting '&cache=NaN' urls...)
opw 593992
Revert "[FIX] ir_translation: remove control characters from translations"
This reverts commit 6d4e1cc73e.
This was intended to clean malformed translations but it introduced the side
effect of removing all '\n' in translations.
Fixes#4092, opw 619175
Revert edbd0df
Instead of removing the demo data (demo data is our friend), make the test more
specific, adding a date to match the rate of 1.5289 all year long.
Old demo data hardcoded the currency rate of USD to 1.5289 at the half
of the year, introducting new year red runbot.
Using assertAlmostEquals to avoid values like 32.730000000000004
Loading views for custom models from module data files was not possible because
custom models and fields were introduced into the registry after all modules
were loaded. As a consequence, the view architecture did not pass the checks.
This patch takes a different approach: custom models and fields are loaded
early on in the registry, so that views can be validated. The trick is to take
special care of relational custom fields: we skip them if their comodel does
not appear in the registry. This allows to install and upgrade modules that
create/modify custom models, fields and views for them.
Translations are not transfered from temporary table tmp_ir_translation_import
to ir_translation if translation already exists (using `find_expr`).
In case of import of QWeb terms (name = 'website'), the criteria was too weak,
finding already present terms in translations for different modules.
e.g. term "Quantity" is already present in a QWeb view from sale module and was
not imported for the translations of the website_sale module.
Fixed by adding the filter criteria 'irt.module = ti.module'
In case QWeb translations for the same term in the same modules were added in
two imports (second term added in the future), the second was still ignored.
Changed condition to check the res_id for views as well.
Fixes#4239
During a migration of database, it is possible that some custom field
("x_", state is 'manual') are relational to model from a module that is
not provided.
Note: this used to work in Odoo 7.0 but crashed in 8.0.
Closes#3877
QWeb monetary widget uses the precision of the currency to know the number of
digits to display on a price. The number of digits is based on log10(rounding).
For currency with rounding different than 10^x (e.g. in Switzerland 0.05
to allow 5 cents coins only), the number of displayed digits should be rounded
up. e.g. log10(0.05) is -1.3, rounded up to 2 digits.
Fixes#3233
When deleting a partner with some contacts, if the contacts had selected
the "use parent address" checkbox, the address of the contacts was stucked in
readonly mode (no checkbox to disable it).
Disable use_parent_address for orphan partners.
Fixes#3611#3613
The name_get of res.partner.bank uses the format_layout to generate the name
of the bank. As every field is not required, we may get 'False' in the name.
Replace these missing values by an empty string.
Fixes#3590
This is safer to avoid inadvertently dropping customizations,
and does not impact the normal update/uninstall process, which
is based on the dependency order.
Creating custom fields would crash on a model that has a related field without
string. The crash was caused by the field not being set up, and method
BaseModel._field_create() violating a non-null constraint on the field string.
This has been fixed by setting up fields before updating ir_model_fields.
Deleting a custom field could also cause trouble when that field is inherited
in a child model. In that case, the registry was simply no longer consistent.
The fix is to reload completely the registry.
The modification of custom fields was not reflected on field objects. The fix
applies changes on fields before updating columns accordingly.
The old-api model._all_columns contains information about model._columns and
inherited columns. This dictionary is missing new-api computed non-stored
fields, and the new field objects provide a more readable api...
This commit contains the following changes:
- adapt several methods of BaseModel to use fields instead of columns and
_all_columns
- copy all semantic-free attributes of related fields from their source
- add attribute 'group_operator' on integer and float fields
- base, base_action_rule, crm, edi, hr, mail, mass_mailing, pad,
payment_acquirer, share, website, website_crm, website_mail: simply use
_fields instead of _all_columns
- base, decimal_precision, website: adapt qweb rendering methods to use fields
instead of columns
Add rounding_method parameter on float_round method to offer
HALF-UP (default, usual round) or UP (ceiling) rounding method.
Use the second method instead of math.ceil() for product
reservations.
For UP, the python math.ceil() method uses "torwards infinity"
rounding method while we want "away from zero".
Therefore we use the absolute value of normalized_value to make
sure than -1.8 is rounded to -2.0 and not -1.
Fixes#1125#2793
This is a cherry-pick of d4972ff which was reverted at 333852e due
to remaining issue with negative values.
In some cases (e.g. with record rules), the name_get might not have access
to the parent name. Therefore a parent_name related field solves the
issue (as it read with as superuser).
Compute methods could give results that should not be considered as default
values. For instance, a related field usually defaults to a null value, which
is then set to the field with its inverse method by create(). This may violate
a non-null constraint if the original field is required. Therefore, compute
methods are no longer used to determine default values.
Rev f2cf6ced1 modified RFC2822 parsing in order to better support
unicode characters inside the Name part of an address header.
However the patch broke handling of multiple addresses (comma
separated) - silently discarding all recipients except the
first one, as soon as any non-ASCII character was present.
This patch restores the functionality while preserving the
fix from f2cf6ced1, and simplifies the code using email.utils
utility functions.
Fixes (again) lp:1272610, OPW 607683
This solves a subtle issue: in the following case, the class Bar should
override the default value set by Foo. But in practice it was not working,
because _defaults is looked up before field.default.
class Foo(models.Model):
_name = 'foo'
_columns = {
'foo': fields.char('Foo'),
}
_defaults = {
'foo': "Foo",
}
class Bar(models.Model):
_inherit = 'foo'
foo = fields.Char(default="Bar")
The change makes field.default and the model's _defaults consistent with each
other.
also fix the corresponding text and add explicit sequence number because I
don't understand what the bloody hell it does without that, except that it's
not the right thing. At all.
Consider the following example:
class Foo(models.Model):
_name = 'foo'
_columns = {
'state': fields.selection([('a', 'A')]),
}
class Bar(models.Model):
_inherit = 'foo'
state = fields.Selection(selection_add=[('b', 'B')])
The attribute 'column' of the field does not have the full selection list,
therefore the column object cannot not be reused, even a copy of it. The
solution is to systematically recreate the column from the field's final
specification, except for function fields that have no sensible way for being
recreated.
* fix mapping handling to match JS impl: current value set as _value instead
of being lost
* add handling of integer parameter
* only set _size and _last if current iterable is sized
Changed render_att_att to return an iterable of pairs instead of a pair, and
dispatched t-att on whether its result is a Mapping.
Also changed qweb test runner so it uses ordereddict for JSON mapping in
params, otherwise iteration order (and thus order of attributes in output) is
unpredictable and results don't/can't match expectations (as both are
strings).
Note that this relies on JS implementation details wrt iteration order of
mappings. Tests would probably be somewhat less brittle if rendering output
was parsed to XML... if that's possible (?)
* document qweb based (mostly) on JS version
* convert JS qweb tests to (mostly) language-independent XML so they can be
used for JS and Python implementations
* add some more tests (e.g. precedence between t-value and body in t-set)
* remove ``t-import``
* fix parity in foreach(dict) (and rename some variables to make array and
object versions more similar)
A security has been introduce in eb9113c04d to restrict access to orphan attachments to employees only
Assets need to be build and accessed as superuser, thus
This reverts commit d4972ffdb6.
Seems to break some cases, at least in _product_reserve from stock/stock.py
Actual use case:
SELECT product_uom, sum(product_qty) AS product_qty FROM stock_move WHERE location_dest_id=%s AND location_id<>%s AND product_id=3645 AND state='done' GROUP BY product_uom;
returning 1 | 6
SELECT product_uom,-sum(product_qty) AS product_qty FROM stock_move WHERE location_id=%s AND location_dest_id<>%s AND product_id=%s AND state in ('done', 'assigned') GROUP BY product_uom;
returning 1 | -6
results += cr.dictfetchall()
total = 0.0
results2 = 0.0
for r in results:
amount = uom_obj._compute_qty(cr, uid, r['product_uom'], r['product_qty'], context.get('uom', False))
results2 += amount
total += amount
Total = 1, amount = -5
It should actually be
Total = 0, amount = -6
The Edit button never appeared anymore for these users.
The idea was that they should see an edit button with
limited editing capabilities depending on their other
access rights.
For example, someone with only Sales Manager access and
'Display Editor Bar on Website'
would be able to edit online quotes from the website_quote
module, but not change the actual website pages or menus,
for instance.
Modified product ceiling() to use float_round() with special mode
for rounding UP (away from zero), avoiding pathological cases where
float representations errors were ceiling to the superior unit.
Also added correspding tests for rounding_method=UP
Fixes issue #1125, and replaces PR #1126.