Denis Ledoux
14f3085776
[MERGE] forward port of branch saas-3 up to 77500e5
2014-10-02 15:36:58 +02:00
Denis Ledoux
77500e54ec
[MERGE] forward port of branch 7.0 up to eb9113c
2014-10-02 15:34:02 +02:00
Denis Ledoux
eb9113c04d
[FIX] ir_attachment: restrict access to orphan attachments to employees
2014-10-02 15:17:48 +02:00
Christophe Simonis
780dd9891f
[MERGE] forward port of branch saas-5 up to 7eab880
2014-09-15 14:00:02 +02:00
Christophe Simonis
56f2b7ae0f
[MERGE] forward port of branch saas-3 up to fdc6271
2014-09-12 18:53:48 +02:00
Denis Ledoux
e447a46ec8
[MERGE] forward port of branch 7.0 up to 33e0910
2014-09-09 18:02:30 +02:00
Olivier Dony
a03dfefda9
[FIX] ir.attachment: less non-transactional side-effects during deletion
...
When deleting filesystem-backed attachements, the
deletion on the file-system is not transactional.
In the event of a transaction rollback, the file
deletion would not be rolled back, which is a
dangerous side-effect.
This can happen for example when several transactions
try to delete the same file(s) at the same time.
The duplicate deletions might be detected by the
database (being concurrent update errors), and rolled
back at the point of the DELETE query, to be retried.
If the files have already been deleted in the file
system it before the rollback, it leaves the system
in an inconsistent state, at least temporarily.
One case where we have seen it is when web bundles
are loaded by many web users at the same time, right
after being updated (and thus invalidated).
As they are currently cached as ir.attachment records,
this often causes a corruption of the cache.
2014-09-08 16:52:42 +02:00
Olivier Dony
46784659f9
[IMP] ir.attachment: include traceback when logging low-level filesystem errors
2014-09-08 16:52:41 +02:00
Denis Ledoux
1e374b4ad7
[FIX] ir_attachment: ignore if model uninstalled
...
if the model of an attachement no longer exists (the according module have been uninstalled, for instance), ignore the security check
2014-09-08 10:51:46 +02:00
Christophe Simonis
ada9724655
[MERGE] forward port of branch 7.0 up to 3509e15
2014-08-28 16:12:55 +02:00
Denis Ledoux
72d3697fbc
[FIX] security: externals should be able to read attachements
...
without having the rights to read ir.config_parameter
2014-08-26 12:55:48 +02:00
Martin Trigaux
6dc94f0c4e
Forward port of branch saas-5 up to eda2f06
2014-07-28 16:37:56 +02:00
Denis Ledoux
b4ef87f1ec
[FIX] ir_attachment: _filestore cache ignore uid
...
replace ormcache_context by ormcache: use the context in the cache key is useless
set skiparg=3 (default skiparg=2) so the uid is not used in the cache key: the filestore path is the same for all database users
2014-07-24 11:53:57 +02:00
Christophe Simonis
a5419ca800
[MERGE] forward port of branch saas-5 up to e0759c1
2014-07-15 11:21:59 +02:00
Christophe Simonis
182acc9274
[FIX] base: make ir_attachment._filestore callable with kwargs
2014-07-11 14:58:32 +02:00
Raphael Collet
cbe2dbb672
[MERGE] new v8 api by rco
...
A squashed merge is required as the conversion of the apiculture branch from
bzr to git was not correctly done. The git history contains irrelevant blobs
and commits. This branch brings a lot of changes and fixes, too many to list
exhaustively.
- New orm api, objects are now used instead of ids
- Environements to encapsulates cr uid context while maintaining backward compatibility
- Field compute attribute is a new object oriented way to define function fields
- Shared browse record cache
- New onchange protocol
- Optional copy flag on fields
- Documentation update
- Dead code cleanup
- Lots of fixes
2014-07-06 17:05:41 +02:00
Jaydeep Barot
026e38b48f
[REM] Unnecessary `size` parameters on char fields
2014-06-25 17:13:43 +02:00
Christophe Simonis
979bb51925
[IMP] ir.attachment: add method to force all attachments to use selected storage
...
bzr revid: chs@openerp.com-20140410152039-hyf0yaizw8p4weg0
2014-04-10 17:20:39 +02:00
Christophe Simonis
fdd1f69294
[FIX] duplicate/rename/drop database: handle filestore
...
bzr revid: chs@openerp.com-20140321155659-gvg4br76214lur4l
2014-03-21 16:56:59 +01:00
Antony Lesuisse
38d1ca1ff2
[MERGE] trunk
...
bzr revid: al@openerp.com-20140227161819-p9chmskfifo0rygs
2014-02-27 17:18:19 +01:00
Christophe Simonis
14815d669f
[FIX] attachments: filestore use dbname instead of dbuuid
...
bzr revid: chs@openerp.com-20140117161424-i1ggvzawkjrabbwc
2014-01-17 17:14:24 +01:00
Christophe Simonis
a45b2c6b90
merge upstream
...
bzr revid: chs@openerp.com-20140117092206-ha47ryhjc4ph50nl
2014-01-17 10:22:06 +01:00
Christophe Simonis
c55079f112
[IMP] ir.attachment: active db storage by setting setting to "db"
...
bzr revid: chs@openerp.com-20140116224058-v53fozipvi0obmq1
2014-01-16 23:40:58 +01:00
Christophe Simonis
45d24fd92b
[FIX] ir.attachement: typo s/config_paramater/config_parameter/
...
bzr revid: chs@openerp.com-20140116214722-4804mskx7c21ikk5
2014-01-16 22:47:22 +01:00
Christophe Simonis
3275de5981
[IMP] ir.attachment: filestore is now in data-dir and by default
...
bzr revid: chs@openerp.com-20140116185415-ajia02bsty9joox7
2014-01-16 19:54:15 +01:00
Thibault Delavallée
ab5c23079a
[MERGE] Sync with trunk, solved conflicts.
...
bzr revid: tde@openerp.com-20140116091716-zk1n5ots94i65io5
2014-01-16 10:17:16 +01:00
Denis Ledoux
05aab83eb1
[MERGE] Forward-port of latest 7.0 bugfixes, up to rev. 9743 revid:qdp-launchpad@openerp.com-20140108160719-9i8xhrat49cn9l5e
...
bzr revid: chs@openerp.com-20140107141524-xzz39a2ym66swr0t
bzr revid: chs@openerp.com-20140107172248-zic9mqg0rigy2czb
bzr revid: chs@openerp.com-20140108160418-ph17jgy5hlejj9hr
bzr revid: dle@openerp.com-20140108171400-8r0fwv3wi36w2im0
2014-01-08 18:14:00 +01:00
Thibault Delavallée
7a72d858cb
[MERGE] Sync with trunk
...
bzr revid: tde@openerp.com-20140103151324-jk0u8vmrxxomy5vx
2014-01-03 16:13:24 +01:00
Denis Ledoux
20be322c45
[MERGE] Forward-port of latest 7.0 bugfixes, up to rev. 9684 rev-id: dle@openerp.com-20131209145652-3g9rgnfz1w8k0whw
...
bzr revid: chs@openerp.com-20131202105848-33gcz1715w370rve
bzr revid: dle@openerp.com-20131204150643-is3y0b9n8enh3yql
bzr revid: chs@openerp.com-20131206152726-pirikn7v8pev90ic
bzr revid: dle@openerp.com-20131206162437-b9niay99mirk44qm
bzr revid: tde@openerp.com-20131209102019-kjeg0rx2au1d5e5v
bzr revid: dle@openerp.com-20131209155721-589zihxx8jmvlpvp
2013-12-09 16:57:21 +01:00
Denis Ledoux
fb90e7d572
[FIX]ir_attachement: not self.pool.get(model) instead of model not in self.pool
...
bzr revid: dle@openerp.com-20131206173602-no831oxc6m1kf6lu
2013-12-06 18:36:02 +01:00
Denis Ledoux
4669f05406
[FIX] ir_attachement: search, if the model of the ir_attachement has been removed, the search ignore the attachement.
...
bzr revid: dle@openerp.com-20131206162314-vjpgtag8qhkl1jhk
2013-12-06 17:23:14 +01:00
Christophe Matthieu
8460122209
[MERGE] sync with trunk
...
bzr revid: chm@openerp.com-20131202150856-fzrfcoa8pmsjutau
2013-12-02 16:08:56 +01:00
Denis Ledoux
6fd552c3ce
[MERGE] Forward-port of latest 7.0 bugfixes, up to rev. 5139 rev-id: dle@openerp.com-20131121132305-qjlclgz5v9tze1fr
...
bzr revid: odo@openerp.com-20131120102545-2tlp031yib6viz35
bzr revid: chs@openerp.com-20131120161708-c8sbom592moukwxw
bzr revid: dle@openerp.com-20131121155457-lh7fzouk2upeiu16
2013-11-21 16:54:57 +01:00
Xavier Morel
8e78b40e6a
[MERGE] from trunk
...
bzr revid: xmo@openerp.com-20131115132553-9eqxggih8be63i36
2013-11-15 14:25:53 +01:00
Denis Ledoux
b7988bcc5a
[FIX] ir, ir_attachement: traceback if try to create attachement without res_id, caused by check access rights trying to check if the user had the right to read the object with a res_id 0
...
bzr revid: dle@openerp.com-20131119140246-r8dd7h0di4aigjss
2013-11-19 15:02:46 +01:00
Denis Ledoux
0cf57bdee2
[MERGE] Forward-port of latest saas-1 bugfixes, up to rev. 8800 rev-id: dle@openerp.com-20131031162241-goga1hsvwgyqigzd
...
bzr revid: chs@openerp.com-20131031142325-vo84hk5co2e2phg0
bzr revid: dle@openerp.com-20131031143133-wfus2hag57e73by2
bzr revid: dle@openerp.com-20131031162928-8gpom1ralccy07uc
2013-10-31 17:29:28 +01:00
Christophe Simonis
82211b1ac2
[MERGE] forward port of branch 7.0 up to revid 5113 launchpad_translations_on_behalf_of_openerp-20131031054724-b9dbttdcrl9eccwr
...
bzr revid: chs@openerp.com-20131025103657-pbnqhw11mygyi5jn
bzr revid: chs@openerp.com-20131031142125-7bm00z2jpccf3v6f
2013-10-31 15:21:25 +01:00
Martin Trigaux
e2d6786bc1
[FIX] ir_attachment: fix security issues on ir_attachment
...
check: verify the permissions even when no ids are passed (skipped permission checking for create)
create: verify has the write access on the related model (instead of create, was not checked anyway)
function field: execute the write in fnct_inv as superuser (was impossible to have creation without write access)
bzr revid: mat@openerp.com-20131030084408-t857gl7d4lkbrj5p
2013-10-30 09:44:08 +01:00
Martin Trigaux
15905e78c5
[FIX] ir_attachment: fix security issues on ir_attachment
...
check: verify the permissions even when no ids are passed (skipped permission checking for create)
create: verify has the write access on the related model (instead of create, was not checked anyway)
function field: execute the write in fnct_inv as superuser (was impossible to have creation without write access)
bzr revid: mat@openerp.com-20131029171420-x87wu7ph8ej7mtro
2013-10-29 18:14:20 +01:00
Thibault Delavallée
97f164ba99
[MERGE] Sync with trunk
...
bzr revid: tde@openerp.com-20131028163325-2hpks3hp23zop40n
2013-10-28 17:33:25 +01:00
Olivier Dony
77caeeeba5
[MERGE] Forward-port of latest 7.0 bugfixes, up to rev. 5101 rev-id: odo@openerp.com-20131016105812-844cd9xljvkjwtm3
...
bzr revid: odo@openerp.com-20131016110621-36vvlpn8dgsabyt1
2013-10-16 13:06:21 +02:00
Olivier Dony
06b2ce213c
[FIX] document: overridden ORM methods need to respect API idiosyncrasies, otherwise check() calls may fail
...
bzr revid: odo@openerp.com-20131016105812-844cd9xljvkjwtm3
2013-10-16 12:58:12 +02:00
Olivier Dony
54f740960e
[MERGE] Forward-port of latest saas-1 bugfixes, up to rev. 4912 rev-id: odo@openerp.com-20131016110621-36vvlpn8dgsabyt1
...
bzr revid: odo@openerp.com-20131016111800-jjybreg62bwz61zn
2013-10-16 13:18:00 +02:00
Fabien Pinckaers
29326cd993
[IMP] Add file='...' on <field> tags + [FIX] forced noupdate
...
bzr revid: fp@openerp.com-20130922093113-80p3pig45qbm7lsn
2013-09-22 11:31:13 +02:00
Denis Ledoux
a3f57cd43b
[FIX]ir_attachement: if res_id = 0, allow to read if allowed to read model
...
bzr revid: dle@openerp.com-20130724130936-u1payhg18hcssj0z
2013-07-24 15:09:36 +02:00
Thibault Delavallée
ac791818e0
[MERGE] [CHERRYPICK] Backport of revision 4879 of saas-1 branch.
...
[FIX] ir_attachment: in check, values could coutain a
False res_model; no need to check self.pool[False], obviously. We consider void attachments
as being accessible, because no related document exists.
lp bug: https://launchpad.net/bugs/1171457 fixed
bzr revid: tde@openerp.com-20130530142608-jgu1y7175q8hjkt5
2013-05-30 16:26:08 +02:00
Thibault Delavallée
98bce97f27
[FIX] ir_attachment: in check, values could coutain a
...
False res_model; no need to check self.pool[False], obviously. We consider void attachments
as being accessible, because no related document exists.
Hint: backport me in 7.0
lp bug: https://launchpad.net/bugs/1171457 fixed
bzr revid: tde@openerp.com-20130530142015-rgpf7jw4x34yhoet
2013-05-30 16:20:15 +02:00
Raphael Collet
05851d21ba
[MERGE] from trunk
...
bzr revid: rco@openerp.com-20130411073017-x6e4h8xbvmy3ofdw
2013-04-11 09:30:17 +02:00
Raphael Collet
09be864f1d
[IMP] replace all tests like 'registry.get(X)' by 'X in registry' where X is non static
...
bzr revid: rco@openerp.com-20130329140723-dnrl02saky570xg0
2013-03-29 15:07:23 +01:00
Olivier Dony
3cb01bd596
[FIX] ir.attachment: fix drunken commit 4814
...
bzr revid: odo@openerp.com-20130131145348-00yngxmjfy2eforj
2013-01-31 15:53:48 +01:00