odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity
91,170 Commits 3 Branches 0 Tags 961 MiB
Commit Graph

79 Commits

Author SHA1 Message Date
Denis Ledoux 14f3085776 [MERGE] forward port of branch saas-3 up to 77500e5 2014-10-02 15:36:58 +02:00
Denis Ledoux 77500e54ec [MERGE] forward port of branch 7.0 up to eb9113c 2014-10-02 15:34:02 +02:00
Denis Ledoux eb9113c04d [FIX] ir_attachment: restrict access to orphan attachments to employees 2014-10-02 15:17:48 +02:00
Christophe Simonis 780dd9891f [MERGE] forward port of branch saas-5 up to 7eab880 2014-09-15 14:00:02 +02:00
Christophe Simonis 56f2b7ae0f [MERGE] forward port of branch saas-3 up to fdc6271 2014-09-12 18:53:48 +02:00
Denis Ledoux e447a46ec8 [MERGE] forward port of branch 7.0 up to 33e0910 2014-09-09 18:02:30 +02:00
Olivier Dony a03dfefda9 [FIX] ir.attachment: less non-transactional side-effects during deletion 
When deleting filesystem-backed attachements, the
deletion on the file-system is not transactional.
In the event of a transaction rollback, the file
deletion would not be rolled back, which is a
dangerous side-effect.

This can happen for example when several transactions
try to delete the same file(s) at the same time.
The duplicate deletions might be detected by the
database (being concurrent update errors), and rolled
back at the point of the DELETE query, to be retried.
If the files have already been deleted in the file
system it before the rollback, it leaves the system
in an inconsistent state, at least temporarily.

One case where we have seen it is when web bundles
are loaded by many web users at the same time, right
after being updated (and thus invalidated).
As they are currently cached as ir.attachment records,
this often causes a corruption of the cache.
 2014-09-08 16:52:42 +02:00
Olivier Dony 46784659f9 [IMP] ir.attachment: include traceback when logging low-level filesystem errors 2014-09-08 16:52:41 +02:00
Denis Ledoux 1e374b4ad7 [FIX] ir_attachment: ignore if model uninstalled 
if the model of an attachement no longer exists (the according module have been uninstalled, for instance), ignore the security check
 2014-09-08 10:51:46 +02:00
Christophe Simonis ada9724655 [MERGE] forward port of branch 7.0 up to 3509e15 2014-08-28 16:12:55 +02:00
Denis Ledoux 72d3697fbc [FIX] security: externals should be able to read attachements 
without having the rights to read ir.config_parameter
 2014-08-26 12:55:48 +02:00
Martin Trigaux 6dc94f0c4e Forward port of branch saas-5 up to eda2f06 2014-07-28 16:37:56 +02:00
Denis Ledoux b4ef87f1ec [FIX] ir_attachment: _filestore cache ignore uid 
replace ormcache_context by ormcache: use the context in the cache key is useless
set skiparg=3 (default skiparg=2) so the uid is not used in the cache key: the filestore path is the same for all database users
 2014-07-24 11:53:57 +02:00
Christophe Simonis a5419ca800 [MERGE] forward port of branch saas-5 up to e0759c1 2014-07-15 11:21:59 +02:00
Christophe Simonis 182acc9274 [FIX] base: make ir_attachment._filestore callable with kwargs 2014-07-11 14:58:32 +02:00
Raphael Collet cbe2dbb672 [MERGE] new v8 api by rco 
A squashed merge is required as the conversion of the apiculture branch from
bzr to git was not correctly done. The git history contains irrelevant blobs
and commits. This branch brings a lot of changes and fixes, too many to list
exhaustively.

- New orm api, objects are now used instead of ids
- Environements to encapsulates cr uid context while maintaining backward compatibility
- Field compute attribute is a new object oriented way to define function fields
- Shared browse record cache
- New onchange protocol
- Optional copy flag on fields
- Documentation update
- Dead code cleanup
- Lots of fixes
 2014-07-06 17:05:41 +02:00
Jaydeep Barot 026e38b48f [REM] Unnecessary `size` parameters on char fields 2014-06-25 17:13:43 +02:00
Christophe Simonis 979bb51925 [IMP] ir.attachment: add method to force all attachments to use selected storage 
bzr revid: chs@openerp.com-20140410152039-hyf0yaizw8p4weg0
 2014-04-10 17:20:39 +02:00
Christophe Simonis fdd1f69294 [FIX] duplicate/rename/drop database: handle filestore 
bzr revid: chs@openerp.com-20140321155659-gvg4br76214lur4l
 2014-03-21 16:56:59 +01:00
Antony Lesuisse 38d1ca1ff2 [MERGE] trunk 
bzr revid: al@openerp.com-20140227161819-p9chmskfifo0rygs
 2014-02-27 17:18:19 +01:00
Christophe Simonis 14815d669f [FIX] attachments: filestore use dbname instead of dbuuid 
bzr revid: chs@openerp.com-20140117161424-i1ggvzawkjrabbwc
 2014-01-17 17:14:24 +01:00
Christophe Simonis a45b2c6b90 merge upstream 
bzr revid: chs@openerp.com-20140117092206-ha47ryhjc4ph50nl
 2014-01-17 10:22:06 +01:00
Christophe Simonis c55079f112 [IMP] ir.attachment: active db storage by setting setting to "db" 
bzr revid: chs@openerp.com-20140116224058-v53fozipvi0obmq1
 2014-01-16 23:40:58 +01:00
Christophe Simonis 45d24fd92b [FIX] ir.attachement: typo s/config_paramater/config_parameter/ 
bzr revid: chs@openerp.com-20140116214722-4804mskx7c21ikk5
 2014-01-16 22:47:22 +01:00
Christophe Simonis 3275de5981 [IMP] ir.attachment: filestore is now in data-dir and by default 
bzr revid: chs@openerp.com-20140116185415-ajia02bsty9joox7
 2014-01-16 19:54:15 +01:00
Thibault Delavallée ab5c23079a [MERGE] Sync with trunk, solved conflicts. 
bzr revid: tde@openerp.com-20140116091716-zk1n5ots94i65io5
 2014-01-16 10:17:16 +01:00
Denis Ledoux 05aab83eb1 [MERGE] Forward-port of latest 7.0 bugfixes, up to rev. 9743 revid:qdp-launchpad@openerp.com-20140108160719-9i8xhrat49cn9l5e 
bzr revid: chs@openerp.com-20140107141524-xzz39a2ym66swr0t
bzr revid: chs@openerp.com-20140107172248-zic9mqg0rigy2czb
bzr revid: chs@openerp.com-20140108160418-ph17jgy5hlejj9hr
bzr revid: dle@openerp.com-20140108171400-8r0fwv3wi36w2im0
 2014-01-08 18:14:00 +01:00
Thibault Delavallée 7a72d858cb [MERGE] Sync with trunk 
bzr revid: tde@openerp.com-20140103151324-jk0u8vmrxxomy5vx
 2014-01-03 16:13:24 +01:00
Denis Ledoux 20be322c45 [MERGE] Forward-port of latest 7.0 bugfixes, up to rev. 9684 rev-id: dle@openerp.com-20131209145652-3g9rgnfz1w8k0whw 
bzr revid: chs@openerp.com-20131202105848-33gcz1715w370rve
bzr revid: dle@openerp.com-20131204150643-is3y0b9n8enh3yql
bzr revid: chs@openerp.com-20131206152726-pirikn7v8pev90ic
bzr revid: dle@openerp.com-20131206162437-b9niay99mirk44qm
bzr revid: tde@openerp.com-20131209102019-kjeg0rx2au1d5e5v
bzr revid: dle@openerp.com-20131209155721-589zihxx8jmvlpvp
 2013-12-09 16:57:21 +01:00
Denis Ledoux fb90e7d572 [FIX]ir_attachement: not self.pool.get(model) instead of model not in self.pool 
bzr revid: dle@openerp.com-20131206173602-no831oxc6m1kf6lu
 2013-12-06 18:36:02 +01:00
Denis Ledoux 4669f05406 [FIX] ir_attachement: search, if the model of the ir_attachement has been removed, the search ignore the attachement. 
bzr revid: dle@openerp.com-20131206162314-vjpgtag8qhkl1jhk
 2013-12-06 17:23:14 +01:00
Christophe Matthieu 8460122209 [MERGE] sync with trunk 
bzr revid: chm@openerp.com-20131202150856-fzrfcoa8pmsjutau
 2013-12-02 16:08:56 +01:00
Denis Ledoux 6fd552c3ce [MERGE] Forward-port of latest 7.0 bugfixes, up to rev. 5139 rev-id: dle@openerp.com-20131121132305-qjlclgz5v9tze1fr 
bzr revid: odo@openerp.com-20131120102545-2tlp031yib6viz35
bzr revid: chs@openerp.com-20131120161708-c8sbom592moukwxw
bzr revid: dle@openerp.com-20131121155457-lh7fzouk2upeiu16
 2013-11-21 16:54:57 +01:00
Xavier Morel 8e78b40e6a [MERGE] from trunk 
bzr revid: xmo@openerp.com-20131115132553-9eqxggih8be63i36
 2013-11-15 14:25:53 +01:00
Denis Ledoux b7988bcc5a [FIX] ir, ir_attachement: traceback if try to create attachement without res_id, caused by check access rights trying to check if the user had the right to read the object with a res_id 0 
bzr revid: dle@openerp.com-20131119140246-r8dd7h0di4aigjss
 2013-11-19 15:02:46 +01:00
Denis Ledoux 0cf57bdee2 [MERGE] Forward-port of latest saas-1 bugfixes, up to rev. 8800 rev-id: dle@openerp.com-20131031162241-goga1hsvwgyqigzd 
bzr revid: chs@openerp.com-20131031142325-vo84hk5co2e2phg0
bzr revid: dle@openerp.com-20131031143133-wfus2hag57e73by2
bzr revid: dle@openerp.com-20131031162928-8gpom1ralccy07uc
 2013-10-31 17:29:28 +01:00
Christophe Simonis 82211b1ac2 [MERGE] forward port of branch 7.0 up to revid 5113 launchpad_translations_on_behalf_of_openerp-20131031054724-b9dbttdcrl9eccwr 
bzr revid: chs@openerp.com-20131025103657-pbnqhw11mygyi5jn
bzr revid: chs@openerp.com-20131031142125-7bm00z2jpccf3v6f
 2013-10-31 15:21:25 +01:00
Martin Trigaux e2d6786bc1 [FIX] ir_attachment: fix security issues on ir_attachment 
check: verify the permissions even when no ids are passed (skipped permission checking for create)
create: verify has the write access on the related model (instead of create, was not checked anyway)
function field: execute the write in fnct_inv as superuser (was impossible to have creation without write access)

bzr revid: mat@openerp.com-20131030084408-t857gl7d4lkbrj5p
 2013-10-30 09:44:08 +01:00
Martin Trigaux 15905e78c5 [FIX] ir_attachment: fix security issues on ir_attachment 
check: verify the permissions even when no ids are passed (skipped permission checking for create)
create: verify has the write access on the related model (instead of create, was not checked anyway)
function field: execute the write in fnct_inv as superuser (was impossible to have creation without write access)

bzr revid: mat@openerp.com-20131029171420-x87wu7ph8ej7mtro
 2013-10-29 18:14:20 +01:00
Thibault Delavallée 97f164ba99 [MERGE] Sync with trunk 
bzr revid: tde@openerp.com-20131028163325-2hpks3hp23zop40n
 2013-10-28 17:33:25 +01:00
Olivier Dony 77caeeeba5 [MERGE] Forward-port of latest 7.0 bugfixes, up to rev. 5101 rev-id: odo@openerp.com-20131016105812-844cd9xljvkjwtm3 
bzr revid: odo@openerp.com-20131016110621-36vvlpn8dgsabyt1
 2013-10-16 13:06:21 +02:00
Olivier Dony 06b2ce213c [FIX] document: overridden ORM methods need to respect API idiosyncrasies, otherwise check() calls may fail 
bzr revid: odo@openerp.com-20131016105812-844cd9xljvkjwtm3
 2013-10-16 12:58:12 +02:00
Olivier Dony 54f740960e [MERGE] Forward-port of latest saas-1 bugfixes, up to rev. 4912 rev-id: odo@openerp.com-20131016110621-36vvlpn8dgsabyt1 
bzr revid: odo@openerp.com-20131016111800-jjybreg62bwz61zn
 2013-10-16 13:18:00 +02:00
Fabien Pinckaers 29326cd993 [IMP] Add file='...' on <field> tags + [FIX] forced noupdate 
bzr revid: fp@openerp.com-20130922093113-80p3pig45qbm7lsn
 2013-09-22 11:31:13 +02:00
Denis Ledoux a3f57cd43b [FIX]ir_attachement: if res_id = 0, allow to read if allowed to read model 
bzr revid: dle@openerp.com-20130724130936-u1payhg18hcssj0z
 2013-07-24 15:09:36 +02:00
Thibault Delavallée ac791818e0 [MERGE] [CHERRYPICK] Backport of revision 4879 of saas-1 branch. 
[FIX] ir_attachment: in check, values could coutain a
False res_model; no need to check self.pool[False], obviously. We consider void attachments
as being accessible, because no related document exists.

lp bug: https://launchpad.net/bugs/1171457 fixed

bzr revid: tde@openerp.com-20130530142608-jgu1y7175q8hjkt5
 2013-05-30 16:26:08 +02:00
Thibault Delavallée 98bce97f27 [FIX] ir_attachment: in check, values could coutain a 
False res_model; no need to check self.pool[False], obviously. We consider void attachments
as being accessible, because no related document exists.

Hint: backport me in 7.0

lp bug: https://launchpad.net/bugs/1171457 fixed

bzr revid: tde@openerp.com-20130530142015-rgpf7jw4x34yhoet
 2013-05-30 16:20:15 +02:00
Raphael Collet 05851d21ba [MERGE] from trunk 
bzr revid: rco@openerp.com-20130411073017-x6e4h8xbvmy3ofdw
 2013-04-11 09:30:17 +02:00
Raphael Collet 09be864f1d [IMP] replace all tests like 'registry.get(X)' by 'X in registry' where X is non static 
bzr revid: rco@openerp.com-20130329140723-dnrl02saky570xg0
 2013-03-29 15:07:23 +01:00
Olivier Dony 3cb01bd596 [FIX] ir.attachment: fix drunken commit 4814 
bzr revid: odo@openerp.com-20130131145348-00yngxmjfy2eforj
 2013-01-31 15:53:48 +01:00