Authentication modules are supposed to override res_users.check_credentials()
in order to plug in their own mechanism, without actually modifying the
behavior of res_users.check(), res_users.authenticate() or
res_users._login().
auth_openid was incorrectly overriding check() instead of
check_credentials(), and unnecessarily accessing private
attributes of res_users. Fixing the implementation of auth_openid
to follow the API means we can completely make those attributes
private.
The field display_name is present in account_report_company but not in base
on the res.partner (has been added in v8 in base).
Create a hook method to keep using the slow CASE in base and switch to the
faster display_name when installing account_report_company.
In commit 44f2c8d54 we unified the return value of the function to int,
but it seems the returned size could be None which is not a valid input
of the int() built-in function.
To distinguish two ir.attachment 'File Content', we base it on the file
size (this I imagine is for efficiency).
This is done by setting bin_size in the context. Doing this, the
returned db_datas field will be the file size of the converted to base64
content (if no filestore).
But this size is returned in string format, so "get_nice_size" (in
openerp/osv/fields.py) which gets this size calculates the length of the
string. e.g: if the size is '2142' get_nice_size will return 4.
This fix solves this by converting the string to an integer, thus
unifying it with the filestore case (where we use os.path.getsize which
return an integer).
Also, the field presenting the issue (FieldBinaryFile) has been changed
so it is always updated even if the size is the same (as it was already
done by 3632949 for FieldBinaryImage widget).
closes#7223
opw-643071
When importing a CSV file with an "id" column containing
external IDs (XML IDs), the system automatically creates
or updates the corresponding ir.model.data entries.
This would fail for regular users who do not have
create/write access on this internal model.
The ir.ui.view.graph_get() method depended on the natural
semi-random order of Python dict keys in the _columns dict.
When the number and/or names of the _columns happened to
yield the o2m field of the "incoming transitions" *before*
the "outgoing transitions" of the "Node model"
(e.g. workflow activity), it would swap the incoming and
outgoing transitions fields around, causing a crash later
in the `tools.graph.process` method (currently an infinite
loop in the `tree_order()` method of tools.graph.py).
Closes#3614
Fixes https://bugs.launchpad.net/openobject-server/+bug/1316948
opw-633765
When updating translations, the source (`src`) is irrelevant for
`field` and `help` translations. Theses translation types are only
matched through their `name`.
fails due to ir.config_parameter permission
At rev. 80017b04c2
ir.config_parameter model has been restricted to employees
Getting parameter from this model should therefore
be done as SUPERUSER_ID where the uid could
be a user which is not an employee.
Closes#5280
This rev. is related to eb9113c04d
if a model or a resource id is not defined on an attachment
restrict access to employees only if the creator
of this attachment is not the current user.
So non-employees can access their attachments without
models/resource id, which includes attachment of
discussions threads.
Fixes#4309Closes#4310
Since revs 53582c2ea6 & f65c913027,
this was no more possible for portal users to read groups
on purpose, for privacy reasons.
fields_get of res.users model is overriden, for
the access rights form view features
(The groups selections and checkboxes).
At each call to fields_get, which happens at each call
to fields_view_get on the res.users model, operations are
done on the model res.groups (basically, to
build the selection groups and checkboxes). So,
each time a view of model res.users is displayed,
whatever the view, operations on res.group model were performed.
The thing is, these operations on res.groups
are actually needed only for the user access rights
view, or at least only for users having the group
Administration > Access rights. These group operations
aren't needed for the preferences view, nor for portal users.
We therefore avoid to do these if the user is not part of the
Administration > Access rights group, which lead to
performances improvment, and solves the fact
portal users couldn't access their user preferences view.
opw-627391
It's always dangerous because (cascade-)deleting workitems
has a great chance of killing the workflow instances they
belong to, putting the records in the workflow limbo
permanently. (They will appear stuck as they don't have
enough workitems anymore)
In addition, in some rare cases a subflow activity is
converted into a regular activity during an update, and
nullifying the `subflow_id` column is all there is to
fixing the corresponding workitems. It will simply take
them out of their subflow, and back into the main flow.
This is the case for the modification of the purchase.order
workflow in Odoo 8 (saas-5), for the picking subflow.
When the ORM is cleaning up related attachments upon record deletion, the
search() method hides the attachment of the record that is being deleted.
If the same file is used exactly once in another attachment, the reference
count will be 1 and the file will be deleted.
When you change the country of your company, each field of a company address keeps
its attrs. This is why the company address stays on readonly when use_parent_address
is checked.
Closes#4808
opw: 627033
In currencies, advanced search with "equals" or "not equals" on rates
was not possible for something else than a date, in server format (crash).
This is because the name field of the model res.currency.rate is a date
This is now possible to search rates with just a float and the equal operators,
it returns currencies which are having at least one rate set to this float value
This is also possible to search rates with the equal operators with a date in
user (context) date format.