View validation accounts for a fair cost of module installation, most of
that is spent checking for view validity, and a significant fraction
of *that* is spent reading the validated view from the DB.
Turns out _check_xml requested *all* view fields even though it needed
none of them save for the arch. Specifying fields to read_combined
rather than fetching all fields seems to result in a ~30% speedup of
_check_xml (under line_profiler). Most of the rest is spent fetching
sub-views (in get_inheriting_view_arch), I don't know that it can be
improved without hand-crafting a fairly complex SQL request.
To distinguish two ir.attachment 'File Content', we base it on the file
size (this I imagine is for efficiency).
This is done by setting bin_size in the context. Doing this, the
returned db_datas field will be the file size of the converted to base64
content (if no filestore).
But this size is returned in string format, so "get_nice_size" (in
openerp/osv/fields.py) which gets this size calculates the length of the
string. e.g: if the size is '2142' get_nice_size will return 4.
This fix solves this by converting the string to an integer, thus
unifying it with the filestore case (where we use os.path.getsize which
return an integer).
Also, the field presenting the issue (FieldBinaryFile) has been changed
so it is always updated even if the size is the same (as it was already
done by 3632949 for FieldBinaryImage widget).
closes#7223
opw-643071
When a record is created with a field property of type integer or float equal to 0, there is
no record created in ir_property for this field. Then for a search of a record with this type of
field equal to 0, it must match all the records that have no corresponding property in the table
"ir.property" for this field.
ps: in 7.0, the function search_multi doesn't exist and the bug linked to cost price
doesn't happen because it's a float field.
opw:639746
When receiving goods with average price set as costing method,
for a move from another company than the SUPERUSER_id company,
the average price updated was the one from the SUPERUSER company
instead of the one of the move.
opw-634167
In commit 04ba0e99, we introduced an optimization for reading inherited fields
in a single query. There is an issue when you have more than one level of
`_inherits`. The query looks like:
SELECT ...
FROM table0, table1 AS alias1, table2 AS alias2
WHERE table0.link0 = alias1.id AND table1.link1 = alias2.id AND ...
^^^^^^
should be alias1
This fixes the issue, and adds a test to reproduce it. The fix is based on
@emiprotechnologies's own proposal, but is cleaner and does not break APIs.
When importing a CSV file with an "id" column containing
external IDs (XML IDs), the system automatically creates
or updates the corresponding ir.model.data entries.
This would fail for regular users who do not have
create/write access on this internal model.
When searching if a many2one property field is not set, there may be less
results since only the ones with a reference set to NULL are returned.
We should also get those not in the table.
This commit change this case so instead of returning ['id', 'in', {matching non-set ids}],
the ['id', 'not in', {matching set ids}] is returned.
e.g: if (1, 3, 8) are set, (5, 9) are not set. ['id', 'not in', (1, 3, 8)] would
be returned instead of ['id', 'in', (5, 9)] which might not select all non-set
property fields.
closes#6044
opw-631057
The ir.ui.view.graph_get() method depended on the natural
semi-random order of Python dict keys in the _columns dict.
When the number and/or names of the _columns happened to
yield the o2m field of the "incoming transitions" *before*
the "outgoing transitions" of the "Node model"
(e.g. workflow activity), it would swap the incoming and
outgoing transitions fields around, causing a crash later
in the `tools.graph.process` method (currently an infinite
loop in the `tree_order()` method of tools.graph.py).
Closes#3614
Fixes https://bugs.launchpad.net/openobject-server/+bug/1316948
opw-633765
The defaults of ir.values depends on the user company, but there is no
cache invalidation when the company of a user change.
This fix adds the clearing of the default's cache in this case.
Closes#6339
opw-629979
When updating translations, the source (`src`) is irrelevant for
`field` and `help` translations. Theses translation types are only
matched through their `name`.
In the small cases where utf-8 is not escaped in the CSS of a module*, an error
could happen when breaking minified CSS on multiple page (for IE9).
For the issue #5050
*currenlty for 8.0 : https://gist.github.com/nle-odoo/e353b22f89031ced21a5
On internet explorer 6, 7, 8 and 9, the limit of CSS rules in a stylesheet is
4095 (http://blogs.msdn.com/b/ieinternals/archive/2011/05/14/10164546.aspx).
This commit breaks down a CSS bundle in several pages for these IE versions.
To do this, the CSS tag added is of the kind : /web/css.0/{xmlid}/{version} in
which there is:
- the whole CSS if there is no more than one page,
- a list of @import pointing to the multiple pages.
note: if a modification lowers the number of page, an old page may stay in
ir_attachment (e.g: go from 4 to 3 pages, the old 4th page of another version
will not be deleted untill the number goes again up to 4).
Note: the method css(self) previously returned an unicode variable (the first
time) or an str variable (the following times, if already cached), the fix
also correct this so an str variable is always returned.
fixes#5050
opw-627116
fails due to ir.config_parameter permission
At rev. 80017b04c2
ir.config_parameter model has been restricted to employees
Getting parameter from this model should therefore
be done as SUPERUSER_ID where the uid could
be a user which is not an employee.
Closes#5280
This rev. is related to eb9113c04d
if a model or a resource id is not defined on an attachment
restrict access to employees only if the creator
of this attachment is not the current user.
So non-employees can access their attachments without
models/resource id, which includes attachment of
discussions threads.
Fixes#4309Closes#4310
Special case for binary attachments with an url, when there is no data
to serve. If the attachment name is an url, redirect to this url,
otherwise return a 204 HTTP error.
When going to logged calls through opportunities,
and no logged calls were listed,
the mail alias of opportunities was displayed
within the placeholder help message,
wrongly, as we were in the logged calls list.
This was due to a context propagation, due
to have defined empty_list_help_* keys within
window actions. It was the case in several
modules.
Besides, we do not find the usefulness of the
custom_context passed to the get_empty_list_help
method: indeed, none of the methods get_empty_list_help
overriden in modules need any other keys than
'default_type', which do not require an evaluated
context.
We therefore remove the whole code regarding this
custom_context, and we therefore get rid of this
useless context evaluation thing within one of
the most accessed method of the web client.
opw-630673
Due to a compatibility problem between the new API
implementation and the @ormcache decorator, the
context parameter of ir.attachment._filestore()
was dropped at rev. 0beb14f0d2
However the need for caching this method has
disappeared in Odoo 8 (it used to require a
DB query). So it is even better to drop the
@ormcache decorator altogether, and keep the
context parameter.
This avoids a useless change of method signature,
even if that was on a private method.
Make sure pass a list of ids instead of a single id to write calls.
Some models (e.g. blog.post, fixed at 12fc5ea) are assuming that it got a list
of ids and is not checking the type.
Always pass a list of ids as it's the expected format for the orm.
Commit 540b753bf8 introduced
support for resources stored as ir.attachment records in
asset bundles too.
This is specifically useful for customizations.
However the HTTP route for reaching those resources
when they are *not* in a bundle was originally created
in the `website` module (as a special handling for
404 requests)
This means that these dynamic resources would only
be partially supported when `website` is not installed,
causing various problems:
- missing resources in debug mode where bundles are skipped
- errors when trying to define new client-side Qweb templates
via XML resources - which are loaded with a direct request
- ...
This commit moves back the supporting code to the web module.
The `mimetype` column is not present in ir.attachment without
the `website` module, but sniffing it based on the attachment
name works fine at serving time too.
Closes#6002
The implementation of `ormcache` does not work on methods that take a `context`
parameter. Because of the decorator `decorator`, the arguments of the call are
passed positionally to the method `ormcache.lookup`, and positional arguments
are used in the cache key.
The fix consists in removing the `context` parameter from the faulty methods,
either directly, or by caching a private method called by the public method.
Since revs 53582c2ea6 & f65c913027,
this was no more possible for portal users to read groups
on purpose, for privacy reasons.
fields_get of res.users model is overriden, for
the access rights form view features
(The groups selections and checkboxes).
At each call to fields_get, which happens at each call
to fields_view_get on the res.users model, operations are
done on the model res.groups (basically, to
build the selection groups and checkboxes). So,
each time a view of model res.users is displayed,
whatever the view, operations on res.group model were performed.
The thing is, these operations on res.groups
are actually needed only for the user access rights
view, or at least only for users having the group
Administration > Access rights. These group operations
aren't needed for the preferences view, nor for portal users.
We therefore avoid to do these if the user is not part of the
Administration > Access rights group, which lead to
performances improvment, and solves the fact
portal users couldn't access their user preferences view.
opw-627391
The mappings model._all_columns takes quite some memory (around 2MB per
registry) because of the numerous dictionaries (one per model) and inefficient
memory storage of column_info. Since it is deprecated and almost no longer
used, it can be computed on demand.
The ormcache is now shared among registries. The cached methods use keys like
(DBNAME, MODELNAME, METHOD, args...). This allows registries with high load to
use more cache than other registries.
When a `noupdate` record is processed during an update,
the update_dummy method marks the record as "seen" so
it won't be deleted at the garbage collection step,
and seen as an obsolete external ID.
This needs to be done also for the parent records via
_inherits, because they have also received an implicit
external ID at creation, and must not be garbage
collected, even if their `noupdate` flag (db side)
is not set because the flag was added later.
This rare problem could be reproduced by creating a product
in a module, then referencing it in e.g. a sales order,
then updating the module after changing the product
record to be in a `noupdate` block.
At the end of the update the implicit product.template
record would be garbage collected, and trigger a cascade
deletion of its children - blocked by the SO reference
to the product.
The invalidation in registry was done only if the field's model was already in
registry. This situation is not the case when you create a custom model with a
custom field.
When deleting a server action, its fields_lines were not deleted.
It causes an issue for example in this case:
Create a new custom field on any model
Create a server action with
Action To Do: Write on a Record
Base model: model of the custom field
Add a line in the value mapping,
using the custom field you just created
Delete the server action
Delete the custom field => Throws an error because
required field col1 is not defined
on the ir_server_object_lines object
It's always dangerous because (cascade-)deleting workitems
has a great chance of killing the workflow instances they
belong to, putting the records in the workflow limbo
permanently. (They will appear stuck as they don't have
enough workitems anymore)
In addition, in some rare cases a subflow activity is
converted into a regular activity during an update, and
nullifying the `subflow_id` column is all there is to
fixing the corresponding workitems. It will simply take
them out of their subflow, and back into the main flow.
This is the case for the modification of the purchase.order
workflow in Odoo 8 (saas-5), for the picking subflow.
For public-facing HTML content provided by the user,
`<style>` tags and `style` attributes should be stripped
automatically, as they can easily be abused to deface
pages for abusive users and spammers.
<style> tags were already stripped, the optional `strip_style`
for fields.html enables the automatic stripping of style
attributes.
This is opt-in because custom style attributes are still
desirable in trusted HTML fields.
As custom views validation is done while `self.pool._init` is set,
filter on currently loaded modules was still applied.
As a side effect, only one custom view per base view was validated.
In case this view is depending on another custom inherited view, the
validation failed.
Now force loading all views when validating custom views.
While `apply_inheritance_specs` apply most of its changes inplace, it may
completely replace the `arch_tree` if the root node is replaced.
This new root node wasn't used for `primary` views that inherit from
another.
When the ORM is cleaning up related attachments upon record deletion, the
search() method hides the attachment of the record that is being deleted.
If the same file is used exactly once in another attachment, the reference
count will be 1 and the file will be deleted.
- Translations lookup normally uses the namespace of the current
QWeb template, after merging all inherited views.
But when a QWeb template is "cloned" by a child view using
inheritance with `primary` mode, the translations are more
likely to exist for the original (parent) template, and would not
be found when using only the "child" namespace.
This patch adds support for looking up each translation
also in the parent namespace in this case, if none was found
for the child template in the first place.
- ir.translation's _get_source() now supports a list of res_id
to search for, in addition to a single res_id
- Also moved the logic of routes /website/customize_template_get
and /website/get_view_translations to the ir.ui.view model where
it belongs.
opw: 615241
Closes#5325
This was due to secondary fields loaded from database in 'onchange' mode. In
that mode, the secondary fields were marked 'dirty', and therefore returned by
the method `onchange`. The fix consists in loading those secondary fields in
cache before processing the onchanges.
This incidentally fixes a test on method `onchange`: in a one2many field, some
dirty fields were unexpectedly returned in the result. This was due to those
fields being loaded while processing onchanges.
Column `name` is required in ir.actions, and thus
automatically required in subclasses such as `ir.actions.act_window`
and `ir.actions.act_url`, due to the specific PostgreSQL inheritance
mechanism. Mark it so in the model to make it explicit.
This does not change the database constraints, as they should already
be set though inheritance.
Closes#4861
When you change the country of your company, each field of a company address keeps
its attrs. This is why the company address stays on readonly when use_parent_address
is checked.
Closes#4808
opw: 627033
When you change the country of your company, each field of a company address keeps
its attrs. This is why the company address stays on readonly when use_parent_address
is checked.
Closes#4808
opw: 627033
This fixes a bug introduced by commit f650522bbf
(related fields should not be copied by default). Inherited fields are a
particular case, and given the implementation of copy(), they must be copied if
their original field is copied.
The test on copy() in test_orm has been modified to show the bug.
The creation of a country is not something to create at flight !
The impact could be bigger that what people was expected (no accounting configured, ...).
The bad manipulation is more often the responsible, eg 'Belgium ' was creating a new country with a trailing whitespace, while the user didn't see the difference and use both country withtout making the diff.
In currencies, advanced search with "equals" or "not equals" on rates
was not possible for something else than a date, in server format (crash).
This is because the name field of the model res.currency.rate is a date
This is now possible to search rates with just a float and the equal operators,
it returns currencies which are having at least one rate set to this float value
This is also possible to search rates with the equal operators with a date in
user (context) date format.
If the variable was existing outside the context of the ``foreach``,
the value is copied at the end of the foreach into the global context.
Fix#4461 - Q74531 - Q71486 - Q71675
Acting as a mailing-list-like distribution system, the system used
to set the enveloper sender (aka bounce address) to the From header
of the message, effectively pretending to be the original sender.
In some cases the domain of the From header explicitly forbids
sending emails from external systems (e.g. with a hardfail SPF
record), so this could cause the email to be rejected by some
spam filters, depending on their policies.
The system will now use a local bounce address in the form:
mail-catchall-alias@mail-catchall-domain
or, if no catchall is configured:
postmaster-odoo@mail-catchall-domain
(as soon there is a mail.catchall.domain configured)
It will only fallback to using the From header when no
catchall domain is configured.
Fixes issue #3347.
Closes#3393.
When a stale XML ID exists in the database, `_update_dummy()`
must consider it as missing entirely, and the next call
to `_update()` will take care of cleaning up the old XML ID.
Failing to do so for `noupdate` records means the `_update`
will never happen, and as soon as another record is created
or updated with a relationship to that stale XML ID, it will
plainly crash the installation/update.
Debian does not allow fetching data from external website at runtime.
This fixes the privacy-breach-generic lintian warnings for Debian packaging.
The removed youtube url was a dead link...
[IMP] base: safer locking at user login
When a users connects, a lock is taken on the res_user table to modify the last login date. If another running transaction uses a foreign key to res.users (e.g. write_uid column), postgres may detect the update as a concurrent update and rollback the transaction.
In pg 9.3, the lock_strength parameter 'NO KEY' allows a weaker lock which is less likely to break another transaction.
Fixes#552
These revs. introduced an API change in the _name_search method.
Indeed, the 'operator' attribute used to have 'ilike' as default value.
This cannot be changed, as every modules overriding this method
overrided it using the signature with operator='ilike'
For instance, _name_search method of addons/base/ir/ir_model.py
expects having 'ilike' as operator.
As it was not anymore the case,
it leaded to a crash when performing a name_search call on the model ir.model,
like when adding a new custom field to a model, from the web client.
opw-626161
As entering a wrong value in the grouping field of res.lang,
for instance '[,]', leads to an unavailability of the web interface,
We add a constraint to prevent entering wrong values.
Issue was the propagation of contextual values across actions, more
precisely conserving the selected fiscal year when selecting an account
from the chart of accounts tree view: the chart of accounts tree view is
generally opened for a specific fiscal year, and it seemed sensible that
opening an account would show only the journal items for the previously
selected fiscal years rather than all items ever.
PR #649 altered action.read by tentatively evaluating the action's
context, however this has the side-effect of providing evaluated
contexts when creating or editing actions via the UI, usually breaking
them in the process (as the context at this point is basically
nonsensical for the action's purpose).
This backs out the previous fix, and creates a fix restricted to the
tree view's JS (thereby removing the feature for window actions not
invoked from a tree view).
closes#4677, closes#4690
If a view inherits from another with a different model (typically
product.product view inherits from product.template view), the terms from
the second view were not translated.
Checking on the parent view in case of different model and look up the terms
on this model.
Fixes some of #1755, opw 621512
The image of a contact of a company was wrongly resized.
Use image_small instead of image for correct ratio (anyway 48x48px).
Remove image_preview as always use image_small (was wrongly positioned and
considered as cache attribute, getting '&cache=NaN' urls...)
opw 593992
Revert "[FIX] ir_translation: remove control characters from translations"
This reverts commit 6d4e1cc73e.
This was intended to clean malformed translations but it introduced the side
effect of removing all '\n' in translations.
Fixes#4092, opw 619175
Revert edbd0df
Instead of removing the demo data (demo data is our friend), make the test more
specific, adding a date to match the rate of 1.5289 all year long.
Old demo data hardcoded the currency rate of USD to 1.5289 at the half
of the year, introducting new year red runbot.
Using assertAlmostEquals to avoid values like 32.730000000000004
Loading views for custom models from module data files was not possible because
custom models and fields were introduced into the registry after all modules
were loaded. As a consequence, the view architecture did not pass the checks.
This patch takes a different approach: custom models and fields are loaded
early on in the registry, so that views can be validated. The trick is to take
special care of relational custom fields: we skip them if their comodel does
not appear in the registry. This allows to install and upgrade modules that
create/modify custom models, fields and views for them.
Translations are not transfered from temporary table tmp_ir_translation_import
to ir_translation if translation already exists (using `find_expr`).
In case of import of QWeb terms (name = 'website'), the criteria was too weak,
finding already present terms in translations for different modules.
e.g. term "Quantity" is already present in a QWeb view from sale module and was
not imported for the translations of the website_sale module.
Fixed by adding the filter criteria 'irt.module = ti.module'
In case QWeb translations for the same term in the same modules were added in
two imports (second term added in the future), the second was still ignored.
Changed condition to check the res_id for views as well.
Fixes#4239