Changes in website's ir_http#_handle_exception():
- exception is mandatory, can't be None anymore
- we don't touch non website_enabled requests
- we don't touch explicits plain responses from parent
- logic flow is now easier to read (I hope so)
Change in website's ir_http#_dispatch():
- In case of real 404, instead of returning self._handle_exception(),
just let parent do the job (so we call super())
In t-field, datetime fields (formatted and not formatted versions) are
converted to the context/user's timezone (through
fields.datetime.context_timestamp) when displayed, but were saved without
converting back so the next display would go forward (or back) of the user's
tzoffset.
Fix that by applying context_timestamp's conversion backwards, from the
context/user's timezone back to UTC, before saving the field's value.
[FIX] mass_mailing, website: fixed unsubscription link, fixed mobile preview of email designer crashing because of the redirection not taking search parameters
The @groups attribute in qweb views was not rendered (even when matched by the
user), so editing a template with an @groups would either remove the whole
section (if the user didn't have the groups, fixed in previous commit) or only
removed the attribute itself making it visible to everybody (which ought be
fixed-ish by this commit).
If the current view uses @groups attributes (possibly in called templates),
the corresponding elements are rendered to a void (empty string in qweb). If
said user can edit the page, does so and saves a view section in which there's
a @groups to which he has no access, the element[@groups] is completely
removed from the template once saved, losing it.
If QWeb encounters an @groups to which the current user has no right during
rendering, have it request a no-RTE page, so the user can not RTE-edit the
page (or drop snippets in it).
If website is installed but not used/enabled for the current controller,
overridden methods like _get_converters will *still run* for the controller's
dispatch.
This means a ModelConverter used in a controller with website installed but
not enabled will use website.models.ir_http.ModelConverter, not
base.ir.ir_http.ModelConverter, and base's args postprocessing will *not* be
able to convert the placeholder object to a real UID, only website's
postprocessing can do so.
And as far as I can see there's no reason to skip the URL building validation
either, only the multilang stuff relies on and requires that the controller be
website enabled (and in fact that it be multilang enabled), so only *that*
should be gated behind a flag.
Also always call super(), there's no reason not to and others might add args
to postprocess on base rather than website, ending up after website in the
MRO.