Authentication modules are supposed to override res_users.check_credentials()
in order to plug in their own mechanism, without actually modifying the
behavior of res_users.check(), res_users.authenticate() or
res_users._login().
auth_openid was incorrectly overriding check() instead of
check_credentials(), and unnecessarily accessing private
attributes of res_users. Fixing the implementation of auth_openid
to follow the API means we can completely make those attributes
private.
This regex is used for a quick sanity check of
the order_spec in `search(order=<order_spec>)`.
Because it was build on the repetition of a
group ending with a series of optional patterns,
it could cause expensive backtracking when the
order spec did not actually match the regex
(the regex engine was trying all possible ways
to split the groups)
Forcing the repeating group to either end
with a comma or the end of the string prevents
prohibitive backtracking, while being even
more restrictive with regard to the syntax of
the order spec.
Closes#7755
The unticked option in Sales settings "Prepare invoices based on task's activities" doesn't
have to uninstall the options "Record timesheet lines per tasks" and "Generate tasks from sale orders"
in Project settings.
When "Prepare invoices based on task's activities" is unticked, this fix avoid to uninstall these options each
time we go to Sales settings because "onchange_task_work" is triggered each time we go to Sales settings.
opw:645833
Switch to system random as number generator instead of the
default PRNG, which is not recommended for generating
security-related values such as unique tokens.
(Complements parent commit)
Closes#7761
Switch to system random as number generator instead of the
default PRNG, which is not recommended for generating
security-related values such as unique tokens.
Closes#7761
Commit 856bc6f2b1
may cause an issue if the auth_crypt module
is loaded before the base module. That should never
happen in normal circumstances, but forcing an
explicit import does not hurt and makes it safer.
Closes#6742
A jquery selector $('td[id^=]') may have been valid once uppon a time,
but it cause error on current jquery versions.
Also in some case when we want to add a field on a view, there may be
a mess to detect the parent.
opw-645557
The commit 312b85e added a reloading of the chatter messages after
closing the mail composer. But e.g in Messaging > Inbox a simple reload
isn't enough. For now this commit restrict the reload to chatter logs
(e.g the chatter of a quotation).
related to PR #7596
In order to fix Python bug https://bugs.python.org/issue16041
a maximum line length was introduced in poplib when reading
email contents from the POP3 server.
That limit is set to prevent DoS attacks via malicious POP3
servers.
The default limit (2048) seems to be too low for emails
commonly found on the internet, retrieved via POP3 from
popular mail services such as GMail, Hotmail, etc.
(The POP3 servers might send back the lines verbatim
without splitting them up)
This is discussed in follow-up Python bug
https://bugs.python.org/issue23906.
Workaround implemented by forcing a higher default limit
to accomodate POP3 responses with lines up to 64KB.
Comments in .po(t) files for translations of type "code" (e.g. field labels)
specify the path to the file containing the translation. This path should be
OS-independent to get the same result whatever the plateform the instance is
running on.
Closes#7561
Always reload the message after the mail composer message is closed.
Since there is several unrelated model it would probably messy to go
from the mail thread to the mail composer popup to see if a new message
is posted (or get it and add it in the chatter like done in the simple
message editor).
With this change, anytime the mail composer modal is closed the mail
thread messages are reloaded.
closes#7596
opw-644406
There is no easy way to edit the values sent
to newly generated users from oauth_signup.
In some cases,
the mapping from an oauth provider can be different.
* ex: login is something other than email
In other cases,
there are additional fields in res_users added by a module
* ex: firstname and last name in `partner_firstname`
This factorization allows modules inheriting from `auth_oauth_signup`
to alter values sent to the copy of Template User.
This means smaller changes to the default behaviour
and the ability to properly inherit
(multiple times if needed)
this module without losing needed behaviour.
Closes#2355
Method action_produce does not support the case where the same product appears
on multiple lines. We do this to avoid major changes in a stable version.
opw-644093
A log analysis showed that the normalized query below was executed very often
with a slow explain plan using a seq scan.
```sql
SELECT move_id, date
FROM account_move_line
WHERE journal_id = <journal_id>
AND period_id = <period_id>
AND create_uid = <user_id>
AND state = 'draft'
ORDER BY id DESC LIMIT 0;
```
This query is called in the _default_get of account.move.line to find the last
unbalanced move line.
The existing index can be improved to cover this query as well, showing an
impressive improvement of the explain plan as explained here:
https://github.com/odoo/odoo/pull/7430#issuecomment-119521031Closes#7430
It is necessary to round the quantities with the appropriate precision. Indeed,
since onchange_quantity and onchange_uos_quantity trigger each other indirectly,
it is quite easy to fall in an infinite loop if the uom and uos precisions are
different.
Follows commit 6e346f0adb
opw-643651
To be consistant with the results of _get_stock. Otherwise search made on
stock_available may not display results with the same value than the search
criteria.
Fixes#3976
If 'Product UoS' has a higher precision than 'Product Unit of Measure', the
method onchange_uos_quantity will be called over and over by an infinite loop
if 'product_uos_qty' doesn't have the sufficient number of decimals.
opw-643651
When sending an email from mail.compose.message using a template, the system
should use the outgoing mail server associated to the template.
Introduce context hack to keep these values.
This should NOT to be forward ported to version 8 where a proper fix exists.
Fixes#3848
When duplicating analytic accounts, child accounts are duplicated as well.
The custom copy method removes the analytic lines but this applies only on the
first copy. As the copy_data method recursively copies child accounts, these
child accounts did not use the custom copy method but the basic copy_data.
Move to copy_data
Fixes#6368, lp:1149676
The field display_name is present in account_report_company but not in base
on the res.partner (has been added in v8 in base).
Create a hook method to keep using the slow CASE in base and switch to the
faster display_name when installing account_report_company.
In commit 44f2c8d54 we unified the return value of the function to int,
but it seems the returned size could be None which is not a valid input
of the int() built-in function.
Incoming shipments are marked red according to creation date which does
not really make much sense.
closes#1061
note: it was already like this in 8.0 with 201f1c323
Before this rev.,
if you define a carrier
- without advanced price rules
- with a normal price set to 0.0
- Free if more than amount unchecked
When you try to invoice a delivery order
(coming from a sales order with as invoicing policy
"on delivery order)
No grid was found, while there was one, with as price 0.0
Closes#1364