Since 31d817e, we rotate then session at login/logout.
Unfortunatly, `openerpframework.js` does not support session id change
at authentication and keep old one.
In order to keep compatibility with existing js clients (including 7.0
ones), we do not rotate the session at authentication.
Fixes#6948Closes#6949
return request.not_found crash with a internal error, because get_response
takes a environment as param.
Werkzeug Documentation:
Keep in mind that you have to pass an environment to get_response() because
some errors fetch additional information from the WSGI environment.
The `rotate` flag introduced by 31d817e849
was initialized at the very end of the session init, after
the reset of the `modified` flag.
This had the side-effect of marking the session as modified
for every request, saving the session to disk every time
even without any change.
Closes#6795
This fixes an issue in property `field.digits` that cannot find a valid cursor
to the database. Forcing the instantiation of an environment makes the cursor
retrievable.
When returning an HTTPException e.g. by calling ``request.not_found()``
which returns a ``werkzeug.exceptions.NotFound()``, the http system
would log a warning as HTTPException is neither a subclass of Odoo's
Response nor a subclass of werkzeug's BaseResponse.
Move the string response case about (for flow clarity), and convert
HTTPException instances to Werkzeug responses then fall into the normal
BaseResponse -> Response case to ultimately get an Odoo response object
out of the HTTPException instance.
Completes/improves fd6dde7ca
Because Werkzeug uses/provides flow-control exceptions via
HTTPException (which can be used as straight responses) they are used in
a few places of the web client, when triggering some redirections for
instance.
Breaking into the debugger for such mundane situations is surprising and
inconvenient for developers trying to debug actual issues in the system,
even though HTTPExceptions are by and large not error per-se, and
shouldn't warrant triggering post-mortem debugging.
So in the non-RPC dispatcher, don't post-mortem on HTTPException either.
The log level rec.request and rpc.response where no longer logged as
the webclient no longer uses XMLRPC but JSONRPC instead.
Duplicate the logging part from dispatch_rpc to dispatch method of JsonRequest
to add rpc logs when using JSON requests.
opw 617490
- sessions are now shared between series.
- use site data dir instead of user data dir if user has no home dir.
- in http and module handling, `data-dir` was used before being
initialized, using the default value instead of user input
(fixes#308, #904)
A squashed merge is required as the conversion of the apiculture branch from
bzr to git was not correctly done. The git history contains irrelevant blobs
and commits. This branch brings a lot of changes and fixes, too many to list
exhaustively.
- New orm api, objects are now used instead of ids
- Environements to encapsulates cr uid context while maintaining backward compatibility
- Field compute attribute is a new object oriented way to define function fields
- Shared browse record cache
- New onchange protocol
- Optional copy flag on fields
- Documentation update
- Dead code cleanup
- Lots of fixes
This gives JSONRequests a chance to return
a proper JSON-RPC result when an HTTPException
is raised downstream, instead of returning a
plain HTML 404 error.
Subclass detection didn't include the class itself if all it's subclasses
were invalid. As we create a new regrouping subclass, that was always the
case after a registry reloading, causing subclassed controllers to not be
taken in account.
[IMP] routing_map: clean code a little bit
handle_exception() is supposed to try handling an exception and if it cannot,
re-raise it. Overridden methods must therefore call super() within a try/except
block, and only attempt to handle the exception if super() raised.