Authentication modules are supposed to override res_users.check_credentials()
in order to plug in their own mechanism, without actually modifying the
behavior of res_users.check(), res_users.authenticate() or
res_users._login().
auth_openid was incorrectly overriding check() instead of
check_credentials(), and unnecessarily accessing private
attributes of res_users. Fixing the implementation of auth_openid
to follow the API means we can completely make those attributes
private.
The field display_name is present in account_report_company but not in base
on the res.partner (has been added in v8 in base).
Create a hook method to keep using the slow CASE in base and switch to the
faster display_name when installing account_report_company.
In commit 44f2c8d54 we unified the return value of the function to int,
but it seems the returned size could be None which is not a valid input
of the int() built-in function.
To distinguish two ir.attachment 'File Content', we base it on the file
size (this I imagine is for efficiency).
This is done by setting bin_size in the context. Doing this, the
returned db_datas field will be the file size of the converted to base64
content (if no filestore).
But this size is returned in string format, so "get_nice_size" (in
openerp/osv/fields.py) which gets this size calculates the length of the
string. e.g: if the size is '2142' get_nice_size will return 4.
This fix solves this by converting the string to an integer, thus
unifying it with the filestore case (where we use os.path.getsize which
return an integer).
Also, the field presenting the issue (FieldBinaryFile) has been changed
so it is always updated even if the size is the same (as it was already
done by 3632949 for FieldBinaryImage widget).
closes#7223
opw-643071
When importing a CSV file with an "id" column containing
external IDs (XML IDs), the system automatically creates
or updates the corresponding ir.model.data entries.
This would fail for regular users who do not have
create/write access on this internal model.
The ir.ui.view.graph_get() method depended on the natural
semi-random order of Python dict keys in the _columns dict.
When the number and/or names of the _columns happened to
yield the o2m field of the "incoming transitions" *before*
the "outgoing transitions" of the "Node model"
(e.g. workflow activity), it would swap the incoming and
outgoing transitions fields around, causing a crash later
in the `tools.graph.process` method (currently an infinite
loop in the `tree_order()` method of tools.graph.py).
Closes#3614
Fixes https://bugs.launchpad.net/openobject-server/+bug/1316948
opw-633765
When updating translations, the source (`src`) is irrelevant for
`field` and `help` translations. Theses translation types are only
matched through their `name`.
fails due to ir.config_parameter permission
At rev. 80017b04c2
ir.config_parameter model has been restricted to employees
Getting parameter from this model should therefore
be done as SUPERUSER_ID where the uid could
be a user which is not an employee.
Closes#5280
This rev. is related to eb9113c04d
if a model or a resource id is not defined on an attachment
restrict access to employees only if the creator
of this attachment is not the current user.
So non-employees can access their attachments without
models/resource id, which includes attachment of
discussions threads.
Fixes#4309Closes#4310
Since revs 53582c2ea6 & f65c913027,
this was no more possible for portal users to read groups
on purpose, for privacy reasons.
fields_get of res.users model is overriden, for
the access rights form view features
(The groups selections and checkboxes).
At each call to fields_get, which happens at each call
to fields_view_get on the res.users model, operations are
done on the model res.groups (basically, to
build the selection groups and checkboxes). So,
each time a view of model res.users is displayed,
whatever the view, operations on res.group model were performed.
The thing is, these operations on res.groups
are actually needed only for the user access rights
view, or at least only for users having the group
Administration > Access rights. These group operations
aren't needed for the preferences view, nor for portal users.
We therefore avoid to do these if the user is not part of the
Administration > Access rights group, which lead to
performances improvment, and solves the fact
portal users couldn't access their user preferences view.
opw-627391
It's always dangerous because (cascade-)deleting workitems
has a great chance of killing the workflow instances they
belong to, putting the records in the workflow limbo
permanently. (They will appear stuck as they don't have
enough workitems anymore)
In addition, in some rare cases a subflow activity is
converted into a regular activity during an update, and
nullifying the `subflow_id` column is all there is to
fixing the corresponding workitems. It will simply take
them out of their subflow, and back into the main flow.
This is the case for the modification of the purchase.order
workflow in Odoo 8 (saas-5), for the picking subflow.
When the ORM is cleaning up related attachments upon record deletion, the
search() method hides the attachment of the record that is being deleted.
If the same file is used exactly once in another attachment, the reference
count will be 1 and the file will be deleted.
When you change the country of your company, each field of a company address keeps
its attrs. This is why the company address stays on readonly when use_parent_address
is checked.
Closes#4808
opw: 627033
In currencies, advanced search with "equals" or "not equals" on rates
was not possible for something else than a date, in server format (crash).
This is because the name field of the model res.currency.rate is a date
This is now possible to search rates with just a float and the equal operators,
it returns currencies which are having at least one rate set to this float value
This is also possible to search rates with the equal operators with a date in
user (context) date format.
Acting as a mailing-list-like distribution system, the system used
to set the enveloper sender (aka bounce address) to the From header
of the message, effectively pretending to be the original sender.
In some cases the domain of the From header explicitly forbids
sending emails from external systems (e.g. with a hardfail SPF
record), so this could cause the email to be rejected by some
spam filters, depending on their policies.
The system will now use a local bounce address in the form:
mail-catchall-alias@mail-catchall-domain
or, if no catchall is configured:
postmaster-odoo@mail-catchall-domain
(as soon there is a mail.catchall.domain configured)
It will only fallback to using the From header when no
catchall domain is configured.
Fixes issue #3347.
Closes#3393.
[IMP] base: safer locking at user login
When a users connects, a lock is taken on the res_user table to modify the last login date. If another running transaction uses a foreign key to res.users (e.g. write_uid column), postgres may detect the update as a concurrent update and rollback the transaction.
In pg 9.3, the lock_strength parameter 'NO KEY' allows a weaker lock which is less likely to break another transaction.
Fixes#552
As entering a wrong value in the grouping field of res.lang,
for instance '[,]', leads to an unavailability of the web interface,
We add a constraint to prevent entering wrong values.
Revert "[FIX] ir_translation: remove control characters from translations"
This reverts commit 6d4e1cc73e.
This was intended to clean malformed translations but it introduced the side
effect of removing all '\n' in translations.
Fixes#4092, opw 619175
When deleting a partner with some contacts, if the contacts had selected
the "use parent address" checkbox, the address of the contacts was stucked in
readonly mode (no checkbox to disable it).
Disable use_parent_address for orphan partners.
Fixes#3611#3613
The name_get of res.partner.bank uses the format_layout to generate the name
of the bank. As every field is not required, we may get 'False' in the name.
Replace these missing values by an empty string.
Fixes#3590
Add rounding_method parameter on float_round method to offer
HALF-UP (default, usual round) or UP (ceiling) rounding method.
Use the second method instead of math.ceil() for product
reservations.
For UP, the python math.ceil() method uses "torwards infinity"
rounding method while we want "away from zero".
Therefore we use the absolute value of normalized_value to make
sure than -1.8 is rounded to -2.0 and not -1.
Fixes#1125#2793
This is a cherry-pick of d4972ff which was reverted at 333852e due
to remaining issue with negative values.
In some cases (e.g. with record rules), the name_get might not have access
to the parent name. Therefore a parent_name related field solves the
issue (as it read with as superuser).
Rev f2cf6ced1 modified RFC2822 parsing in order to better support
unicode characters inside the Name part of an address header.
However the patch broke handling of multiple addresses (comma
separated) - silently discarding all recipients except the
first one, as soon as any non-ASCII character was present.
This patch restores the functionality while preserving the
fix from f2cf6ced1, and simplifies the code using email.utils
utility functions.
Fixes (again) lp:1272610, OPW 607683