Denis Ledoux
eaad70daac
[FIX] ir_attachment: upload of attachment for non-employees
...
This rev. is related to eb9113c04d
if a model or a resource id is not defined on an attachment
restrict access to employees only if the creator
of this attachment is not the current user.
So non-employees can access their attachments without
models/resource id, which includes attachment of
discussions threads.
Fixes #4309
Closes #4310
2015-04-03 12:44:44 +02:00
Stefan Rijnhart
4781deb5b6
[FIX] base: Replace unreliable reference count through ORM by SQL
...
When the ORM is cleaning up related attachments upon record deletion, the
search() method hides the attachment of the record that is being deleted.
If the same file is used exactly once in another attachment, the reference
count will be 1 and the file will be deleted.
2015-03-04 11:23:44 +01:00
Denis Ledoux
eb9113c04d
[FIX] ir_attachment: restrict access to orphan attachments to employees
2014-10-02 15:17:48 +02:00
Denis Ledoux
1e374b4ad7
[FIX] ir_attachment: ignore if model uninstalled
...
if the model of an attachement no longer exists (the according module have been uninstalled, for instance), ignore the security check
2014-09-08 10:51:46 +02:00
Denis Ledoux
72d3697fbc
[FIX] security: externals should be able to read attachements
...
without having the rights to read ir.config_parameter
2014-08-26 12:55:48 +02:00
Denis Ledoux
fb90e7d572
[FIX]ir_attachement: not self.pool.get(model) instead of model not in self.pool
...
bzr revid: dle@openerp.com-20131206173602-no831oxc6m1kf6lu
2013-12-06 18:36:02 +01:00
Denis Ledoux
4669f05406
[FIX] ir_attachement: search, if the model of the ir_attachement has been removed, the search ignore the attachement.
...
bzr revid: dle@openerp.com-20131206162314-vjpgtag8qhkl1jhk
2013-12-06 17:23:14 +01:00
Denis Ledoux
b7988bcc5a
[FIX] ir, ir_attachement: traceback if try to create attachement without res_id, caused by check access rights trying to check if the user had the right to read the object with a res_id 0
...
bzr revid: dle@openerp.com-20131119140246-r8dd7h0di4aigjss
2013-11-19 15:02:46 +01:00
Martin Trigaux
e2d6786bc1
[FIX] ir_attachment: fix security issues on ir_attachment
...
check: verify the permissions even when no ids are passed (skipped permission checking for create)
create: verify has the write access on the related model (instead of create, was not checked anyway)
function field: execute the write in fnct_inv as superuser (was impossible to have creation without write access)
bzr revid: mat@openerp.com-20131030084408-t857gl7d4lkbrj5p
2013-10-30 09:44:08 +01:00
Martin Trigaux
15905e78c5
[FIX] ir_attachment: fix security issues on ir_attachment
...
check: verify the permissions even when no ids are passed (skipped permission checking for create)
create: verify has the write access on the related model (instead of create, was not checked anyway)
function field: execute the write in fnct_inv as superuser (was impossible to have creation without write access)
bzr revid: mat@openerp.com-20131029171420-x87wu7ph8ej7mtro
2013-10-29 18:14:20 +01:00
Olivier Dony
06b2ce213c
[FIX] document: overridden ORM methods need to respect API idiosyncrasies, otherwise check() calls may fail
...
bzr revid: odo@openerp.com-20131016105812-844cd9xljvkjwtm3
2013-10-16 12:58:12 +02:00
Thibault Delavallée
ac791818e0
[MERGE] [CHERRYPICK] Backport of revision 4879 of saas-1 branch.
...
[FIX] ir_attachment: in check, values could coutain a
False res_model; no need to check self.pool[False], obviously. We consider void attachments
as being accessible, because no related document exists.
lp bug: https://launchpad.net/bugs/1171457 fixed
bzr revid: tde@openerp.com-20130530142608-jgu1y7175q8hjkt5
2013-05-30 16:26:08 +02:00
Antony Lesuisse
c353392294
[FIX] ir_attachment filestore read on windows
...
lp bug: https://launchpad.net/bugs/1131272 fixed
bzr revid: al@openerp.com-20130227221943-izxnxulg0picimez
2013-02-27 23:19:43 +01:00
Olivier Dony
3cb01bd596
[FIX] ir.attachment: fix drunken commit 4814
...
bzr revid: odo@openerp.com-20130131145348-00yngxmjfy2eforj
2013-01-31 15:53:48 +01:00
Antony Lesuisse
8ef1f06c0f
[FIX] ir_attachment missing logger
...
bzr revid: al@openerp.com-20130131144525-msftyc0hn257g9t8
2013-01-31 15:45:25 +01:00
Fabien Pinckaers
c095e2d340
[FIX] document management, file do not exists
...
bzr revid: fp@tinyerp.com-20130114174355-ygieirm80j9ftixx
2013-01-14 18:43:55 +01:00
Antony Lesuisse
0ed151708a
last fix
...
bzr revid: al@openerp.com-20121220023721-oy7y4czmf3tvmyzl
2012-12-20 03:37:21 +01:00
Antony Lesuisse
549c011893
[MERGE] turnk
...
bzr revid: al@openerp.com-20121220020708-ioiaoz58ncgw5wg7
2012-12-20 03:07:08 +01:00
Cecile Tonglet
5f0070dcb6
[FIX] Remove unused imports and fix some imports that doesn't use the new namespace
...
bzr revid: cto@openerp.com-20121217143029-e9ki4ftwihq7pdme
2012-12-17 15:30:29 +01:00
Antony Lesuisse
fde832955a
add file_size
...
bzr revid: al@openerp.com-20121217011601-utt2a0zweaq2c0bt
2012-12-17 02:16:01 +01:00
Antony Lesuisse
70aa2c995a
filestore testcase and fix bugs
...
bzr revid: al@openerp.com-20121216190317-xoz0jij2cfk0c2zk
2012-12-16 20:03:17 +01:00
Antony Lesuisse
2569587c90
Simplify openerp testing, deprecated redondant test declaration, we feed all
...
tests.* modules to unittest2.TestLoader.loadTestsFromModule(module)
bzr revid: al@openerp.com-20121216173856-euntlfi80uzutkp0
2012-12-16 18:38:56 +01:00
Antony Lesuisse
807c949030
minor fixes
...
bzr revid: al@openerp.com-20121216122555-frwadjd247zidw7o
2012-12-16 13:25:55 +01:00
Vo Minh Thu
509a084e79
[IMP] use the openerp namespace.
...
bzr revid: vmt@openerp.com-20121210152723-mv4dykfu6ip1991h
2012-12-10 16:27:23 +01:00
Antony Lesuisse
e11aa2d37b
[MERGE] trunk
...
bzr revid: al@openerp.com-20121208173012-upufsxqur04r0242
2012-12-08 18:30:12 +01:00
Olivier Dony
7f5ad72429
[MERGE] Forward-port 6.1 bugfixes up to rev. 4307
...
rev.4307 = rev-id launchpad_translations_on_behalf_of_openerp-20121125065030-g5if5pybr61la4yj
bzr revid: odo@openerp.com-20121126160320-t2suuik6lhk6wl0x
bzr revid: odo@openerp.com-20121126161836-mv8yymzgbnmif4ve
bzr revid: odo@openerp.com-20121126162023-ejvsapwouyudw6c6
bzr revid: odo@openerp.com-20121126181527-d4yx15372bis77qj
2012-11-26 19:15:27 +01:00
Antony Lesuisse
a4e5ddcbb2
[MERGE] trunk
...
bzr revid: al@openerp.com-20121122234236-9egsahi6g7rhmbvr
2012-11-23 00:42:36 +01:00
Olivier Dony
4c591fa606
[FIX] ir_attachment: fix regression when counting attachments (OPW 576295)
...
Cherry-pick forward-port of rev-id odo@openerp.com-20120816154020-5s6wbwfb5l2xsnyv
from 6.1. Fixes regression introduced by r.4069.
bzr revid: odo@openerp.com-20121024124709-28w8rh8xnelvuhwg
2012-10-24 14:47:09 +02:00
Olivier Dony
c47ac52388
[FIX] OPW 577963: ir.attachment: finish previous fix by restoring original sort order
...
bzr revid: odo@openerp.com-20120821141605-ejcfki1rh2z4xhdi
2012-08-21 16:16:05 +02:00
Olivier Dony
eec2708f48
[FIX] OPW 577963: ir_attachment: speed up ir.attachment search for large databases
...
Frequents calls to list.remove() were being a bottleneck for large
document lists (100k+). Using a set make remove() calls much faster.
Also turned a read() into a pure SQL command, as its high-level
features were unnecessary (security checks performed before and
after it anyways) and it was 50% slower than the direct SQL version.
This commit has a corresponding addons patch in order to use a set
instead of a list in the document module as well.
bzr revid: odo@openerp.com-20120821130202-71z83drt347lf45n
2012-08-21 15:02:02 +02:00
Ravi Gohil (Open ERP)
4fadf6b8ee
[FIX] Reading a record which is having a reference attachment in ir.attachment model, throws traceback in GTK-Client: (Maintenance Case : 576295)
...
bzr revid: rgo@tinyerp.com-20120627085709-prq3w6zlesr952ld
2012-06-27 14:27:09 +05:30
Antony Lesuisse
30ce97d206
[IMP] ir_attachment external storage
...
bzr revid: al@openerp.com-20120607213537-ajm4dihfkco8wssl
2012-06-07 23:35:37 +02:00
Antony Lesuisse
d47800d1b6
ir.attachment move methods
...
bzr revid: al@openerp.com-20120602162523-0zp9bzd6cqu8qgis
2012-06-02 18:25:23 +02:00
Divyesh Makwana (Open ERP)
aa780e63a5
[IMP] base : Improved the typos.
...
bzr revid: mdi@tinyerp.com-20120423122220-1vgzs96q224a89pv
2012-04-23 17:52:20 +05:30
Olivier Dony
65c71111fb
[FIX] ir.attachment: override _search instead of search() to make sure name_search() works
...
bzr revid: odo@openerp.com-20120309100429-nrfkmlec45z41yj9
2012-03-09 11:04:29 +01:00
Olivier Dony
bdce754108
[IMP] cleanup deprecated method=True param for function fields
...
bzr revid: odo@openerp.com-20120104133027-oaydmngk2dfc22mk
2012-01-04 14:30:27 +01:00
Olivier Dony
0f6510edfc
[FIX] ir.attachment: cleaner check for record existence in access rights
...
bzr revid: odo@openerp.com-20110909155025-cyhnmy89e9a0ijzt
2011-09-09 17:50:25 +02:00
Antony Lesuisse
c7076adb06
[FIX] ir_attachement check use positional args
...
bzr revid: al@openerp.com-20110824220324-xfo7swm45stcooun
2011-08-25 00:03:24 +02:00
Antony Lesuisse
8d31082408
[FIX] ir.model.access check use positional args
...
bzr revid: al@openerp.com-20110824211948-gvtc7uv9e3oeeo3e
2011-08-24 23:19:48 +02:00
Olivier Dony
ab212d05eb
[MERGE] merged latest fixes from 6.0, up to revision 3420
...
Rev 3420 = odo@openerp.com-20110506093704-1vwxsqyz63lq40a1
bzr revid: odo@openerp.com-20110506093920-j1uobqryzx5vv6vv
2011-05-06 11:39:20 +02:00
Olivier Dony
2621b707e0
[MERGE] merged latest fixes from 6.0 branch up to rev 3348
...
Rev 3348 is odo@openerp.com-20110221101549-vp0ha2g91yl30cmk .
bzr revid: odo@openerp.com-20110221103235-6tdy5tpb6zvkbzs3
2011-02-21 11:32:35 +01:00
Vo Minh Thu
f8572e5c60
[IMP] openerp python module.
...
- Some logging code moved from netsvc.py to loglevels.py
- Changed imports to use the new openerp module
- config and netsvc initialization calls move to openerp-server.py
- Moved openerp-server.py outside the old bin directory
- Some imports in tools moved inside the methods to break mutual-dependencies
bzr revid: vmt@openerp.com-20110207125723-ooee7d7ng5elmkso
2011-02-07 13:57:23 +01:00