The default size limits set in base.sql are eventually superseded by the
actual limits (or absence of) when the DB schema is synchronized with
the Python model definitions.
However the list of modules (name, authors, descriptions, dependencies)
is loaded before this can happen. The length of the author field is one
case that can easily crash the database bootstrap process at that point,
should a module with a long author name be present in the addons path.
After schema sync, that size limit is lifted entirely (although Odoo Apps
does limit the max author name length to 512 at the moment, to prevent
abuse).
Fixes#5850
When deciding to prefetch records (getting records from the cache with no value
for the field being fetched), if the field was computed `determine_value` would
just get all records, not limited by the normal prefetch limit; for large
recordsets this would generate gigantic prefetch lists for records we may not
need at all.
Fix by applying the `PREFETCH_MAX` limit to records from the cache as is done
in `_prefetch_field`.
Since werkzeug 0.12, the `BaseWSGIServer.__init__` method expect the
socket to be bound to determine the effective port it listen to [1].
Stop pretend to bind the socket and close it directly after use.
[1] see pallets/werkzeug@1fc28cbb30
From Pillow 4.2, it is forbidden to save RGBA images as JPEG
( e4d6223c94 )
A crash was occurring when loading demo JPGs as
image_resize_and_sharpen() was silently changing image mode to RGBA.
Now we ensure that we return the original image mode.
We also avoid crashes when converting from PNG to JPG
Rev. 8245c1d1d8 introduced a timeout to
avoid lockup situations with wkhtmltopdf's requests on servers with low
numbers of free HTTP workers.
The initial timeout of 500ms was chosen based on average network
latency, but turned out to cause spurious disconnections on congested
networks combined with slow links.
Bumping up the timeout to 2s seems to be a better sweet spot, causing
less spurious disconnections while still recovering reasonably fast from
the wkhtmltopdf lockup situation.
See also these discussions:
- 8245c1d1d8 (commitcomment-22904347)
- PR #12356
- Issue #2114Closes#17998
NUL characters must not be used in query parameters,
as they will be ignored by libpq, being end-of-string
characters.
Preventing NULs avoids unexpected results from
queries. It is only necessary with psycopg2
versions before 2.7, which includes the upstream
fix.
The name of a company is uniq. The name of a company comes from a
partner and is required.
Thus duplicating a company didn't work.
With this change, if no partner is overriding the copy, the current
partner is duplicated and associated to the new duplicated company.
opw-746106
closes#17532
When a user belongs to multiple groups, and an ir.rule is applicable for some of
them, the rule is added multiple times in the domain. Just do it once. This
makes the query shorter and easier to debug.
Searching on a domain like `[('m2m.sub', operator, value)]` currently does
something like:
right_ids = comodel.search([('sub', operator, value)]).ids
table_ids = model.search([('m2m', 'in', right_ids)]).ids
and reduces the domain triple to `('id', 'in', table_ids)`.
The domain triple can actually be reduced to `('m2m', 'in', right_ids)`. With
this reduction, the search on the field `m2m` will be done as part of the main
query. And this will also enable the optimization of the former fix!
Avoid pathological performance issue caused by injecting ids retrieved with
another query.
Consider a domain like `[('m2m', 'in', ids)]` on a many2many field. The
current implementation will perform the subquery:
SELECT m2m_id1 FROM m2m_table WHERE m2m_id2 IN (ids)
and inject its result into the main query as:
SELECT id FROM ... WHERE id IN (result_ids)
The latter may be very slow if `result_ids` is a huge list of ids.
The fix injects the first query into the main query as:
SELECT id FROM ... WHERE id IN (
SELECT m2m_id1 FROM m2m_table WHERE m2m_id2 IN (ids)
)
As a result, the database will typically JOIN both tables, and avoid generating
the whole list from the subquery.
In case you don't have 'field', the first 'if' will raise a warning.
In this case the second 'if' will crash with:
"'NoneType' object has no attribute 'store'"
This commit closes#16146
Courtesy of @kmetaxas
When not logged in the webstie on Safari and clicking on "Have a Question? Chat with us",
it creates a mail.channel from get_mail_channel and it also creates a translation.
But with Safari, the accept_languages is set with the value 'fr-fr', and this value was set
in the context as the lang='fr_fr'. So when the translation was created, a bad insert query was
raised in sql because the lang didn't exist in the res.lang table. When a translation is created,
the function _get_languages checked that the language is in the table.
So it was impossible to use the chatter when the user is not logged.
NB: interseting functions to see:
-setup_lang in odoo/http.py
-_dispatch in addons/website/models/ir_http.py
-get_mail_channel in addons/im_livechat/models/im_livechat_channel.py
opw:716519
In case an exception (programming, out of memory or any other unexpected
failure), the cron_thread would crash and not recover until server restart.
Issue #15666 was an example of failure.
Courtesy of Nils Hamerlinck
If postgresql database is temporarly down, the cron thread may fail.
The cursor creation fails when trying to connect to the server which leads to
the cron thread to die (uncatched exception) and will not restart when postgres
is back.
Fixes#15666
In SQL, if there is no quote around the table/field, the result will
be returned as case insensitive.
This was causing a bug in the kanban view which was not displaying
the records because x_AA_count was named x_aa_count.
Complements the patch in 15583a4813
in order to properly bootstrap a writeable data_dir when it is
(partially) nonexistant.
Depending on the startup parameters the data_dir might otherwise
have ended up read-only, preventing the creation of its necessary
components (session store, file store). Only the `addons` directory
of the data_dir needs to be read-only by default.
As discussed on issue #15225, it should be possible for system administrators
to disable the 1-click installation system.
The plan is to disable the feature by default, but make it relatively easy
to turn on when it is explicitly desired.
1. At the moment we cannot guarantee that all Apps published on the Odoo Apps
Store are safe. And it is a security risk to let end-users deploy Python
code on their Odoo servers without requiring any review/deployment by a
competent system administrator.
We will work on improving the validation process of the Store, but this
will require time, and won't probably be a 100% safe process in any case.
2. The one-click install feature is however really useful to help
non-technical users install Apps, as long as the feature has been
explicitly allowed by the system administrator. This is a common feature
in other software suites as well. So we'd like to keep it as an opt-in
feature.
3. Administrators of multi-tenant servers, cloud hosting services, etc.
understandably expect to be able to turn off the feature for
security/control reasons.
4. By turning off the feature by default, but still exposing it in the UI,
we keep it *discoverable* for users. The error message should be
helpful to direct users to their sysadmins.
5. By using the permissions of the download folder as a flag for turning
off the feature, we avoid introducing an extra server parameter.
The folder is still created (read-only) by default, for the sole purpose
of making it easier to locate.
Fixes#15225