For public-facing HTML content provided by the user,
`<style>` tags and `style` attributes should be stripped
automatically, as they can easily be abused to deface
pages for abusive users and spammers.
<style> tags were already stripped, the optional `strip_style`
for fields.html enables the automatic stripping of style
attributes.
This is opt-in because custom style attributes are still
desirable in trusted HTML fields.
As custom views validation is done while `self.pool._init` is set,
filter on currently loaded modules was still applied.
As a side effect, only one custom view per base view was validated.
In case this view is depending on another custom inherited view, the
validation failed.
Now force loading all views when validating custom views.
While `apply_inheritance_specs` apply most of its changes inplace, it may
completely replace the `arch_tree` if the root node is replaced.
This new root node wasn't used for `primary` views that inherit from
another.
When the ORM is cleaning up related attachments upon record deletion, the
search() method hides the attachment of the record that is being deleted.
If the same file is used exactly once in another attachment, the reference
count will be 1 and the file will be deleted.
This should improve the performance of method read() on models with inherited
fields, like product.product. The inherited fields that are stored as columns
in parent tables (except for translated fields) are read in the same query as
the fields of the model. Those fields will be directly stored in cache under
the main model, so that no copying will take place in cache for accessing them
(this is the default implementation of inherited fields).
This makes the query construction more robust, as it handles joins for
conditions and ORDER BY clauses. It also makes it easier to read() from
several tables (like inherited fields).
Improve the performance of `name_get()` on many2one field values by making sure
that the records on which `name_get` is invoked are prefetched in cache. This
is not automatic, because `name_get` is invoked on records in another
environment (sudo mode): the prefetching in the original environment should be
reproduced in the other environment.
Add .template as extension of the template files because RPM packaging
produces an error when trying to compile the python template files,
which contains Jinja instructions.
Include *.template files in MANIFEST.in to package them.
Variable was added to an error message, then inlined in only one of the
two callsites. Undefined variable error would only appear when an error
is triggered in the actual (postgres-level) backup call.
inserted in ec9a543fixes#5241
- Translations lookup normally uses the namespace of the current
QWeb template, after merging all inherited views.
But when a QWeb template is "cloned" by a child view using
inheritance with `primary` mode, the translations are more
likely to exist for the original (parent) template, and would not
be found when using only the "child" namespace.
This patch adds support for looking up each translation
also in the parent namespace in this case, if none was found
for the child template in the first place.
- ir.translation's _get_source() now supports a list of res_id
to search for, in addition to a single res_id
- Also moved the logic of routes /website/customize_template_get
and /website/get_view_translations to the ir.ui.view model where
it belongs.
opw: 615241
Closes#5325
Custom fields can point to custom models that have not been initialized
yet (`_setup_base` not called). Ensure every models in the registry
have a `_fields` attribute.
Use a `frozendict` as a defensive check to ensure it wont be modified
before calling `_setup_base`.
The implementation was based on the ill-defined method `same_parameters()` that
compares arguments based on a heuristic. Instead, we now create a new column
and check whether it is equivalent to `self` by comparing the arguments
returned by `to_field_args()`. If that is the case, `self` is reused instead
of the new column.
The code refactoring also fixes the column reuse which was broken by the
introduction of the parameter `compute` in commit 9333c62. Indeed, with that
parameter, `same_parameters()` always returned False, since old-api columns do
not have that parameter by default. The parameter has been renamed to
`_computed_field`, and is no longer passed for creating columns.
This was due to secondary fields loaded from database in 'onchange' mode. In
that mode, the secondary fields were marked 'dirty', and therefore returned by
the method `onchange`. The fix consists in loading those secondary fields in
cache before processing the onchanges.
This incidentally fixes a test on method `onchange`: in a one2many field, some
dirty fields were unexpectedly returned in the result. This was due to those
fields being loaded while processing onchanges.
Node content of inherited views using <attribute> tags are added
in the translation terms when syncing the terms.
The fact that the content should be translated or not depends
on the content, or to which attribute it refers.
For instance, string attributes should be translated, but
domains probably not.
But, even for domains, this is possible that it requires a translation
e.g. [('category_id.name', 'ilike', 'Customers')].
This domain is very unlikely to be integrated in the standard source code,
but this is possible to have such a domain in a view customization.
Therefore, we provide the possibility to disable the translation
case by case. Setting translation="off" in the attribute of the node
will prevent to add the node content in the translated terms.
opw-625762
Column `name` is required in ir.actions, and thus
automatically required in subclasses such as `ir.actions.act_window`
and `ir.actions.act_url`, due to the specific PostgreSQL inheritance
mechanism. Mark it so in the model to make it explicit.
This does not change the database constraints, as they should already
be set though inheritance.
Closes#4861
When overriding a field defined as a function field, the field must either
create a corresponding column that is not a fields.function (if stored), or
have no corresponding column (if not stored).
Idea: look up for the model's fields in method `_setup_base()` instead of
method `__init__()`. This does not make a significant difference when
installing or upgrading modules, but when simply loading a registry, the
(expensive) field lookup is done once per model instead of once per class.
When you change the country of your company, each field of a company address keeps
its attrs. This is why the company address stays on readonly when use_parent_address
is checked.
Closes#4808
opw: 627033
When you change the country of your company, each field of a company address keeps
its attrs. This is why the company address stays on readonly when use_parent_address
is checked.
Closes#4808
opw: 627033
In a workflow context (for instance, in the invoice workflow),
context is not passed.
Therefore, relying on the 'recompute' key being the context
in order to not recompute the fields does not work with Workflows.
It leads to huge performance issues,
as fields are recomputed recursively (instead of sequentially)
when several records are implied.
For instance, when reconciling several invoices with one payment
(100 invoices with 1 payment for instance),
records of each invoice are recomputed uselessly in each workflow call
(for each "confirm_paid" method done for each invoice).
With a significant number of invoices (100, for instance),
it even leads to a "Maximum recursion depth reached" errror.
closes#4905