Merge lp:~openerp-dev/openobject-client-web/6.0-opw-580592-xal into lp:openobject-client-web

Proposed by Xavier ALT on 2012-10-15
Status: Needs review
Proposed branch: lp:~openerp-dev/openobject-client-web/6.0-opw-580592-xal
Merge into: lp:openobject-client-web
Diff against target: 129 lines (+39/-9)
3 files modified
addons/openerp/controllers/form.py (+1/-1)
addons/openerp/controllers/openo2m.py (+33/-2)
addons/openerp/static/javascript/m2o.js (+5/-6)
To merge this branch: bzr merge lp:~openerp-dev/openobject-client-web/6.0-opw-580592-xal
Reviewer Review Type Date Requested Status
OpenERP Core Team 2012-10-15 Pending
Review via email: mp+129654@code.launchpad.net

Description of the change

Hi,

When clicking on a button within a one2many window, web client force data of that record to be rewritten. This can cause permission errors.

The one2many save() has been modified to support filtering only modified datas (like it's done on form save()).

Regards,
Xavier

To post a comment you must log in.
4889. By Xavier ALT on 2012-10-29

[FIX] OPW 580592: web: when compararing current and original compare, make sure both arguments are unicode

4890. By Anaël Closson (openerp) on 2013-03-12

[FIX] OPW 587377 ie stop listening clicks when spam clicking on buttons on a view with m2o

Unmerged revisions

4890. By Anaël Closson (openerp) on 2013-03-12

[FIX] OPW 587377 ie stop listening clicks when spam clicking on buttons on a view with m2o

4889. By Xavier ALT on 2012-10-29

[FIX] OPW 580592: web: when compararing current and original compare, make sure both arguments are unicode

4888. By Xavier ALT on 2012-10-15

[FIX] OPW 580592: web: one2many: when saving one2many data filter data that has not been modified

  - This is necessary when user has no 'write' access on the one2many object,
    and user clic on a button. If user didn't modify the record - write() call
    is not necessary.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'addons/openerp/controllers/form.py'
2--- addons/openerp/controllers/form.py 2012-11-05 17:35:08 +0000
3+++ addons/openerp/controllers/form.py 2013-03-12 16:01:23 +0000
4@@ -421,7 +421,7 @@
5 for field, original_value in original_data.iteritems():
6 if isinstance(original_value, tuple):
7 original_data[field] = original_value[0]
8- if field in data and data[field] != original_data[field]:
9+ if field in data and ustr(data[field]) != ustr(original_data[field]):
10 #When field is many2many at that time following code will be applied
11 if isinstance(data[field], list) and isinstance(data[field][0][2], list):
12 if sorted(data[field][0][2]) != sorted(original_data[field]):
13
14=== modified file 'addons/openerp/controllers/openo2m.py'
15--- addons/openerp/controllers/openo2m.py 2012-09-13 15:19:58 +0000
16+++ addons/openerp/controllers/openo2m.py 2013-03-12 16:01:23 +0000
17@@ -113,6 +113,7 @@
18 params, data = TinyDict.split(kw)
19 params.editable = True
20
21+ o2m_proxy = rpc.RPCProxy(params.o2m_model)
22 proxy = rpc.RPCProxy(params.parent_model)
23
24 pprefix = '.'.join(params.o2m.split('/')[:-1])
25@@ -120,11 +121,42 @@
26 if pprefix:
27 data = eval(pprefix, TinyDict(**data)).make_dict()
28
29+ fld = params.o2m.split('/')[-1]
30+
31 ctx = context_with_concurrency_info(rpc.session.context, params.concurrency_info)
32 ctx.update(params.parent_context or {})
33 ctx.update(params.o2m_context or {})
34
35- id = proxy.write([params.parent_id], data, ctx)
36+ ## Before writing, filter data that has not been modified
37+ if isinstance(data, dict) and fld in data:
38+ fld_data = []
39+ fld_ctx = dict((params.o2mcontext or {}), **rpc.session.context)
40+ for (op, _id, values) in data[fld]:
41+ modified = {}
42+ if _id and op == 1: # we're updating that record
43+ original_data = o2m_proxy.read(_id, values.keys(), fld_ctx)
44+
45+ if original_data and isinstance(original_data, dict):
46+ for field, original_value in original_data.iteritems():
47+ if isinstance(original_value, tuple):
48+ original_data[field] = original_value[0]
49+ if field in values and ustr(values[field]) != ustr(original_data[field]):
50+ #When field is many2many at that time following code will be applied
51+ if isinstance(values[field], list) and isinstance(values[field][0][2], list):
52+ if sorted(values[field][0][2]) != sorted(original_data[field]):
53+ modified[field] = values[field]
54+ else:
55+ modified[field] = values[field]
56+ if modified:
57+ fld_data.append((op, _id, modified))
58+ # update 'fld' in data, or remove it if there is nothing to be written
59+ if fld_data:
60+ data[fld] = fld_data
61+ else:
62+ data.pop(fld, None)
63+
64+ if data:
65+ id = proxy.write([params.parent_id], data, ctx)
66
67 prefix = params.o2m
68 current = params.chain_get(prefix)
69@@ -132,7 +164,6 @@
70 params.load_counter = 1
71
72 ids = current.ids
73- fld = params.o2m.split('/')[-1]
74 all_ids = proxy.read([params.parent_id], [fld])[0][fld]
75 new_ids = [i for i in all_ids if i not in ids]
76
77
78=== modified file 'addons/openerp/static/javascript/m2o.js'
79--- addons/openerp/static/javascript/m2o.js 2012-08-21 17:19:50 +0000
80+++ addons/openerp/static/javascript/m2o.js 2013-03-12 16:01:23 +0000
81@@ -31,7 +31,6 @@
82 }
83
84 this.__init__(name);
85- self = this;
86 };
87
88 ManyToOne.prototype.__init__ = function(name) {
89@@ -277,11 +276,11 @@
90 if(evt.target.tagName.toLowerCase() == 'input') {
91 var w;
92 if(jQuery('#search_filter_data').is(':visible')) {
93- w = jQuery(evt.currentTarget).width()
94+ w = jQuery(evt.currentTarget).width();
95 } else {
96 w = jQuery(evt.currentTarget).width() + jQuery(idSelector(this.name + '_select')).width();
97 }
98- jQuery('div.autoTextResults[id$="' + this.name + '"]').width(w)
99+ jQuery('div.autoTextResults[id$="' + this.name + '"]').width(w);
100 }
101 }
102
103@@ -473,7 +472,7 @@
104 context: this.get_context()
105 }).addCallback(function(obj) {
106 self.eval_domain = obj.domain;
107- self.eval_context = obj.context
108+ self.eval_context = obj.context;
109
110 jQuery.getJSON('/openerp/search/get_matched', {
111 text: val,
112@@ -542,7 +541,7 @@
113 return true;
114 }
115 catch(e) {
116- error_display(_('error in display::') + e)
117+ error_display(_('error in display::') + e);
118 }
119 };
120
121@@ -594,7 +593,7 @@
122 function open($this, options) {
123 var url;
124 if(options.record) {
125- url = '/openerp/openm2o/edit'
126+ url = '/openerp/openm2o/edit';
127 } else {
128 url = '/openerp/search/new';
129 }