Skip to content
Permalink
Browse files

🛀 no need to prepare names for templates

  • Loading branch information...
trojikman committed Jul 15, 2019
1 parent 7094fa4 commit 9576b526df4a99c46e82c24520b67055c908eb66
@@ -9,7 +9,7 @@
<field name="build_post_init">env['res.partner'].create({{'name': '{name}'}})</field>
</record>
<record id="saas_template_operator" model="saas.template.operator">
<field name="operator_db_name">template-database</field>
<field name="operator_db_name">template_database</field>
<field name="template_id" eval="ref('saas_template')"/>
<field name="operator_id" eval="ref('local_operator')"/>
</record>
@@ -1,7 +1,7 @@
`1.0.2`
-------

- **Fix:** fix db name vulnerability
- **Fix:** added preparation of names for builds for links to work correctly.

`1.0.1`
-------
@@ -1,8 +1,6 @@
# Copyright 2018 Ivan Yelizariev <https://it-projects.info/team/yelizariev>
# Copyright 2019 Denis Mudarisov <https://it-projects.info/team/trojikman>
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
from slugify import slugify

from odoo import models, fields, api
from odoo.addons.queue_job.job import job

@@ -22,16 +20,10 @@ class SAASDB(models.Model):
('done', 'Ready'),
], default='draft')

def prepare_name(self):
for r in self:
if r.name:
r.name = slugify(r.name)

@api.multi
@job
def create_db(self, template_db, demo, password=None, lang='en_US', callback_obj=None, callback_method=None):
self.ensure_one()
self.prepare_name()
db_name = self.name
self.operator_id._create_db(template_db, db_name, demo, password, lang)
self.state = 'done'
@@ -4,6 +4,7 @@
import random
import string
import logging
from slugify import slugify

from odoo import models, fields, api, SUPERUSER_ID, sql_db, _, registry
from odoo.tools.safe_eval import test_python_expr
@@ -219,13 +220,19 @@ def _rpc_auth(self):
admin_username='admin',
admin_password=self.password)

def prepare_name(self, db_name):
self.ensure_one()
return slugify(db_name)

@api.multi
def create_db(self, key_values=None, db_name=None, with_delay=True):
self.ensure_one()
if not key_values:
key_values = {}
if not db_name:
db_name = self.operator_id.generate_db_name()
else:
db_name = self.prepare_name(db_name)
build = self.env['saas.db'].create({
'name': db_name,
'operator_id': self.operator_id.id,
@@ -2,8 +2,8 @@
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
from odoo.service import db

DB_TEMPLATE_1 = 'db-template-1'
DB_TEMPLATE_2 = 'db-template-2'
DB_TEMPLATE_1 = 'db_template_1'
DB_TEMPLATE_2 = 'db_template_2'
MODULE_TO_INSTALL = 'mail'
TEMPLATE_TEST_SUBJECT = 'Dummy subject name to test that code is applied on template database'
BUILD_TEST_SUBJECT = 'Dummy subject name to test that code is applied on build database'
@@ -67,7 +67,7 @@ def setup_saas_env(self):
def drop_dbs(self, db_list=None):
if not db_list:
db_list = []
db_list += [DB_TEMPLATE_1, DB_TEMPLATE_2, 'template-database']
db_list += [DB_TEMPLATE_1, DB_TEMPLATE_2, 'template_database']
for i in db_list:
if i in db.list_dbs():
db.exp_drop(i)

0 comments on commit 9576b52

Please sign in to comment.
You can’t perform that action at this time.