Skip to content
Permalink
Browse files

[FIX] mail: improve mail.mail ACLs

Commit linked to task ID 1853147 and PR #32243
  • Loading branch information...
tde-banana-odoo committed Mar 29, 2019
1 parent 25840a2 commit 106c61b429759481aa8ca8c8c56fe36feee1250e
@@ -212,7 +212,7 @@ def _send_mail_to_attendees(self, template_xmlid, force_send=False):
mail_ids.append(invitation_template.send_mail(attendee.id, email_values=email_values, notif_layout='mail.mail_notification_light'))

if force_send and mail_ids:
res = self.env['mail.mail'].browse(mail_ids).send()
res = self.env['mail.mail'].sudo().browse(mail_ids).send()

return res

@@ -56,7 +56,7 @@ def test_00_event_mail_schedule(self):
# verify that subscription scheduler was auto-executed after each registration
self.assertEqual(len(schedulers[0].mail_registration_ids), 2, 'event: incorrect number of mail scheduled date')

mails = self.env['mail.mail'].search([('subject', 'ilike', 'registration'), ('date', '>=', now)], order='date DESC', limit=3)
mails = self.env['mail.mail'].sudo().search([('subject', 'ilike', 'registration'), ('date', '>=', now)], order='date DESC', limit=3)
self.assertEqual(len(mails), 2, 'event: wrong number of registration mail sent')

for registration in schedulers[0].mail_registration_ids:
@@ -73,7 +73,5 @@ def test_00_event_mail_schedule(self):
self.assertTrue(schedulers[0].mail_sent, 'event: reminder scheduler should have sent an email')
self.assertTrue(schedulers[0].done, 'event: reminder scheduler should be done')

mails = self.env['mail.mail'].search([('subject', 'ilike', 'TestEventMail'), ('date', '>=', now)], order='date DESC', limit=3)
mails = self.env['mail.mail'].sudo().search([('subject', 'ilike', 'TestEventMail'), ('date', '>=', now)], order='date DESC', limit=3)
self.assertEqual(len(mails), 3, 'event: wrong number of reminders in outgoing mail queue')


@@ -535,7 +535,9 @@ def _send_expense_success_mail(self, msg_dict, expense):
notif_layout='mail.mail_notification_light',
)
else:
self.env['mail.mail'].create({
self.env['mail.mail'].sudo().create({
'email_from': self.env.user.email_formatted,
'author_id': self.env.user.partner_id.id,
'body_html': body,
'subject': 'Re: %s' % msg_dict.get('subject', ''),
'email_to': msg_dict.get('email_from', False),
@@ -278,7 +278,7 @@ def send_pec_mail(self):
'attachment_ids': [(6, 0, self.l10n_it_einvoice_id.ids)],
})

mail_fattura = self.env['mail.mail'].create({
mail_fattura = self.env['mail.mail'].sudo().create({
'mail_message_id': message.id,
'email_to': self.env.user.company_id.l10n_it_address_recipient_fatturapa,
})
@@ -398,7 +398,8 @@ def message_post(self, message_type='notification', **kwargs):
# Notifies the message author when his message is pending moderation if required on channel.
# The fields "email_from" and "reply_to" are filled in automatically by method create in model mail.message.
if self.moderation_notify and self.moderation_notify_msg and message_type == 'email' and moderation_status == 'pending_moderation':
self.env['mail.mail'].create({
# TODO tde: check author
self.env['mail.mail'].sudo().create({
'body_html': self.moderation_notify_msg,
'subject': 'Re: %s' % (kwargs.get('subject', '')),
'email_to': email,
@@ -452,12 +453,13 @@ def _send_guidelines(self, partners):
]).mapped('email')
for partner in partners.filtered(lambda p: p.email and not (p.email in banned_emails)):
create_values = {
'email_from': partner.company_id.catchall or partner.company_id.email,
'author_id': False,
'body_html': view.render({'channel': self, 'partner': partner}, engine='ir.qweb', minimal_qcontext=True),
'subject': _("Guidelines of channel %s") % self.name,
'email_from': partner.company_id.catchall or partner.company_id.email,
'recipient_ids': [(4, partner.id)]
}
mail = self.env['mail.mail'].create(create_values)
mail = self.env['mail.mail'].sudo().create(create_values)
mail.send()
return True

@@ -492,6 +492,11 @@ def generate_email(self, res_ids, fields=None):

return multi_mode and results or results[res_ids[0]]

def _send_check_access(self, res_ids):
records = self.env[self.model].browse(res_ids)
records.check_access_rights('read')
records.check_access_rule('read')

@api.multi
def send_mail(self, res_id, force_send=False, raise_exception=False, email_values=None, notif_layout=False):
""" Generates a new mail.mail. Template is rendered on record given by
@@ -506,7 +511,9 @@ def send_mail(self, res_id, force_send=False, raise_exception=False, email_value
generated email;
:returns: id of the mail.mail that was created """
self.ensure_one()
Mail = self.env['mail.mail']
# TDE TMP
self._send_check_access([res_id])
Mail = self.env['mail.mail'].sudo()
Attachment = self.env['ir.attachment'] # TDE FIXME: should remove dfeault_type from context

# create a mail_mail based on values, without attachments
@@ -966,7 +966,7 @@ def _routing_create_bounce_email(self, email_from, body_html, message, **mail_va
if bounce_from:
bounce_mail_values['email_from'] = 'MAILER-DAEMON <%s>' % bounce_from
bounce_mail_values.update(mail_values)
self.env['mail.mail'].create(bounce_mail_values).send()
self.env['mail.mail'].sudo().create(bounce_mail_values).send()

@api.model
def message_route_verify(self, message, message_dict, route,
@@ -2,9 +2,9 @@ id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_mail_message_all,mail.message.all,model_mail_message,,1,0,0,0
access_mail_message_portal,mail.message.portal,model_mail_message,base.group_portal,1,1,1,1
access_mail_message_user,mail.message.user,model_mail_message,base.group_user,1,1,1,1
access_mail_mail_all,mail.mail.all,model_mail_mail,,1,0,0,0
access_mail_mail_portal,mail.mail.portal,model_mail_mail,base.group_portal,1,1,1,0
access_mail_mail_user,mail.mail.user,model_mail_mail,base.group_user,1,1,1,0
access_mail_mail_all,mail.mail.all,model_mail_mail,,0,0,0,0
access_mail_mail_portal,mail.mail.portal,model_mail_mail,base.group_portal,0,0,0,0
access_mail_mail_user,mail.mail.user,model_mail_mail,base.group_user,0,0,0,0
access_mail_mail_system,mail.mail.system,model_mail_mail,base.group_system,1,1,1,1
access_mail_followers_all,mail.followers.all,model_mail_followers,,1,0,0,0
access_mail_followers_portal,mail.followers.portal,model_mail_followers,base.group_portal,1,1,1,0
@@ -210,6 +210,10 @@ def action_send_mail(self):
self.send_mail()
return {'type': 'ir.actions.act_window_close', 'infos': 'mail_sent'}

def _send_check_access(self, res_ids):
records = self.env[self.model].browse(res_ids)
records.check_access_rights('read')
records.check_access_rule('read')

@api.multi
def send_mail(self, auto_commit=False):
@@ -240,7 +244,6 @@ def send_mail(self, auto_commit=False):
# Mass Mailing
mass_mode = wizard.composition_mode in ('mass_mail', 'mass_post')

Mail = self.env['mail.mail']
ActiveModel = self.env[wizard.model] if wizard.model and hasattr(self.env[wizard.model], 'message_post') else self.env['mail.thread']
if wizard.composition_mode == 'mass_post':
# do not send emails directly but use the queue instead
@@ -265,11 +268,14 @@ def send_mail(self, auto_commit=False):
subtype_id = self.env['ir.model.data'].xmlid_to_res_id('mail.mt_comment')

for res_ids in sliced_res_ids:
batch_mails = Mail
# TDE TMP
if wizard.composition_mode == 'mass_mail':
self._send_check_access(res_ids)
batch_mails_sudo = self.env['mail.mail'].sudo()
all_mail_values = wizard.get_mail_values(res_ids)
for res_id, mail_values in all_mail_values.items():
if wizard.composition_mode == 'mass_mail':
batch_mails |= Mail.create(mail_values)
batch_mails_sudo |= self.env['mail.mail'].sudo().create(mail_values)
else:
post_params = dict(
message_type=wizard.message_type,
@@ -284,7 +290,7 @@ def send_mail(self, auto_commit=False):
ActiveModel.browse(res_id).message_post(**post_params)

if wizard.composition_mode == 'mass_mail':
batch_mails.send(auto_commit=auto_commit)
batch_mails_sudo.send(auto_commit=auto_commit)

@api.multi
def get_mail_values(self, res_ids):
@@ -23,8 +23,8 @@ def create(self, values_list):
mails = super(MailMail, self).create(values_list)
for mail_index, values in enumerate(values_list):
if values.get('statistics_ids'):
mail_sudo = mails[mail_index].sudo()
mail_sudo.statistics_ids.write({'message_id': mail_sudo.message_id, 'state': 'outgoing'})
mail = mails[mail_index]
mail.statistics_ids.write({'message_id': mail.message_id, 'state': 'outgoing'})
return mails

def _get_tracking_url(self):
@@ -779,7 +779,7 @@ def cancel_mass_mailing(self):

@api.multi
def retry_failed_mail(self):
failed_mails = self.env['mail.mail'].search([('mailing_id', 'in', self.ids), ('state', '=', 'exception')])
failed_mails = self.env['mail.mail'].sudo().search([('mailing_id', 'in', self.ids), ('state', '=', 'exception')])
failed_mails.mapped('statistics_ids').unlink()
failed_mails.sudo().unlink()
res_ids = self.get_recipients()
@@ -75,7 +75,7 @@ def test_00_test_mass_mailing_shortener(self):
mass_mailing.put_in_queue()
mass_mailing._process_mass_mailing_queue()

sent_mails = self.env['mail.mail'].search([('mailing_id', '=', mass_mailing.id)])
sent_mails = self.env['mail.mail'].sudo().search([('mailing_id', '=', mass_mailing.id)])
sent_messages = sent_mails.mapped('mail_message_id')

self.assertEqual(mailing_list_A.contact_nbr, len(sent_messages),
@@ -15,7 +15,7 @@ class TestMassMailing(models.TransientModel):
@api.multi
def send_mail_test(self):
self.ensure_one()
mails = self.env['mail.mail']
mails_sudo = self.env['mail.mail'].sudo()
mailing = self.mass_mailing_id
test_emails = tools.email_split(self.email_to)
mass_mail_layout = self.env.ref('mass_mailing.mass_mailing_mail_layout')
@@ -34,7 +34,7 @@ def send_mail_test(self):
'attachment_ids': [(4, attachment.id) for attachment in mailing.attachment_ids],
'auto_delete': True,
}
mail = self.env['mail.mail'].create(mail_values)
mails |= mail
mails.send()
mail = self.env['mail.mail'].sudo().create(mail_values)
mails_sudo |= mail
mails_sudo.send()
return True
@@ -140,7 +140,7 @@ def test_flow_certificate(self):
self.assertNotIn("I think they're great!", user_inputs.mapped('user_input_line_ids.value_free_text'))
self.assertIn("Just kidding, I don't like it...", user_inputs.mapped('user_input_line_ids.value_free_text'))

certification_email = self.env['mail.mail'].search([], limit=1, order="create_date desc")
certification_email = self.env['mail.mail'].sudo().search([], limit=1, order="create_date desc")
# Check certification email correctly sent and contains document
self.assertIn("User Certification for SO lines", certification_email.subject)
self.assertIn("employee@example.com", certification_email.email_to)
@@ -239,7 +239,7 @@ def test_message_log(self):
def test_message_log_with_post(self):
record = self.env['mail.test.simple'].create({'name': 'Test'})

with self.assertQueryCount(__system__=7, emp=13): # test_mail only: 7 - 13
with self.assertQueryCount(__system__=7, emp=14): # test_mail only: 7 - 14
record.message_post(
body='<p>Test message_post as log</p>',
subtype='mail.mt_note',
@@ -250,7 +250,7 @@ def test_message_log_with_post(self):
def test_message_post_no_notification(self):
record = self.env['mail.test.simple'].create({'name': 'Test'})

with self.assertQueryCount(__system__=7, emp=13): # test_mail only: 7 - 13
with self.assertQueryCount(__system__=7, emp=14): # test_mail only: 7 - 14
record.message_post(
body='<p>Test Post Performances basic</p>',
partner_ids=[],
@@ -263,7 +263,7 @@ def test_message_post_no_notification(self):
def test_message_post_one_email_notification(self):
record = self.env['mail.test.simple'].create({'name': 'Test'})

with self.assertQueryCount(__system__=52, emp=72): # com runbot: 49 - 69 // test_mail only: 52 - 69
with self.assertQueryCount(__system__=52, emp=73): # com runbot: 49 - 69 // test_mail only: 52 - 69
record.message_post(
body='<p>Test Post Performances with an email ping</p>',
partner_ids=self.customer.ids,
@@ -275,7 +275,7 @@ def test_message_post_one_email_notification(self):
def test_message_post_one_inbox_notification(self):
record = self.env['mail.test.simple'].create({'name': 'Test'})

with self.assertQueryCount(__system__=32, emp=44): # com runbot 31 - 43 // test_mail only: 32 - 44
with self.assertQueryCount(__system__=32, emp=45): # com runbot 31 - 44 // test_mail only: 32 - 45
record.message_post(
body='<p>Test Post Performances with an inbox ping</p>',
partner_ids=self.user_test.partner_id.ids,
@@ -386,8 +386,8 @@ def test_complex_mail_mail_send(self):
})
mail_ids = mail.ids

with self.assertQueryCount(__system__=14, emp=21): # test_mail only: 14 - 21
self.env['mail.mail'].browse(mail_ids).send()
with self.assertQueryCount(__system__=14, emp=14): # test_mail only: 14 - 14
self.env['mail.mail'].browse(mail_ids).sudo().send()

self.assertEqual(mail.body_html, '<p>Test</p>')
self.assertEqual(mail.reply_to, formataddr(('%s %s' % (self.env.user.company_id.name, self.umbrella.name), 'test-alias@example.com')))
@@ -505,7 +505,7 @@ def test_complex_tracking_subscription_create(self):
customer_id = self.customer.id
user_id = self.user_portal.id

with self.assertQueryCount(__system__=154, emp=171): # com runbot: 154 - 171 // test_mail only: 154 - 168
with self.assertQueryCount(__system__=154, emp=172): # com runbot: 154 - 172 // test_mail only: 154 - 169
rec = self.env['mail.test.full'].create({
'name': 'Test',
'umbrella_id': umbrella_id,
@@ -532,7 +532,7 @@ def test_complex_tracking_subscription_subtype(self):
})
self.assertEqual(rec.message_partner_ids, self.user_portal.partner_id | self.env.user.partner_id)
self.assertEqual(len(rec.message_ids), 1)
with self.assertQueryCount(__system__=99, emp=122): # com runbot: 99 - 122 // test_mail only: 99 - 119
with self.assertQueryCount(__system__=99, emp=123): # com runbot: 99 - 123 // test_mail only: 99 - 120
rec.write({
'name': 'Test2',
'umbrella_id': self.umbrella.id,
@@ -568,7 +568,7 @@ def test_complex_tracking_subscription_write(self):
})
self.assertEqual(rec.message_partner_ids, self.user_portal.partner_id | self.env.user.partner_id)

with self.assertQueryCount(__system__=104, emp=126): # test_mail only: 104 - 123
with self.assertQueryCount(__system__=104, emp=127): # test_mail only: 104 - 124
rec.write({
'name': 'Test2',
'umbrella_id': umbrella_id,
@@ -600,7 +600,7 @@ def test_complex_tracking_template(self):
})
self.assertEqual(rec.message_partner_ids, self.partners | self.env.user.partner_id | self.user_portal.partner_id)

with self.assertQueryCount(__system__=51, emp=66): # test_mail only: 51 - 66
with self.assertQueryCount(__system__=51, emp=56): # test_mail only: 51 - 56
rec.write({
'name': 'Test2',
'customer_id': customer_id,

0 comments on commit 106c61b

Please sign in to comment.
You can’t perform that action at this time.