Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[FIX] web_editor, website: prevent deletion of used attachment
The deletion of used attachments from the media dialog is prevented since [1]. It is possible that it worked at the time, but that it stopped working in [2] when the routes for attachments have been updated. Also, it only checked for the presence of attachments in views, ignoring other HTML fields. This commit fixes the existing mechanism and also limits the search on views to QWeb views, and adds the check across other HTML fields. The fields inside ir.action models and mail messages are explicitly blacklisted, similarly to what exists in 15.0. This commit also detects non-image attachments which are obtained through the `/web/content/...` route. It also adapts the link within the warning so that the website page of the blocking object is reached if there is one, otherwise it falls back onto the backend page of the object. In 15.0, the list of fields should be obtained from `website`'s `_get_html_fields` instead of duplicating its mechanism. In 16.0, apply the same principle to the menu dependencies which were restored by [3] and [4]. Steps to reproduce: - Drop a Text - Image block on a website page/a product page. - Upload an attachment in that block. - Save. - Edit another page. - In the media dialog, delete the uploaded attachment. => Attachment is deleted and page contains a missing image/document. [1]: e78a3b1 [2]: 6baf611 [3]: 11db2f6 [4]: 6ac17b9 task-3223788
- Loading branch information
Showing
8 changed files
with
223 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# -*- coding: utf-8 -*- | ||
# Part of Odoo. See LICENSE file for full copyright and licensing details. | ||
|
||
from odoo import api, models | ||
|
||
|
||
class BaseModel(models.AbstractModel): | ||
_inherit = 'base' | ||
|
||
@api.model | ||
def _get_examined_html_fields(self): | ||
""" Returns an array of (model name, field name, domain, requires full | ||
scan boolean) indicating which HTML field values should be | ||
examined when using find_in_html_field. | ||
""" | ||
return [('ir.ui.view', 'arch_db', [('type', '=', 'qweb')], True)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
# -*- encoding: utf-8 -*- | ||
# Part of Odoo. See LICENSE file for full copyright and licensing details. | ||
|
||
SCAN_MAX_COUNT = 1000 | ||
|
||
def find_in_html_field(env, html_escaped_likes): | ||
""" Returns models where the likes appear inside HTML fields. | ||
:param env: env | ||
:param html_escaped_likes: array of string to include as values of | ||
domain 'like'. Values must be HTML escaped. | ||
:returns PNG image converted from given font | ||
""" | ||
all_matches = [] | ||
big_models = [] | ||
sudo_models = [] | ||
for model_name, field_name, domain, requires_full_scan in env['base']._get_examined_html_fields(): | ||
if not requires_full_scan: | ||
if model_name in big_models: | ||
continue | ||
if env[model_name].sudo().with_context(active_test=False).search_count([]) > SCAN_MAX_COUNT: | ||
big_models.append(model_name) | ||
continue | ||
likes = [(field_name, 'like', like) for like in html_escaped_likes] | ||
domain.extend([ | ||
*(['|'] * (len(likes) - 1)), | ||
*likes, | ||
]) | ||
matches = env[model_name] | ||
if matches.check_access_rights('read', raise_exception=False): | ||
matches = matches.with_context(active_test=False).search(domain) | ||
all_matches.append(matches) | ||
continue | ||
if model_name in sudo_models: | ||
continue | ||
sudo_matches = env[model_name].sudo().with_context(active_test=False).search(domain, limit=1) | ||
if sudo_matches: | ||
sudo_models.append(model_name) | ||
return { | ||
'matches': all_matches, | ||
'skipped_models': big_models, | ||
'access_models': sudo_models, | ||
} if matches or big_models or sudo_models else None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters