New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FW][FIX] website: neutralize recursion when determining current website #163625
[FW][FIX] website: neutralize recursion when determining current website #163625
Conversation
@bso-odoo @rdeodoo cherrypicking of pull request #162892 failed. stdout:
stderr:
Either perform the forward-port manually (and push to this branch, proceeding as usual) or close this PR (maybe?). In the former case, you may want to edit this PR message as well. More info at https://github.com/odoo/odoo/wiki/Mergebot#forward-port |
If an `ir.rule` about websites involves obtaining the rule's evaluation context, an infinite recursion happens right after login: - the `_login` tries to create a `res.users.log` record which needs to resolve the ACL - to do this `_eval_context()` is called on `ir.rule`, which in its `website` module override uses `get_current_website()` - in turn, this calls `website`'s `_get_current_website_id()` which is not cached yet - this involves a `search()` on `website` which needs to resolve the ACL - to do this `_eval_context()` is again called on `ir.rule`, causing the loop This commit prevent this infinite recursion by disabling the ACL check when determining the current website id in `get_current_website()`, similarly to what is done in [1] in future versions. Steps to reproduce: - Create a rule about `website` with `domain_force` set to `[(1, '=', 1)]`. - Log in from an incognito browser. => Error 500 because of an infinite recursion. [1]: odoo@c68fa61#diff-5e92e473fa4d3da6db7ef727fb217dad51ef6c2383913edca73fe040a23e82c2R978 task-3884701 opw-3603541 X-original-commit: c4a2f75
abcd196
to
e86fecc
Compare
@robodoo r+ |
If an `ir.rule` about websites involves obtaining the rule's evaluation context, an infinite recursion happens right after login: - the `_login` tries to create a `res.users.log` record which needs to resolve the ACL - to do this `_eval_context()` is called on `ir.rule`, which in its `website` module override uses `get_current_website()` - in turn, this calls `website`'s `_get_current_website_id()` which is not cached yet - this involves a `search()` on `website` which needs to resolve the ACL - to do this `_eval_context()` is again called on `ir.rule`, causing the loop This commit prevent this infinite recursion by disabling the ACL check when determining the current website id in `get_current_website()`, similarly to what is done in [1] in future versions. Steps to reproduce: - Create a rule about `website` with `domain_force` set to `[(1, '=', 1)]`. - Log in from an incognito browser. => Error 500 because of an infinite recursion. [1]: c68fa61#diff-5e92e473fa4d3da6db7ef727fb217dad51ef6c2383913edca73fe040a23e82c2R978 task-3884701 opw-3603541 closes #163625 X-original-commit: c4a2f75 Signed-off-by: Romain Derie (rde) <rde@odoo.com> Signed-off-by: Benoit Socias (bso) <bso@odoo.com>
If an
ir.rule
about websites involves obtaining the rule's evaluationcontext, an infinite recursion happens right after login:
_login
tries to create ares.users.log
record which needs toresolve the ACL
_eval_context()
is called onir.rule
, which in itswebsite
module override usesget_current_website()
website
's_get_current_website_id()
which isnot cached yet
search()
onwebsite
which needs to resolve the ACL_eval_context()
is again called onir.rule
, causing theloop
This commit prevent this infinite recursion by disabling the ACL check
when determining the current website id in
get_current_website()
,similarly to what is done in 1 in future versions.
Steps to reproduce:
website
withdomain_force
set to[(1, '=', 1)]
.=> Error 500 because of an infinite recursion.
task-3884701
opw-3603541
Forward-Port-Of: #162892