Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FW][FIX] website: neutralize recursion when determining current website #163625

Closed
wants to merge 1 commit into from
Closed

[FW][FIX] website: neutralize recursion when determining current website #163625

wants to merge 1 commit into from

Conversation

fw-bot
Copy link
Contributor

@fw-bot fw-bot commented Apr 26, 2024

If an ir.rule about websites involves obtaining the rule's evaluation
context, an infinite recursion happens right after login:

  • the _login tries to create a res.users.log record which needs to
    resolve the ACL
  • to do this _eval_context() is called on ir.rule, which in its
    website module override uses get_current_website()
  • in turn, this calls website's _get_current_website_id() which is
    not cached yet
  • this involves a search() on website which needs to resolve the ACL
  • to do this _eval_context() is again called on ir.rule, causing the
    loop

This commit prevent this infinite recursion by disabling the ACL check
when determining the current website id in get_current_website(),
similarly to what is done in 1 in future versions.

Steps to reproduce:

  • Create a rule about website with domain_force set to
    [(1, '=', 1)].
  • Log in from an incognito browser.

=> Error 500 because of an infinite recursion.

task-3884701
opw-3603541

Forward-Port-Of: #162892

@robodoo
Copy link
Contributor

robodoo commented Apr 26, 2024

Pull request status dashboard.

@fw-bot
Copy link
Contributor Author

fw-bot commented Apr 26, 2024

@bso-odoo @rdeodoo cherrypicking of pull request #162892 failed.

stdout:

Auto-merging addons/website/models/website.py
CONFLICT (content): Merge conflict in addons/website/models/website.py
Auto-merging addons/website/tests/test_get_current_website.py
CONFLICT (content): Merge conflict in addons/website/tests/test_get_current_website.py

stderr:

19:58:21.673156 git.c:463               trace: built-in: git cherry-pick 4c26b2551da2068af9cfcd515aa79297690d696b
error: could not apply 4c26b2551da2... [FIX] website: neutralize recursion when determining current website
hint: After resolving the conflicts, mark them with
hint: "git add/rm <pathspec>", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
----------
status:

Either perform the forward-port manually (and push to this branch, proceeding as usual) or close this PR (maybe?).

In the former case, you may want to edit this PR message as well.

⚠️ after resolving this conflict, you will need to merge it via @robodoo.

More info at https://github.com/odoo/odoo/wiki/Mergebot#forward-port

@C3POdoo C3POdoo added the OE the report is linked to a support ticket (opw-...) label Apr 26, 2024
@robodoo robodoo added forwardport This PR was created by @fw-bot conflict There was an error while creating this forward-port PR labels Apr 26, 2024
@bso-odoo
[FIX] website: neutralize recursion when determining current website
e86fecc 
If an `ir.rule` about websites involves obtaining the rule's evaluation
context, an infinite recursion happens right after login:
- the `_login` tries to create a `res.users.log` record which needs to
resolve the ACL
- to do this `_eval_context()` is called on `ir.rule`, which in its
`website` module override uses `get_current_website()`
- in turn, this calls `website`'s `_get_current_website_id()` which is
not cached yet
- this involves a `search()` on `website` which needs to resolve the ACL
- to do this `_eval_context()` is again called on `ir.rule`, causing the
loop

This commit prevent this infinite recursion by disabling the ACL check
when determining the current website id in `get_current_website()`,
similarly to what is done in [1] in future versions.

Steps to reproduce:
- Create a rule about `website` with `domain_force` set to
`[(1, '=', 1)]`.
- Log in from an incognito browser.

=> Error 500 because of an infinite recursion.

[1]: odoo@c68fa61#diff-5e92e473fa4d3da6db7ef727fb217dad51ef6c2383913edca73fe040a23e82c2R978

task-3884701
opw-3603541

X-original-commit: c4a2f75
@bso-odoo bso-odoo force-pushed the 16.0-15.0-recursive_current_website-bso-65wo-fw branch from abcd196 to e86fecc Compare April 29, 2024 09:19
@C3POdoo C3POdoo requested a review from a team April 29, 2024 09:23
@fw-bot fw-bot mentioned this pull request Apr 30, 2024
Closed
@bso-odoo
Copy link
Contributor

@robodoo r+

robodoo pushed a commit that referenced this pull request Apr 30, 2024
@bso-odoo
[FIX] website: neutralize recursion when determining current website
c5be302 
If an `ir.rule` about websites involves obtaining the rule's evaluation
context, an infinite recursion happens right after login:
- the `_login` tries to create a `res.users.log` record which needs to
resolve the ACL
- to do this `_eval_context()` is called on `ir.rule`, which in its
`website` module override uses `get_current_website()`
- in turn, this calls `website`'s `_get_current_website_id()` which is
not cached yet
- this involves a `search()` on `website` which needs to resolve the ACL
- to do this `_eval_context()` is again called on `ir.rule`, causing the
loop

This commit prevent this infinite recursion by disabling the ACL check
when determining the current website id in `get_current_website()`,
similarly to what is done in [1] in future versions.

Steps to reproduce:
- Create a rule about `website` with `domain_force` set to
`[(1, '=', 1)]`.
- Log in from an incognito browser.

=> Error 500 because of an infinite recursion.

[1]: c68fa61#diff-5e92e473fa4d3da6db7ef727fb217dad51ef6c2383913edca73fe040a23e82c2R978

task-3884701
opw-3603541

closes #163625

X-original-commit: c4a2f75
Signed-off-by: Romain Derie (rde) <rde@odoo.com>
Signed-off-by: Benoit Socias (bso) <bso@odoo.com>
@fw-bot fw-bot mentioned this pull request Apr 30, 2024
Closed
@robodoo robodoo closed this Apr 30, 2024
@fw-bot fw-bot mentioned this pull request Apr 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
conflict There was an error while creating this forward-port PR forwardport This PR was created by @fw-bot OE the report is linked to a support ticket (opw-...)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@fw-bot @robodoo @bso-odoo @C3POdoo