def run_action_code_multi(self, action, eval_context=None):
safe_eval(action.sudo().code.strip(),
eval_context,
mode="exec",
nocopy=True) # nocopy allows to return 'action'
if 'action' in eval_context:
return eval_context['action']
def _satisfy_condition(self, localdict):
"""
@param contract_id: id of hr.contract to be tested
@return: returns True if the given rule match the condition for the given contract. Return False otherwise.
"""
self.ensure_one()
if self.condition_select == 'none':
return True
elif self.condition_select == 'range':
try:
result = safe_eval(self.condition_range, localdict)
return self.condition_range_min <= result and result <= self.condition_range_max or False
except:
raise UserError(
_('Wrong range condition defined for salary rule %s (%s).')
% (self.name, self.code))
else: # python code
try:
safe_eval(self.condition_python,
localdict,
mode='exec',
nocopy=True)
return 'result' in localdict and localdict['result'] or False
except:
raise UserError(
_('Wrong python condition defined for salary rule %s (%s).'
) % (self.name, self.code))
def compute_all(self,
price_unit,
currency=None,
quantity=1.0,
product=None,
partner=None):
taxes = self.filtered(lambda r: r.amount_type != 'code')
company = self.env.user.company_id
for tax in self.filtered(lambda r: r.amount_type == 'code'):
localdict = {
'price_unit': price_unit,
'quantity': quantity,
'product': product,
'partner': partner,
'company': company
}
safe_eval(tax.python_applicable,
localdict,
mode="exec",
nocopy=True)
if localdict.get('result', False):
taxes += tax
return super(AccountTaxPython,
taxes).compute_all(price_unit, currency, quantity,
product, partner)
def format(self, percent, value, grouping=False, monetary=False):
""" Format() will return the language-specific output for float values"""
self.ensure_one()
if percent[0] != '%':
raise ValueError(
_("format() must be given exactly one %char format specifier"))
formatted = percent % value
# floats and decimal ints need special action!
if grouping:
lang_grouping, thousands_sep, decimal_point = self._data_get(
monetary)
eval_lang_grouping = safe_eval(lang_grouping)
if percent[-1] in 'eEfFgG':
parts = formatted.split('.')
parts[0] = intersperse(parts[0], eval_lang_grouping,
thousands_sep)[0]
formatted = decimal_point.join(parts)
elif percent[-1] in 'diu':
formatted = intersperse(formatted, eval_lang_grouping,
thousands_sep)[0]
return formatted
def postprocess_pdf_report(self, record, buffer):
'''Hook to handle post processing during the pdf report generation.
The basic behavior consists to create a new attachment containing the pdf
base64 encoded.
:param record_id: The record that will own the attachment.
:param pdf_content: The optional name content of the file to avoid reading both times.
:return: The newly generated attachment if no AccessError, else None.
'''
attachment_name = safe_eval(self.attachment, {
'object': record,
'time': time
})
if not attachment_name:
return None
attachment_vals = {
'name': attachment_name,
'datas': base64.encodestring(buffer.getvalue()),
'datas_fname': attachment_name,
'res_model': self.model,
'res_id': record.id,
}
attachment = None
try:
attachment = self.env['ir.attachment'].create(attachment_vals)
except AccessError:
_logger.info("Cannot save PDF report %r as attachment",
attachment_vals['name'])
else:
_logger.info('The PDF document %s is now saved in the database',
attachment_vals['name'])
return attachment
def message_get_email_values(self, notif_mail=None):
self.ensure_one()
res = super(Channel,
self).message_get_email_values(notif_mail=notif_mail)
headers = {}
if res.get('headers'):
try:
headers.update(safe_eval(res['headers']))
except Exception:
pass
headers['Precedence'] = 'list'
# avoid out-of-office replies from MS Exchange
# http://blogs.technet.com/b/exchange/archive/2006/10/06/3395024.aspx
headers['X-Auto-Response-Suppress'] = 'OOF'
if self.alias_domain and self.alias_name:
headers['List-Id'] = '<%s.%s>' % (self.alias_name,
self.alias_domain)
headers['List-Post'] = '<mailto:%s@%s>' % (self.alias_name,
self.alias_domain)
# Avoid users thinking it was a personal message
# X-Forge-To: will replace To: after SMTP envelope is determined by ir.mail.server
list_to = '"%s" <%s@%s>' % (self.name, self.alias_name,
self.alias_domain)
headers['X-Forge-To'] = list_to
res['headers'] = repr(headers)
return res
def _check_alias_defaults(self):
try:
dict(safe_eval(self.alias_defaults))
except Exception:
raise ValidationError(
_('Invalid expression, it must be a literal python dictionary definition e.g. "{\'field\': \'value\'}"'
))
def action_launch(self, context=None):
""" Launch Action of Wizard"""
self.ensure_one()
self.write({'state': 'done'})
# Load action
action = self.env[self.action_id.type].browse(self.action_id.id)
result = action.read()[0]
if action._name != 'ir.actions.act_window':
return result
result.setdefault('context', '{}')
# Open a specific record when res_id is provided in the context
ctx = safe_eval(result['context'], {'user': self.env.user})
if ctx.get('res_id'):
result['res_id'] = ctx.pop('res_id')
# disable log for automatic wizards
ctx['disable_log'] = True
result['context'] = ctx
return result
def _get_price_from_picking(self, total, weight, volume, quantity):
price = 0.0
criteria_found = False
price_dict = {
'price': total,
'volume': volume,
'weight': weight,
'wv': volume * weight,
'quantity': quantity
}
for line in self.price_rule_ids:
test = safe_eval(
line.variable + line.operator + str(line.max_value),
price_dict)
if test:
price = line.list_base_price + line.list_price * price_dict[
line.variable_factor]
criteria_found = True
break
if not criteria_found:
raise UserError(
_("No price rule matching this order; delivery cost cannot be computed."
))
return price
def execute_code(self, code_exec):
def reconciled_inv():
"""
returns the list of invoices that are set as reconciled = True
"""
return self.env['account.invoice'].search([('reconciled', '=', True)]).ids
def order_columns(item, cols=None):
"""
This function is used to display a dictionary as a string, with its columns in the order chosen.
:param item: dict
:param cols: list of field names
:returns: a list of tuples (fieldname: value) in a similar way that would dict.items() do except that the
returned values are following the order given by cols
:rtype: [(key, value)]
"""
if cols is None:
cols = list(item)
return [(col, item.get(col)) for col in cols if col in item]
localdict = {
'cr': self.env.cr,
'uid': self.env.uid,
'reconciled_inv': reconciled_inv, # specific function used in different tests
'result': None, # used to store the result of the test
'column_order': None, # used to choose the display order of columns (in case you are returning a list of dict)
'_': _,
}
safe_eval(code_exec, localdict, mode="exec", nocopy=True)
result = localdict['result']
column_order = localdict.get('column_order', None)
if not isinstance(result, (tuple, list, set)):
result = [result]
if not result:
result = [_('The test was passed successfully')]
else:
def _format(item):
if isinstance(item, dict):
return ', '.join(["%s: %s" % (tup[0], tup[1]) for tup in order_columns(item, column_order)])
else:
return item
result = [_format(rec) for rec in result]
return result
def generate(self, uid, dom=None, args=None):
Model = request.env[self.model].sudo(uid)
domain = safe_eval(self.domain, (args or {}).copy())
if dom:
domain += dom
for record in Model.search_read(domain=domain, fields=['write_date', Model._rec_name]):
if record.get(Model._rec_name, False):
yield {'loc': (record['id'], record[Model._rec_name])}
def action_view_all_rating(self):
""" return the action to see all the rating of the project, and activate default filters """
action = self.env['ir.actions.act_window'].for_xml_id('rating_project', 'rating_rating_action_view_project_rating')
action['name'] = _('Ratings of %s') % (self.name,)
action_context = safe_eval(action['context']) if action['context'] else {}
action_context.update(self._context)
action_context['search_default_rating_tasks'] = 1
return dict(action, context=action_context)
def _filter_post(self, records):
""" Filter the records that satisfy the postcondition of action ``self``. """
if self.filter_domain and records:
domain = [('id', 'in', records.ids)] + safe_eval(
self.filter_domain, self._get_eval_context())
return records.search(domain)
else:
return records
def get_google_drive_config(self, res_model, res_id):
'''
Function called by the js, when no google doc are yet associated with a record, with the aim to create one. It
will first seek for a google.docs.config associated with the model `res_model` to find out what's the template
of google doc to copy (this is usefull if you want to start with a non-empty document, a type or a name
different than the default values). If no config is associated with the `res_model`, then a blank text document
with a default name is created.
:param res_model: the object for which the google doc is created
:param ids: the list of ids of the objects for which the google doc is created. This list is supposed to have
a length of 1 element only (batch processing is not supported in the code, though nothing really prevent it)
:return: the config id and config name
'''
# TO DO in master: fix my signature and my model
if isinstance(res_model, pycompat.string_types):
res_model = self.env['ir.model'].search([('model', '=', res_model)
]).id
if not res_id:
raise UserError(
_("Creating google drive may only be done by one at a time."))
# check if a model is configured with a template
configs = self.search([('model_id', '=', res_model)])
config_values = []
for config in configs.sudo():
if config.filter_id:
if config.filter_id.user_id and config.filter_id.user_id.id != self.env.user.id:
#Private
continue
domain = [('id', 'in', [res_id])] + safe_eval(
config.filter_id.domain)
additionnal_context = safe_eval(config.filter_id.context)
google_doc_configs = self.env[
config.filter_id.model_id].with_context(
**additionnal_context).search(domain)
if google_doc_configs:
config_values.append({
'id': config.id,
'name': config.name
})
else:
config_values.append({'id': config.id, 'name': config.name})
return config_values
def _compute_rule(self, localdict):
"""
:param localdict: dictionary containing the environement in which to compute the rule
:return: returns a tuple build as the base/amount computed, the quantity and the rate
:rtype: (float, float, float)
"""
self.ensure_one()
if self.amount_select == 'fix':
try:
return self.amount_fix, float(
safe_eval(self.quantity, localdict)), 100.0
except:
raise UserError(
_('Wrong quantity defined for salary rule %s (%s).') %
(self.name, self.code))
elif self.amount_select == 'percentage':
try:
return (float(safe_eval(self.amount_percentage_base,
localdict)),
float(safe_eval(self.quantity,
localdict)), self.amount_percentage)
except:
raise UserError(
_('Wrong percentage base or quantity defined for salary rule %s (%s).'
) % (self.name, self.code))
else:
try:
safe_eval(self.amount_python_compute,
localdict,
mode='exec',
nocopy=True)
return float(
localdict['result']
), 'result_qty' in localdict and localdict[
'result_qty'] or 1.0, 'result_rate' in localdict and localdict[
'result_rate'] or 100.0
except:
raise UserError(
_('Wrong python code defined for salary rule %s (%s).') %
(self.name, self.code))
def _compute_amount(self,
base_amount,
price_unit,
quantity=1.0,
product=None,
partner=None):
self.ensure_one()
if self.amount_type == 'code':
company = self.env.user.company_id
localdict = {
'base_amount': base_amount,
'price_unit': price_unit,
'quantity': quantity,
'product': product,
'partner': partner,
'company': company
}
safe_eval(self.python_compute, localdict, mode="exec", nocopy=True)
return localdict['result']
return super(AccountTaxPython,
self)._compute_amount(base_amount, price_unit, quantity,
product, partner)
def transfer_node_to_modifiers(node, modifiers, context=None, in_tree_view=False):
if node.get('attrs'):
modifiers.update(safe_eval(node.get('attrs')))
if node.get('states'):
if 'invisible' in modifiers and isinstance(modifiers['invisible'], list):
# TODO combine with AND or OR, use implicit AND for now.
modifiers['invisible'].append(('state', 'not in', node.get('states').split(',')))
else:
modifiers['invisible'] = [('state', 'not in', node.get('states').split(','))]
for a in ('invisible', 'readonly', 'required'):
if node.get(a):
v = bool(safe_eval(node.get(a), {'context': context or {}}))
if in_tree_view and a == 'invisible':
# Invisible in a tree view has a specific meaning, make it a
# new key in the modifiers attribute.
modifiers['column_invisible'] = v
elif v or (a not in modifiers or not isinstance(modifiers[a], list)):
# Don't set the attribute to False if a dynamic value was
# provided (i.e. a domain from attrs or states).
modifiers[a] = v
def eval_value(self, eval_context=None):
result = dict.fromkeys(self.ids, False)
for line in self:
expr = line.value
if line.type == 'equation':
expr = safe_eval(line.value, eval_context)
elif line.col1.ttype in ['many2one', 'integer']:
try:
expr = int(line.value)
except Exception:
pass
result[line.id] = expr
return result
def message_get_email_values(self, notif_mail=None):
res = super(Task, self).message_get_email_values(notif_mail=notif_mail)
headers = {}
if res.get('headers'):
try:
headers.update(safe_eval(res['headers']))
except Exception:
pass
if self.project_id:
current_objects = [h for h in headers.get('X-GECOERP-Objects', '').split(',') if h]
current_objects.insert(0, 'project.project-%s, ' % self.project_id.id)
headers['X-GECOERP-Objects'] = ','.join(current_objects)
if self.tag_ids:
headers['X-GECOERP-Tags'] = ','.join(self.tag_ids.mapped('name'))
res['headers'] = repr(headers)
return res
def _check(self, automatic=False, use_new_cursor=False):
""" This Function is called by scheduler. """
if '__action_done' not in self._context:
self = self.with_context(__action_done={})
# retrieve all the action rules to run based on a timed condition
eval_context = self._get_eval_context()
for action in self.with_context(active_test=True).search([
('trigger', '=', 'on_time')
]):
last_run = fields.Datetime.from_string(
action.last_run) or datetime.datetime.utcfromtimestamp(0)
# retrieve all the records that satisfy the action's condition
domain = []
context = dict(self._context)
if action.filter_domain:
domain = safe_eval(action.filter_domain, eval_context)
records = self.env[action.model_name].with_context(context).search(
domain)
# determine when action should occur for the records
if action.trg_date_id.name == 'date_action_last' and 'create_date' in records._fields:
get_record_dt = lambda record: record[action.trg_date_id.name
] or record.create_date
else:
get_record_dt = lambda record: record[action.trg_date_id.name]
# process action on the records that should be executed
now = datetime.datetime.now()
for record in records:
record_dt = get_record_dt(record)
if not record_dt:
continue
action_dt = self._check_delay(action, record, record_dt)
if last_run <= action_dt < now:
try:
action._process(record)
except Exception:
_logger.error(traceback.format_exc())
action.write(
{'last_run': now.strftime(DEFAULT_SERVER_DATETIME_FORMAT)})
if automatic:
# auto-commit for batch processing
self._cr.commit()
def retrieve_attachment(self, record):
'''Retrieve an attachment for a specific record.
:param record: The record owning of the attachment.
:param attachment_name: The optional name of the attachment.
:return: A recordset of length <=1 or None
'''
attachment_name = safe_eval(self.attachment, {
'object': record,
'time': time
})
if not attachment_name:
return None
return self.env['ir.attachment'].search(
[('datas_fname', '=', attachment_name),
('res_model', '=', self.model), ('res_id', '=', record.id)],
limit=1)
def message_get_email_values(self, notif_mail=None):
self.ensure_one()
res = super(MailGroup, self).message_get_email_values(notif_mail=notif_mail)
base_url = self.env['ir.config_parameter'].sudo().get_param('web.base.url')
headers = {}
if res.get('headers'):
try:
headers = safe_eval(res['headers'])
except Exception:
pass
headers.update({
'List-Archive': '<%s/groups/%s>' % (base_url, slug(self)),
'List-Subscribe': '<%s/groups>' % (base_url),
'List-Unsubscribe': '<%s/groups?unsubscribe>' % (base_url,),
})
res['headers'] = repr(headers)
return res
def action_view_project_ids(self):
self.ensure_one()
if len(self.project_ids) == 1:
if self.env.user.has_group("hr_timesheet.group_hr_timesheet_user"):
action = self.project_ids.action_view_timesheet_plan()
else:
action = self.env.ref("project.act_project_project_2_project_task_all").read()[0]
action['context'] = safe_eval(action.get('context', '{}'), {'active_id': self.project_ids.id, 'active_ids': self.project_ids.ids})
else:
view_form_id = self.env.ref('project.edit_project').id
view_kanban_id = self.env.ref('project.view_project_kanban').id
action = {
'type': 'ir.actions.act_window',
'domain': [('id', 'in', self.project_ids.ids)],
'views': [(view_kanban_id, 'kanban'), (view_form_id, 'form')],
'view_mode': 'kanban,form',
'name': _('Projects'),
'res_model': 'project.project',
}
return action
def _check_domain_validity(self):
# take admin as should always be present
for definition in self:
if definition.computation_mode not in ('count', 'sum'):
continue
Obj = self.env[definition.model_id.model]
try:
domain = safe_eval(definition.domain,
{'user': self.env.user.sudo(self.env.user)})
# dummy search to make sure the domain is valid
Obj.search_count(domain)
except (ValueError, SyntaxError) as e:
msg = e
if isinstance(e, SyntaxError):
msg = (e.msg + '\n' + e.text)
raise exceptions.UserError(
_("The domain for the definition %s seems incorrect, please check it.\n\n%s"
) % (definition.name, msg))
return True
def get_action(self):
"""Get the ir.action related to update the goal
In case of a manual goal, should return a wizard to update the value
:return: action description in a dictionary
"""
if self.definition_id.action_id:
# open a the action linked to the goal
action = self.definition_id.action_id.read()[0]
if self.definition_id.res_id_field:
current_user = self.env.user.sudo(self.env.user)
action['res_id'] = safe_eval(self.definition_id.res_id_field,
{'user': current_user})
# if one element to display, should see it in form mode if possible
action['views'] = [(view_id, mode)
for (view_id, mode) in action['views']
if mode == 'form'] or action['views']
return action
if self.computation_mode == 'manually':
# open a wizard window to update the value manually
action = {
'name': _("Update %s") % self.definition_id.name,
'id': self.id,
'type': 'ir.actions.act_window',
'views': [[False, 'form']],
'target': 'new',
'context': {
'default_goal_id': self.id,
'default_current': self.current
},
'res_model': 'gamification.goal.wizard'
}
return action
return False
def get_recipients(self):
if self.mailing_domain:
domain = safe_eval(self.mailing_domain)
res_ids = self.env[self.mailing_model_real].search(domain).ids
else:
res_ids = []
domain = [('id', 'in', res_ids)]
# randomly choose a fragment
if self.contact_ab_pc < 100:
contact_nbr = self.env[self.mailing_model_real].search_count(
domain)
topick = int(contact_nbr / 100.0 * self.contact_ab_pc)
if self.mass_mailing_campaign_id and self.mass_mailing_campaign_id.unique_ab_testing:
already_mailed = self.mass_mailing_campaign_id.get_recipients(
)[self.mass_mailing_campaign_id.id]
else:
already_mailed = set([])
remaining = set(res_ids).difference(already_mailed)
if topick > len(remaining):
topick = len(remaining)
res_ids = random.sample(remaining, topick)
return res_ids
def _compute_domain(self, model_name, mode="read"):
if mode not in self._MODES:
raise ValueError('Invalid mode: %r' % (mode, ))
if self._uid == SUPERUSER_ID:
return None
query = """ SELECT r.id FROM ir_rule r JOIN ir_model m ON (r.model_id=m.id)
WHERE m.model=%s AND r.active AND r.perm_{mode}
AND (r.id IN (SELECT rule_group_id FROM rule_group_rel rg
JOIN res_groups_users_rel gu ON (rg.group_id=gu.gid)
WHERE gu.uid=%s)
OR r.global)
""".format(mode=mode)
self._cr.execute(query, (model_name, self._uid))
rule_ids = [row[0] for row in self._cr.fetchall()]
if not rule_ids:
return []
# browse user and rules as SUPERUSER_ID to avoid access errors!
eval_context = self._eval_context()
user_groups = self.env.user.groups_id
global_domains = [] # list of domains
group_domains = [] # list of domains
for rule in self.browse(rule_ids).sudo():
# evaluate the domain for the current user
dom = safe_eval(rule.domain_force,
eval_context) if rule.domain_force else []
dom = expression.normalize_domain(dom)
if not rule.groups:
global_domains.append(dom)
elif rule.groups & user_groups:
group_domains.append(dom)
# combine global domains and group domains
return expression.AND(global_domains + [expression.OR(group_domains)])
def test_05_safe_eval_forbiddon(self):
""" Try forbidden expressions in safe_eval to verify they are not allowed (open) """
with self.assertRaises(ValueError):
safe_eval('open("/etc/passwd","r")')
def test_01_safe_eval(self):
""" Try a few common expressions to verify they work with safe_eval """
expected = (1, {"a": 9 * 2}, (True, False, None))
actual = safe_eval('(1, {"a": 9 * 2}, (True, False, None))')
self.assertEqual(actual, expected, "Simple python expressions are not working with safe_eval")
def reverse_anonymize_database(self):
"""Set the 'clear' state to defined fields"""
self.ensure_one()
IrModelFieldsAnonymization = self.env['ir.model.fields.anonymization']
# check that all the defined fields are in the 'anonymized' state
state = IrModelFieldsAnonymization._get_global_state()
if state == 'clear':
raise UserError(
_("The database is not currently anonymized, you cannot reverse the anonymization."
))
elif state == 'unstable':
raise UserError(
_("The database anonymization is currently in an unstable state. Some fields are anonymized,"
" while some fields are not anonymized. You should try to solve this problem before trying to do anything."
))
if not self.file_import:
raise UserError('%s: %s' % (
_('Error !'),
_("It is not possible to reverse the anonymization process without supplying the anonymization export file."
)))
# reverse the anonymization:
# load the json/pickle file content into a data structure:
content = base64.decodestring(self.file_import)
try:
data = json.loads(content.decode('utf8'))
except Exception:
# backward-compatible mode
data = pickle.loads(content, encoding='utf8')
fixes = self.env[
'ir.model.fields.anonymization.migration.fix'].search_read([
('target_version', '=', '.'.join(
str(v) for v in version_info[:2]))
], ['model_name', 'field_name', 'query', 'query_type', 'sequence'])
fixes = group(fixes, ('model_name', 'field_name'))
for line in data:
queries = []
table_name = self.env[line['model_id']]._table if line[
'model_id'] in self.env else None
# check if custom sql exists:
key = (line['model_id'], line['field_id'])
custom_updates = fixes.get(key)
if custom_updates:
custom_updates.sort(key=itemgetter('sequence'))
queries = [(record['query'], record['query_type'])
for record in custom_updates
if record['query_type']]
elif table_name:
queries = [(
'update "%(table)s" set "%(field)s" = %%(value)s where id = %%(id)s'
% {
'table': table_name,
'field': line['field_id'],
}, 'sql')]
for query in queries:
if query[1] == 'sql':
self.env.cr.execute(query[0], {
'value': line['value'],
'id': line['id']
})
elif query[1] == 'python':
safe_eval(query[0] % line)
else:
raise Exception(
"Unknown query type '%s'. Valid types are: sql, python."
% (query['query_type'], ))
# update the anonymization fields:
ano_fields = IrModelFieldsAnonymization.search([('state', '!=',
'not_existing')])
ano_fields.write({'state': 'clear'})
# add a result message in the wizard:
self.msg = '\n'.join(["Successfully reversed the anonymization.", ""])
# create a new history record:
history = self.env['ir.model.fields.anonymization.history'].create({
'date':
fields.Datetime.now(),
'field_ids': [[6, 0, ano_fields.ids]],
'msg':
self.msg,
'filepath':
False,
'direction':
'anonymized -> clear',
'state':
'done'
})
return {
'res_id':
self.id,
'view_id':
self.env.ref(
'anonymization.view_ir_model_fields_anonymize_wizard_form').
ids,
'view_type':
'form',
"view_mode":
'form',
'res_model':
'ir.model.fields.anonymize.wizard',
'type':
'ir.actions.act_window',
'context': {
'step': 'just_desanonymized'
},
'target':
'new'
}
