10000 [FW][FIX] *: domain field: option allow_expressions by fw-bot · Pull Request #210482 · odoo/odoo · GitHub
[go: up one dir, main page]
Skip to content

[FW][FIX] *: domain field: option allow_expressions #210482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

[FW][FIX] *: domain field: option allow_expressions #210482

wants to merge 2 commits into from

Conversation

fw-bot
Copy link
Contributor
@fw-bot fw-bot commented May 17, 2025

Some views use a domain widget to edit/save a domain and use it afterwards in several places where domains must have literals only. Typically, a literal_eval is used to evaluate the (string) domain. Thus expressions like "uid" or "context_today()"" should not be used in those contexts.
Here we introduce an option "allow_expressions" (default False) for the domain field and use it to mark as invalid domains that contain expressions when the option is set to False. A notification is displayed when a domain contains an unwanted expressions.

Since we cannot expect modules like base to be updated, we have to find another system to allow the usage of expressions in the form views for the models ir.filters and base.automation: we simply hardcode those models as allowing expressions. Since for these models, the evaluation of domains is done via safe_eval but with a restricted evaluation context, we also display a notification that alerts the user that the evaluation of expressions (although accepted by the domain field) can fail.

We revert the recent commit a678755 that introduced potentially problematic calls to safe_eval in order to allow evaluation of expressions.

Forward-Port-Of: #210145
Forward-Port-Of: #208876

@Polymorphe57
[FIX] *: domain field: option allow_expressions
b077410 
Some views use a domain widget to edit/save a domain and use it
afterwards in several places where domains must have literals only.
Typically, a literal_eval is used to evaluate the (string) domain. Thus
expressions like "uid" or "context_today()"" should not be used in those
contexts.
Here we introduce an option "allow_expressions" (default False) for the
domain field and use it to mark as invalid domains that contain
expressions when the option is set to False. A notification is displayed
when a domain contains an unwanted expressions.

Since we cannot expect modules like base to be updated, we have to find
another system to allow the usage of expressions in the form views for
the models ir.filters and base.automation: we simply hardcode those
models as allowing expressions. Since for these models, the evaluation
of domains is done via safe_eval but with a restricted evaluation
context, we also display a notification that alerts the user that
8000
 the
evaluation of expressions (although accepted by the domain field) can
fail.

We revert the recent commit odoo@f95c494 that introduced potentially
problematic calls to safe_eval in order to allow evaluation of
expressions.

Forward-port-of: odoo#208876
X-original-commit: ebab15a
@robodoo
Copy link
Contributor
robodoo commented May 17, 2025

Pull request status dashboard

@fw-bot
Copy link
Contributor Author
fw-bot commented May 17, 2025

This PR targets saas-18.1 and is part of the forward-port chain. Further PRs will be created up to master.

More info at https://github.com/odoo/odoo/wiki/Mergebot#forward-port

@robodoo robodoo added the forwardport This PR was created by @fw-bot label May 17, 2025
@fw-bot
Copy link
Contributor Author
fw-bot commented May 17, 2025

@Polymorphe57 @aab-odoo ci/runbot failed on this forward-port PR

@C3POdoo C3POdoo added the RD research & development, internal work label May 17, 2025
@Polymorphe57 Polymorphe57 force-pushed the saas-18.1-17.0-literal-mode-for-domain-field-dam-436392-fw branch from c88bc9f to da8c8f0 Compare May 19, 2025 07:13
@fw-bot
Copy link
Contributor Author
fw-bot commented May 19, 2025

@Polymorphe57 @aab-odoo this PR was modified / updated and has become a normal PR. It must be merged directly.

@Polymorphe57
[FIX] web: domain selector: hide within if allowExpressions = False
ba510c1 
The domain field passes a new prop allowExpressions to the domain
selector. If that prop is false (default true), the within operator is
not proposed for selection for date/datetime fields. This is done to
prevent users to introduce expressions in their domains when they are
not supported.

X-original-commit: e22a5a3
@Polymorphe57 Polymorphe57 force-pushed the saas-18.1-17.0-literal-mode-for-domain-field-dam-436392-fw branch from da8c8f0 to ba510c1 Compare May 19, 2025 07:16
@C3POdoo C3POdoo requested review from a team, aab-odoo and kebeclibre and removed request for a team May 19, 2025 07:16
@Polymorphe57
Copy link
Contributor

@robodoo rebase-ff r+

@robodoo
Copy link
Contributor
robodoo commented May 19, 2025

Merge method set to rebase and fast-forward.

robodoo pushed a commit that referenced this pull request May 19, 2025
@Polymorphe57
[FIX] *: domain field: option allow_expressions
178b4d4 
Some views use a domain widget to edit/save a domain and use it
afterwards in several places where domains must have literals only.
Typically, a literal_eval is used to evaluate the (string) domain. Thus
expressions like "uid" or "context_today()"" should not be used in those
contexts.
Here we introduce an option "allow_expressions" (default False) for the
domain field and use it to mark as invalid domains that contain
expressions when the option is set to False. A notification is displayed
when a domain contains an unwanted expressions.

Since we cannot expect modules like base to be updated, we have to find
another system to allow the usage of expressions in the form views for
the models ir.filters and base.automation: we simply hardcode those
models as allowing expressions. Since for these models, the evaluation
of domains is done via safe_eval but with a restricted evaluation
context, we also display a notification that alerts the user that the
evaluation of expressions (although accepted by the domain field) can
fail.

We revert the recent commit f95c494 that introduced potentially
problematic calls to safe_eval in order to allow evaluation of
expressions.

Forward-port-of: #208876
X-original-commit: ebab15a
Part-of: #210482
Related: odoo/enterprise#85815
Signed-off-by: Aaron Bohy (aab) <aab@odoo.com>
Signed-off-by: Mathieu Duckerts-Antoine (dam) <dam@odoo.com>
robodoo pushed a commit that referenced this pull request May 19, 2025
@Polymorphe57
[FIX] web: domain selector: hide within if allowExpressions = False
019fe32 
The domain field passes a new prop allowExpressions to the domain
selector. If that prop is false (default true), the within operator is
not proposed for selection for date/datetime fields. This is done to
prevent users to introduce expressions in their domains when they are
not supported.

closes #210482

X-original-commit: e22a5a3
Related: odoo/enterprise#85815
Signed-off-by: Aaron Bohy (aab) <aab@odoo.com>
Signed-off-by: Mathieu Duckerts-Antoine (dam) <dam@odoo.com>
@robodoo robodoo closed this May 19, 2025
@fw-bot fw-bot mentioned this pull request May 19, 2025
Closed
@fw-bot fw-bot deleted the saas-18.1-17.0-literal-mode-for-domain-field-dam-436392-fw branch May 26, 2025 11:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aab-odoo aab-odoo Awaiting requested review from aab-odoo aab-odoo was automatically assigned from odoo/rd-framework-js

@kebeclibre kebeclibre Awaiting requested review from kebeclibre kebeclibre was automatically assigned from odoo/rd-framework-js

Assignees
No one assigned
Labels
forwardport This PR was created by @fw-bot RD research & development, internal work
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fw-bot @robodoo @Polymorphe57 @C3POdoo
0