8000 [FW][FIX] *: domain field: option allow_expressions by fw-bot · Pull Request #210576 · odoo/odoo · GitHub
[go: up one dir, main page]
Skip to content

[FW][FIX] *: domain field: option allow_expressions #210576

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and 8000 contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

[FW][FIX] *: domain field: option allow_expressions #210576

wants to merge 4 commits into from

Conversation

fw-bot
Copy link
Contributor
@fw-bot fw-bot commented May 19, 2025
edited by Polymorphe57
Loading

Some views use a domain widget to edit/save a domain and use it afterwards in several places where domains must have literals only. Typically, a literal_eval is used to evaluate the (string) domain. Thus expressions like "uid" or "context_today()"" should not be used in those contexts.
Here we introduce an option "allow_expressions" (default False) for the domain field and use it to mark as invalid domains that contain expressions when the option is set to False. A notification is displayed when a domain contains an unwanted expressions.

Since we cannot expect modules like base to be updated, we have to find another system to allow the usage of expressions in the form views for the models ir.filters and base.automation: we simply hardcode those models as allowing expressions. Since for these models, the evaluation of domains is done via safe_eval but with a restricted evaluation context, we also display a notification that alerts the user that the evaluation of expressions (although accepted by the domain field) can fail.

We also revert the commits 8186023 and 4dfdab2 that introduced potentially problematic calls to safe_eval in order to allow evaluation of expressions.

Another commit make the domain field pass a new prop allowExpressions to the domain
selector. If that prop is false (default true), the within operator is not proposed for selection for date/datetime fields. This is done to prevent users to introduce expressions in their domains when they are not supported.

Forward-Port-Of: #210482
Forward-Port-Of: #208876

@robodoo
Copy link
Contributor
robodoo commented May 19, 2025

Pull request status dashboard

@robodoo robodoo added forwardport This PR was created by @fw-bot conflict There was an error while creating this forward-port PR labels May 19, 2025
@fw-bot
Copy link
Contributor Author
fw-bot commented May 19, 2025

@Polymorphe57 @aab-odoo cherrypicking of pull request #208876 failed.

stdout:

Auto-merging addons/mail/tests/test_mail_tools.py
Auto-merging addons/web/i18n/web.pot
Auto-merging addons/web/static/src/core/tree_editor/condition_tree.js
Auto-merging addons/web/static/src/views/fields/domain/domain_field.js
CONFLICT (content): Merge conflict in addons/web/static/src/views/fields/domain/domain_field.js
Auto-merging addons/web/static/tests/core/domain_field.test.js

Either perform the forward-port manually (and push to this branch, proceeding as usual) or close this PR (maybe?).

In the former case, you may want to edit this PR message as well.

⚠️ after resolving this conflict, you will need to merge it via @robodoo.

More info at https://github.com/odoo/odoo/wiki/Mergebot#forward-port

@C3POdoo C3POdoo added the RD research & development, internal work label May 19, 2025
@Polymorphe57 Polymorphe57 force-pushed the saas-18.2-17.0-literal-mode-for-domain-field-dam-436946-fw branch from 98afea6 to 4789cae Compare May 19, 2025 12:19
@Polymorphe57
[REV] mass_mailing: support dynamic domains
ece6b61 
This reverts commit 8186023 that introduced potentially
problematic calls to safe_eval in order to allow evaluation of
expressions.
@Polymorphe57
[REV] website: Supports dynamic domain
66cbfc9 
This reverts commit 4dfdab2 that introduced potentially
problematic calls to safe_eval in order to allow evaluation of
expressions.
@Polymorphe57
[FIX] *: domain field: option allow_expressions
a5df820 
Some views use a domain widget to edit/save a domain and use it
afterwards in several places where domains must have literals only.
Typically, a literal_eval is used to evaluate the (string) domain. Thus
expressions like "uid" or "context_today()"" should not be used in those
contexts.
Here we introduce an option "allow_expressions" (default False) for the
domain field and use it to mark as invalid domains that contain
expressions when the option is set to False. A notification is displayed
when a domain contains an unwanted expressions.

Since we cannot expect modules like base to be updated, we have to find
another system to allow the usage of expressions in the form views for
the models ir.filters and base.automation: we simply hardcode those
models as allowing expressions. Since for these models, the evaluation
of domains is done via safe_eval but with a restricted evaluation
context, we also display a notification that alerts the user that the
evaluation of expressions (although accepted by the domain field) can
fail.
@Polymorphe57 Polymorphe57 force-pushed the saas-18.2-17.0-literal-mode-for-domain-field-dam-436946-fw branch from 4789cae to 822e5ab Compare May 19, 2025 12:21
@C3POdoo C3POdoo requested review from a team, aab-odoo and BastienFafchamps and removed request for a team May 19, 2025 12:32
@Polymorphe57 Polymorphe57 force-pushed the saas-18.2-17.0-literal-mode-for-domain-field-dam-436946-fw branch from 822e5ab to 17fce9c Compare May 19, 2025 13:34
@Polymorphe57
[FIX] web: domain selector: hide within if allowExpressions = False
06c14d9 
The domain field passes a new prop allowExpressions to the domain
selector. If that prop is false (default true), the within operator is
not proposed for selection for date/datetime fields. This is done to
prevent users to introduce expressions in their domains when they are
not supported.
@Polymorphe57 Polymorphe57 force-pushed the saas-18.2-17.0-literal-mode-for-domain-field-dam-436946-fw branch from 17fce9c to 06c14d9 Compare May 19, 2025 13:36
@Polymorphe57
Copy link
Contributor

@robodoo rebase-ff r+

@robodoo
Copy link
Contributor
robodoo commented May 20, 2025

Merge method set to rebase and fast-forward.

robodoo pushed a commit that referenced this pull request May 20, 2025
@Polymorphe57
[REV] mass_mailing: support dynamic domains
435969f 
This reverts commit 8186023 that introduced potentially
problematic calls to safe_eval in order to allow evaluation of
expressions.

Part-of: #210576
Related: odoo/enterprise#85872
Signed-off-by: Aaron Bohy (aab) <aab@odoo.com>
Signed-off-by: Mathieu Duckerts-Antoine (dam) <dam@odoo.com>
robodoo pushed a commit that referenced this pull request May 20, 2025
@Polymorphe57
[REV] website: Supports dynamic domain
d38508d 
This reverts commit 4dfdab2 that introduced potentially
problematic calls to safe_eval in order to allow evaluation of
expressions.

Part-of: #210576
Related: odoo/enterprise#85872
Signed-off-by: Aaron Bohy (aab) <aab@odoo.com>
Signed-off-by: Mathieu Duckerts-Antoine (dam) <dam@odoo.com>
robodoo pushed a commit that referenced this pull request May 20, 2025
@Polymorphe57
[FIX] *: domain field: option allow_expressions
88e18a0 
Some views use a domain widget to edit/save a domain and use it
afterwards in several places where domains must have literals only.
Typically, a literal_eval is used to evaluate the (string) domain. Thus
expressions like "uid" or "context_today()"" should not be used in those
contexts.
Here we introduce an option "allow_expressions" (default False) for the
domain field and use it to mark as invalid domains that contain
expressions when the option is set to False. A notification is displayed
when a domain contains an unwanted expressions.

Since we cannot expect modules like base to be updated, we have to find
another system to allow the usage of expressions in the form views for
the models ir.filters and base.automation: we simply hardcode those
models as allowing expressions. Since for these models, the evaluation
of domains is done via safe_eval but with a restricted evaluation
context, we also display a notification that alerts the user that the
evaluation of expressions (although accepted by the domain field) can
fail.

Part-of: #210576
Related: odoo/enterprise#85872
Signed-off-by: Aaron Bohy (aab) <aab@odoo.com>
Signed-off-by: Mathieu Duckerts-Antoine (dam) <dam@odoo.com>
robodoo pushed a commit that referenced this pull request May 20, 2025
@Polymorphe57
[FIX] web: domain selector: hide within if allowExpressions = False
35fe44a 
The domain field passes a new prop allowExpressions to the domain
selector. If that prop is false (default true), the within operator is
not proposed for selection for date/datetime fields. This is done to
prevent users to introduce expressions in their domains when they are
not supported.

closes #210576

Related: odoo/enterprise#85872
Signed-off-by: Aaron Bohy (aab) <aab@odoo.com>
Signed-off-by: Mathieu Duckerts-Antoine (dam) <dam@odoo.com>
@robodoo robodoo closed this May 20, 2025
@fw-bot fw-bot mentioned this pull request May 20, 2025
Closed
@fw-bot fw-bot deleted the saas-18.2-17.0-literal-mode-for-domain-field-dam-436946-fw branch May 27, 2025 10:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aab-odoo aab-odoo Awaiting requested review from aab-odoo aab-odoo was automatically assigned from odoo/rd-framework-js

@BastienFafchamps BastienFafchamps Awaiting requested review from BastienFafchamps BastienFafchamps was automatically assigned from odoo/rd-framework-js

Assignees
No one assigned
Labels
conflict There was an error while creating this forward-port PR forwardport This PR was created by @fw-bot RD research & development, internal work
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fw-bot @robodoo @Polymorphe57 @C3POdoo
0