odoo/odoo#164580
Created by fw-bot
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- label
- odoo-dev:master-15.0-recursive_current_website-bso-wkV8-fw
- head
- 19d1d8085f3c209f2b7fd7b40990f1d15900290e
- merged
- 1 year ago by Website, Benoit Socias (bso)
| odoo/odoo | |
|---|---|
| 15.0 | #162892 |
| 16.0 | #163625 |
| saas-16.3 | #163940 |
| saas-16.4 | #163951 |
| 17.0 | #164521 |
| saas-17.1 | #164536 |
| saas-17.2 | #164550 |
| 18.0 | |
| saas-18.1 | |
| saas-18.2 | |
| saas-18.3 | |
| saas-18.4 | |
| master | #164580 |
[FW][FIX] website: neutralize recursion when determining current website
If an ir.rule about websites involves obtaining the rule's evaluation
context, an infinite recursion happens right after login:
- the _login tries to create a res.users.log record which needs to
resolve the ACL
- to do this _eval_context() is called on ir.rule, which in its
website module override uses get_current_website()
- in turn, this calls website's _get_current_website_id() which is
not cached yet
- this involves a search() on website which needs to resolve the ACL
- to do this _eval_context() is again called on ir.rule, causing the
loop
This commit prevent this infinite recursion by disabling the ACL check
when determining the current website id in get_current_website(),
similarly to what is done in 1 in future versions.
Steps to reproduce:
- Create a rule about website with domain_force set to
[(1, '=', 1)].
- Log in from an incognito browser.
=> Error 500 because of an infinite recursion.