odoo/odoo#187974
Created by fw-bot
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- label
- odoo-dev:master-saas-17.2-fix_get_cached_values-pmo-ERw7-fw
- head
- 2227cb8252baae8075a3576a1c319a6c5b6eb0ef
- merged
- 7 months ago by Platform, Paul Morelle (pmo)
| odoo/odoo | |
|---|---|
| saas-17.2 | #187313 |
| saas-17.4 | #187945 |
| 18.0 | #187957 |
| saas-18.1 | |
| saas-18.2 | |
| saas-18.3 | |
| saas-18.4 | |
| master | #187974 |
[FW][FIX] website: fix issues with logout page
The website module overrides ir.http:_get_default_lang, which is called by http_routing's override of ir.http:_match.
In this override, it calls website:_get_cached('default_lang_id') which calls website:_get_cached_values.
However, ir.http:_match is called at a time when the environment hasn't been completely initialized (it will be properly initialized when ir.http:_authenticate is called), and its context language hasn't been checked against activated languages yet.
This means that website:_get_cached_values cannot rely on this language. The first of the two bugs fixed by this commit happens when website has translatable fields. When reading data from the website, the ORM does a prefetch and tries to load this other field, but fails because the language of the context is invalid. The fix is to prefetch manually the four fields that are not translatable and that we want to cache.
The second bug happens specifically on the logout page, which is set as auth='none' by the web module. The website module already overrides the /web/login route to set it as auth='public' in order to be able to read the website. We need to do the same with the /web/session/logout route, so that the page renders properly.
This commit targets saas-17.2 as the first branch because it is fixing two bugs that were introduced as follows, as determined by a git bisect.
- in a3a3650 from #112000 (saas-17.1), the call to /web/session/logout fails with a 500 status (IndexError) because rule.endpoint.routing has no 'no_db' key, in '_serve_ir_http'.
- in 584a172 from #112000 too (saas-17.1), that code is removed, and the error is now a 403 status because it is not possible to read website records without a user. This error is fixed by adding user='public' to the logout route.
- since d01302b from #151502 (saas-17.2), the test added in this commit could reproduce the error in _get_cached_values by accessing the logout route.
As the saas-17.1 is already EOL, we target saas-17.2 and forward-port it to master.
Forward-Port-Of: #187313