[12.0][MIG] web_notify #1071
[12.0][MIG] web_notify #1071
Conversation
This technical module allows you to send instant notification messages from the server to the user in live.
Fix a check when comparing a user count with items within a mock call. The previous method was succeeding by pure luck because OCA test databases contain 2 users, which happens to be the amount of items within a mock "call_args" (it contains args + kwargs).
- Use the 'session' class of the JS Framework (session no lounger bound to web client) - Test change: compare emitted & received messages based on content, not order. Using string comparison raises false positives.
Currently translated at 100,0% (5 of 5 strings) Translation: web-11.0/web-11.0-web_notify Translate-URL: https://translation.odoo-community.org/projects/web-11-0/web-11-0-web_notify/pt_BR/
Currently translated at 40.0% (2 of 5 strings) Translation: web-11.0/web-11.0-web_notify Translate-URL: https://translation.odoo-community.org/projects/web-11-0/web-11-0-web_notify/da/
Only the admin user (sudo) is allowed to send notifications to other users. The normal users can only send notifications to themselves. This is to prevent attackers to craft malicious notifications and send them to other users using RPC. Correction based on the idea of @hbrunn
aitorbouzas
force-pushed
the
12.0-mig-web_notify
branch
from
534ec53 to
747789f
Compare
|
Maybe we can add as demo data a button (or 2, one for each kind of notification) on user form for launching a default notification, which can be done using the message as keyword argument, and this way, we can self-test the module. What do you think? |
|
@pedrobaeza Awesome. Maybe we can show the buttons only when debug mode is active? |
|
Well, if we load them as demo, that extra layer maybe is not needed, but it's up to you to decide which one is best. |
aitorbouzas
force-pushed
the
12.0-mig-web_notify
branch
from
747789f to
1aa6000
Compare
|
@pedrobaeza Added the buttons and updated USAGE.rst to show how to test it. |
aitorbouzas
force-pushed
the
12.0-mig-web_notify
branch
from
1aa6000 to
490e571
Compare
|
Uhm, maybe there's an argument mix, but I'm testing on runbot and can't get the notification. I think it's better to put the buttons on user form, not user preferences. Being a popup can also waste a bit. |
|
I'm getting the notifications correctly in my local environment... That's strange, can I check runbot's Odoo log? |
|
Ok, I think I know the reason why it fails, could it be due to have more than 1 worker in runbot? |
web_notify/models/res_users.py
Outdated
| 'title': title, | ||
| 'sticky': sticky | ||
| } | ||
| notifications = [(getattr(record, channel_name_field), bus_message) |
There was a problem hiding this comment.
don't use getattr, you can access fields in dict-like notation: (record[channel_name_field], bus_message)
There was a problem hiding this comment.
Thanks! It could be also a security problem. Bad habit to use getattr...
web_notify/models/res_users.py
Outdated
| 'notify_warning_channel_name', message, title, sticky) | ||
|
|
||
| def _notify_channel(self, channel_name_field, message, title, sticky): | ||
| if (self.env.uid != SUPERUSER_ID |
There was a problem hiding this comment.
I know this a recent patch but: wouldn't be better to check for a group or to use self.env.user._is_admin()?
/cc @hbrunn
|
@aitorbouzas seems good: pls, squash your commits :) |
aitorbouzas
force-pushed
the
12.0-mig-web_notify
branch
from
8ba6c0d to
f57d7bf
Compare
|
@simahawk Squashed! |
|
@aitorbouzas do you really want to keep "Add buttons to users form"? If yes, you must split it as it contains things not related to it. git commit --fixup 1234
git log
1234 A
4323 B
2343 fixup! Athen when you rebase w/ auto-squash (ie: xxx web_notify: migrate to v11
yyy web_notify: add buttons to users form
zzz web_notify: improve security check
Do not rely on SUPERUSER_ID:
delegate higher permisions check to `user._is_admin()`.
Improves https://github.com/OCA/web/pull/1071/commits/ae8e4ec59deea6063bd912d6be0f62e4e5a8bc3bkind of... 😉 |
Add self-test buttons in demo environment, Updated readme to show how to test it. Add buttons to users form Do not rely on SUPERUSER_ID and avoid getattr usage
aitorbouzas
force-pushed
the
12.0-mig-web_notify
branch
from
f57d7bf to
fbb550f
Compare
|
@simahawk resquashed commits and reworded some. How's it now? |
|
@JayVora-SerpentCS ok for you? |
|
well, seem so, his comment is attended anyway. |
|
@simahawk Thank you for the reviews! |
|
Does it also solve the known issue of it with workers ? |
|
@JayVora-SerpentCS it doesn't, anyway I don't know if workers are the reason of the problem. It was just a supposition. Has this happened to you too? |
|
Happened once. I have @serpentcs-dev1 check it once. |
Migrated and tested. Minor changes in JS.
Messed up the commit history in #1070
CC for help with JS/code review: @lmignon @JayVora-SerpentCS