admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(simple-editor): HTML in chatter + library form + expand per-step inline edit

Browse Source 
Three fixes from user feedback:

1. Chatter posting raw HTML
   _AUDIT_BODY in migration 19.0.18.8.0 was a plain str with <p>
   tags. message_post escaped it for safety, so the chatter pill
   rendered '<p><strong>...</strong></p>' literally to the recipe
   author. Wrapped in markupsafe.Markup so Odoo recognises it as
   safe HTML. Going forward: ANY message_post body containing HTML
   tags MUST be wrapped in Markup() — most callers already do this,
   the migration script was the outlier.

2. Library template editor showed raw <p> tags
   onOpenLibraryEdit was JSON-cloning the payload directly without
   running description through the existing _htmlToText helper that
   the per-step editor uses. Added the conversion. Save path
   (onSaveLibraryEditor + library_save) already wraps via
   _textToHtml so storage stays HTML-compatible.

3. Per-step inline form was missing critical fields — user had to
   delete + re-add a step to change Type/workflow trigger/parallel/signoff
   onToggleEdit now also captures default_kind, triggers_workflow_state_id,
   parallel_start, requires_signoff into the edit state. onSaveStep
   sends them in the write vals. Added _fpResetStepEdit helper to
   keep open/cancel/save reset paths in sync.

   New per-step form has:
     * Step Type (Default Kind) dropdown — drives workflow milestone
       triggers + step-kind routing (e.g. contract_review opens QA-005)
     * Triggers Workflow State dropdown (Sub 14) — per-step override
     * Parallel Start checkbox (Sub 13)
     * Require QA Sign-off checkbox

   step_write controller endpoint also gained a field whitelist —
   was previously accepting any vals dict from the client (security
   hole + opaque to maintainers).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
gsinghpal
2026-05-04 00:24:40 -04:00
parent d6bd43b76e
commit 3cc393454d
5 changed files with 159 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
fusion_plating/fusion_plating/migrations/19.0.18.8.0/post-migrate.py
View File

@@ -27,10 +27,15 @@ have a paper trail.
import logging
from markupsafe import Markup
_logger = logging.getLogger(__name__)
_AUDIT_BODY = (
# Wrapped in Markup so Odoo's message_post recognises it as safe HTML
# instead of escaping the tags. Without Markup, the chatter pill renders
# the raw "<p><strong>...</strong></p>" string literally to the operator.
_AUDIT_BODY = Markup(
'<p><strong>Recipe migrated to v19.0.18.8.0 step layout.</strong></p>'
'<p>Step nodes that were direct children of this recipe (Simple '
'Editor authoring) have been promoted to operation nodes so they '