There's more...

When using sudo() without an argument, you set the user of the context to the Odoo superuser. This superuser bypasses all the security rules of Odoo, both the access-control lists and the record rules. By default, this user also has a company_id field set to the main company of the instance (the one with an ID of 1). This can be problematic in a multi-company instance:

  • If you are not careful, new records created in this environment will be linked to the company of the superuser.
  • If you are not careful, records searched in this environment may be linked to any company present in the database, which means that you may be leaking information to the real user; worse, you may be silently corrupting the database by linking records that belong to different companies.
When using sudo(), always double-check to ensure that your calls to search() don't rely on the standard record rules to filter the results, and ensure that your calls to create() don't rely on default values that are computed using some of the current user's fields, such as company_id.

Using sudo() also involves creating a new Environment instance. This environment will have an initially-empty recordset cache, and that cache will evolve independently from the cache of self.env. This can cause spurious database queries. In any case, you should avoid creating a new environment inside loops and try to move these environment creations to the outermost possible scope.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset