projects / odoo / odoo.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[FIX] @charset in CSS files
[odoo/odoo.git] / openerp / http.py
diff --git a/openerp/http.py b/openerp/http.py
index 5b49b8f..c51934f 100644 (file)
--- a/openerp/http.py
+++ b/openerp/http.py
@@ -23,6 +23,7 @@ import urlparse
 import warnings
 
 import babel.core
+import psutil
 import psycopg2
 import simplejson
 import werkzeug.contrib.sessions
@@ -35,6 +36,7 @@ import werkzeug.wsgi
 
 import openerp
 from openerp.service import security, model as service_model
+from openerp.tools.func import lazy_property
 
 _logger = logging.getLogger(__name__)
 
@@ -49,6 +51,70 @@ request = _request_stack()
     A global proxy that always redirect to the current request object.
 """
 
+def replace_request_password(args):
+    # password is always 3rd argument in a request, we replace it in RPC logs
+    # so it's easier to forward logs for diagnostics/debugging purposes...
+    if len(args) > 2:
+        args = list(args)
+        args[2] = '*'
+    return tuple(args)
+
+def dispatch_rpc(service_name, method, params):
+    """ Handle a RPC call.
+
+    This is pure Python code, the actual marshalling (from/to XML-RPC) is done
+    in a upper layer.
+    """
+    try:
+        rpc_request = logging.getLogger(__name__ + '.rpc.request')
+        rpc_response = logging.getLogger(__name__ + '.rpc.response')
+        rpc_request_flag = rpc_request.isEnabledFor(logging.DEBUG)
+        rpc_response_flag = rpc_response.isEnabledFor(logging.DEBUG)
+        if rpc_request_flag or rpc_response_flag:
+            start_time = time.time()
+            start_rss, start_vms = 0, 0
+            start_rss, start_vms = psutil.Process(os.getpid()).get_memory_info()
+            if rpc_request and rpc_response_flag:
+                openerp.netsvc.log(rpc_request, logging.DEBUG, '%s.%s' % (service_name, method), replace_request_password(params))
+
+        threading.current_thread().uid = None
+        threading.current_thread().dbname = None
+        if service_name == 'common':
+            dispatch = openerp.service.common.dispatch
+        elif service_name == 'db':
+            dispatch = openerp.service.db.dispatch
+        elif service_name == 'object':
+            dispatch = openerp.service.model.dispatch
+        elif service_name == 'report':
+            dispatch = openerp.service.report.dispatch
+        else:
+            dispatch = openerp.service.wsgi_server.rpc_handlers.get(service_name)
+        result = dispatch(method, params)
+
+        if rpc_request_flag or rpc_response_flag:
+            end_time = time.time()
+            end_rss, end_vms = 0, 0
+            end_rss, end_vms = psutil.Process(os.getpid()).get_memory_info()
+            logline = '%s.%s time:%.3fs mem: %sk -> %sk (diff: %sk)' % (service_name, method, end_time - start_time, start_vms / 1024, end_vms / 1024, (end_vms - start_vms)/1024)
+            if rpc_response_flag:
+                openerp.netsvc.log(rpc_response, logging.DEBUG, logline, result)
+            else:
+                openerp.netsvc.log(rpc_request, logging.DEBUG, logline, replace_request_password(params), depth=1)
+
+        return result
+    except (openerp.osv.orm.except_orm, openerp.exceptions.AccessError, \
+            openerp.exceptions.AccessDenied, openerp.exceptions.Warning, \
+            openerp.exceptions.RedirectWarning):
+        raise
+    except openerp.exceptions.DeferredException, e:
+        _logger.exception(openerp.tools.exception_to_unicode(e))
+        openerp.tools.debugger.post_mortem(openerp.tools.config, e.traceback)
+        raise
+    except Exception, e:
+        _logger.exception(openerp.tools.exception_to_unicode(e))
+        openerp.tools.debugger.post_mortem(openerp.tools.config, sys.exc_info())
+        raise
+
 def local_redirect(path, query=None, keep_hash=False, forward_debug=True, code=303):
     url = path
     if not query:
@@ -58,7 +124,7 @@ def local_redirect(path, query=None, keep_hash=False, forward_debug=True, code=3
     if query:
         url += '?' + werkzeug.url_encode(query)
     if keep_hash:
-        return redirect_with_hash(url)
+        return redirect_with_hash(url, code)
     else:
         return werkzeug.utils.redirect(url, code)
 
@@ -71,7 +137,6 @@ def redirect_with_hash(url, code=303):
         return werkzeug.utils.redirect(url, code)
     return "<html><head><script>window.location = '%s' + location.hash;</script></head></html>" % url
 
-
 class WebRequest(object):
     """ Parent class for all OpenERP Web request types, mostly deals with
     initialization and setup of the request object (the dispatching itself has
@@ -129,12 +194,14 @@ class WebRequest(object):
         self.session_id = httprequest.session.sid
         self.disable_db = False
         self.uid = None
-        self.func = None
-        self.func_arguments = {}
+        self.endpoint = None
         self.auth_method = None
         self._cr_cm = None
         self._cr = None
-        self.func_request_type = None
+
+        # prevents transaction commit, use when you catch an exception during handling
+        self._failed = None
+
         # set db/uid trackers - they're cleaned up at the WSGI
         # dispatching phase in openerp.service.wsgi_server.application
         if self.db:
@@ -168,7 +235,7 @@ class WebRequest(object):
         """
         # some magic to lazy create the cr
         if not self._cr:
-            self._cr = self.registry.db.cursor()
+            self._cr = self.registry.cursor()
         return self._cr
 
     def __enter__(self):
@@ -177,49 +244,55 @@ class WebRequest(object):
 
     def __exit__(self, exc_type, exc_value, traceback):
         _request_stack.pop()
+
         if self._cr:
-            if exc_type is None:
+            if exc_type is None and not self._failed:
                 self._cr.commit()
             self._cr.close()
         # just to be sure no one tries to re-use the request
         self.disable_db = True
         self.uid = None
 
-    def set_handler(self, func, arguments, auth):
+    def set_handler(self, endpoint, arguments, auth):
         # is this needed ?
         arguments = dict((k, v) for k, v in arguments.iteritems()
                          if not k.startswith("_ignored_"))
 
-        self.func = func
-        self.func_request_type = func.routing['type']
-        self.func_arguments = arguments
+        endpoint.arguments = arguments
+        self.endpoint = endpoint
         self.auth_method = auth
 
+
+    def _handle_exception(self, exception):
+        """Called within an except block to allow converting exceptions
+           to abitrary responses. Anything returned (except None) will
+           be used as response.""" 
+        raise 
+
     def _call_function(self, *args, **kwargs):
         request = self
-        if self.func_request_type != self._request_type:
+        if self.endpoint.routing['type'] != self._request_type:
             raise Exception("%s, %s: Function declared as capable of handling request of type '%s' but called with a request of type '%s'" \
-                % (self.func, self.httprequest.path, self.func_request_type, self._request_type))
+                % (self.endpoint.original, self.httprequest.path, self.endpoint.routing['type'], self._request_type))
 
-        kwargs.update(self.func_arguments)
+        kwargs.update(self.endpoint.arguments)
 
         # Backward for 7.0
-        if getattr(self.func, '_first_arg_is_req', False):
+        if self.endpoint.first_arg_is_req:
             args = (request,) + args
+
         # Correct exception handling and concurency retry
         @service_model.check
-        def checked_call(dbname, *a, **kw):
-            return self.func(*a, **kw)
-
-        # FIXME: code and rollback management could be cleaned
-        try:
-            if self.db:
-                return checked_call(self.db, *args, **kwargs)
-            return self.func(*args, **kwargs)
-        except Exception:
+        def checked_call(___dbname, *a, **kw):
+            # The decorator can call us more than once if there is an database error. In this
+            # case, the request cursor is unusable. Rollback transaction to create a new one.
             if self._cr:
                 self._cr.rollback()
-            raise
+            return self.endpoint(*a, **kw)
+
+        if self.db:
+            return checked_call(self.db, *args, **kwargs)
+        return self.endpoint(*args, **kwargs)
 
     @property
     def debug(self):
@@ -248,6 +321,7 @@ def route(route=None, **kw):
         authentication modules. There request code will not have any facilities to access the database nor have any
         configuration indicating the current database nor the current user.
     :param methods: A sequence of http methods this route applies to. If not specified, all methods are allowed.
+    :param cors: The Access-Control-Allow-Origin cors directive value.
     """
     routing = kw.copy()
     assert not 'type' in routing or routing['type'] in ("http", "json")
@@ -258,8 +332,23 @@ def route(route=None, **kw):
             else:
                 routes = [route]
             routing['routes'] = routes
-        f.routing = routing
-        return f
+        @functools.wraps(f)
+        def response_wrap(*args, **kw):
+            response = f(*args, **kw)
+            if isinstance(response, Response) or f.routing_type == 'json':
+                return response
+            elif isinstance(response, werkzeug.wrappers.BaseResponse):
+                response = Response.force_type(response)
+                response.set_default()
+                return response
+            elif isinstance(response, basestring):
+                return Response(response)
+            else:
+                _logger.warn("<function %s.%s> returns an invalid response type for an http request" % (f.__module__, f.__name__))
+            return response
+        response_wrap.routing = routing
+        response_wrap.original_func = f
+        return response_wrap
     return decorator
 
 class JsonRequest(WebRequest):
@@ -329,37 +418,17 @@ class JsonRequest(WebRequest):
         # Read POST content or POST Form Data named "request"
         self.jsonrequest = simplejson.loads(request)
         self.params = dict(self.jsonrequest.get("params", {}))
-        self.context = self.params.pop('context', self.session.context)
-
-    def dispatch(self):
-        """ Calls the method asked for by the JSON-RPC2 or JSONP request
-        """
-        if self.jsonp_handler:
-            return self.jsonp_handler()
-        response = {"jsonrpc": "2.0" }
-        error = None
-
-        try:
-            response['id'] = self.jsonrequest.get('id')
-            response["result"] = self._call_function(**self.params)
-        except AuthenticationError, e:
-            _logger.exception("Exception during JSON request handling.")
-            se = serialize_exception(e)
-            error = {
-                'code': 100,
-                'message': "OpenERP Session Invalid",
-                'data': se
-            }
-        except Exception, e:
-            _logger.exception("Exception during JSON request handling.")
-            se = serialize_exception(e)
-            error = {
-                'code': 200,
-                'message': "OpenERP Server Error",
-                'data': se
-            }
-        if error:
-            response["error"] = error
+        self.context = self.params.pop('context', dict(self.session.context))
+
+    def _json_response(self, result=None, error=None):
+        response = {
+            'jsonrpc': '2.0',
+            'id': self.jsonrequest.get('id')
+        }
+        if error is not None:
+            response['error'] = error
+        if result is not None:
+            response['result'] = result
 
         if self.jsonp:
             # If we use jsonp, that's mean we are called from another host
@@ -372,8 +441,36 @@ class JsonRequest(WebRequest):
             mime = 'application/json'
             body = simplejson.dumps(response)
 
-        r = werkzeug.wrappers.Response(body, headers=[('Content-Type', mime), ('Content-Length', len(body))])
-        return r
+        return Response(
+                    body, headers=[('Content-Type', mime),
+                                   ('Content-Length', len(body))])
+
+    def _handle_exception(self, exception):
+        """Called within an except block to allow converting exceptions
+           to abitrary responses. Anything returned (except None) will
+           be used as response.""" 
+        _logger.exception("Exception during JSON request handling.")
+        self._failed = exception # prevent tx commit            
+        error = {
+                'code': 200,
+                'message': "OpenERP Server Error",
+                'data': serialize_exception(exception)
+        }
+        if isinstance(exception, AuthenticationError):
+            error['code'] = 100
+            error['message'] = "OpenERP Session Invalid"
+        return self._json_response(error=error)
+
+    def dispatch(self):
+        """ Calls the method asked for by the JSON-RPC2 or JSONP request
+        """
+        if self.jsonp_handler:
+            return self.jsonp_handler()
+        try:
+            result = self._call_function(**self.params)
+            return self._json_response(result)
+        except Exception, e:
+            return self._handle_exception(e)
 
 def serialize_exception(e):
     tmp = {
@@ -430,9 +527,16 @@ class HttpRequest(WebRequest):
         self.params = params
 
     def dispatch(self):
+        if request.httprequest.method == 'OPTIONS' and request.endpoint and request.endpoint.routing.get('cors'):
+            headers = {
+                'Access-Control-Max-Age': 60 * 60 * 24,
+                'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept'
+            }
+            return Response(status=200, headers=headers)
+
         r = self._call_function(**self.params)
         if not r:
-            r = werkzeug.wrappers.Response(status=204)  # no content
+            r = Response(status=204)  # no content
         return r
 
     def make_response(self, data, headers=None, cookies=None):
@@ -449,12 +553,28 @@ class HttpRequest(WebRequest):
         :type headers: ``[(name, value)]``
         :param collections.Mapping cookies: cookies to set on the client
         """
-        response = werkzeug.wrappers.Response(data, headers=headers)
+        response = Response(data, headers=headers)
         if cookies:
             for k, v in cookies.iteritems():
                 response.set_cookie(k, v)
         return response
 
+    def render(self, template, qcontext=None, lazy=True, **kw):
+        """ Lazy render of QWeb template.
+
+        The actual rendering of the given template will occur at then end of
+        the dispatching. Meanwhile, the template and/or qcontext can be
+        altered or even replaced by a static response.
+
+        :param basestring template: template to render
+        :param dict qcontext: Rendering context to use
+        :param dict lazy: Lazy rendering is processed later in wsgi response layer (default True)
+        """
+        response = Response(template=template, qcontext=qcontext, **kw)
+        if not lazy:
+            return response.render()
+        return response
+
     def not_found(self, description=None):
         """ Helper for 404 response, return its result from the method
         """
@@ -506,6 +626,21 @@ class ControllerType(type):
 class Controller(object):
     __metaclass__ = ControllerType
 
+class EndPoint(object):
+    def __init__(self, method, routing):
+        self.method = method
+        self.original = getattr(method, 'original_func', method)
+        self.routing = routing
+        self.arguments = {}
+
+    @property
+    def first_arg_is_req(self):
+        # Backward for 7.0
+        return getattr(self.method, '_first_arg_is_req', False)
+
+    def __call__(self, *args, **kw):
+        return self.method(*args, **kw)
+
 def routing_map(modules, nodb_only, converters=None):
     routing_map = werkzeug.routing.Map(strict_slashes=False, converters=converters)
     for module in modules:
@@ -523,21 +658,34 @@ def routing_map(modules, nodb_only, converters=None):
             members = inspect.getmembers(o)
             for mk, mv in members:
                 if inspect.ismethod(mv) and hasattr(mv, 'routing'):
-                    routing = dict(type='http', auth='user', methods=None)
+                    routing = dict(type='http', auth='user', methods=None, routes=None)
+                    methods_done = list()
+                    routing_type = None
                     for claz in reversed(mv.im_class.mro()):
                         fn = getattr(claz, mv.func_name, None)
-                        if fn and hasattr(fn, 'routing'):
+                        if fn and hasattr(fn, 'routing') and fn not in methods_done:
+                            fn_type = fn.routing.get('type')
+                            if not routing_type:
+                                routing_type = fn_type
+                            else:
+                                if fn_type and routing_type != fn_type:
+                                    _logger.warn("Subclass re-defines <function %s.%s> with different type than original."
+                                                    " Will use original type: %r", fn.__module__, fn.__name__, routing_type)
+                                fn.routing['type'] = routing_type
+                            fn.original_func.routing_type = routing_type
+                            methods_done.append(fn)
                             routing.update(fn.routing)
-                    mv.routing.update(routing)
-                    assert 'routes' in mv.routing
-                    if not nodb_only or nodb_only == (mv.routing['auth'] == "none"):
-                        for url in mv.routing['routes']:
-                            if mv.routing.get("combine", False):
+                    if not nodb_only or nodb_only == (routing['auth'] == "none"):
+                        assert routing['routes'], "Method %r has not route defined" % mv
+                        endpoint = EndPoint(mv, routing)
+                        for url in routing['routes']:
+                            if routing.get("combine", False):
                                 # deprecated
                                 url = o._cp_path.rstrip('/') + '/' + url.lstrip('/')
                                 if url.endswith("/") and len(url) > 1:
                                     url = url[: -1]
-                            routing_map.add(werkzeug.routing.Rule(url, endpoint=mv, methods=mv.routing['methods']))
+
+                            routing_map.add(werkzeug.routing.Rule(url, endpoint=endpoint, methods=routing['methods']))
     return routing_map
 
 #----------------------------------------------------------
@@ -552,7 +700,7 @@ class SessionExpiredException(Exception):
 class Service(object):
     """
         .. deprecated:: 8.0
-        Use ``openerp.netsvc.dispatch_rpc()`` instead.
+        Use ``dispatch_rpc()`` instead.
     """
     def __init__(self, session, service_name):
         self.session = session
@@ -560,14 +708,14 @@ class Service(object):
 
     def __getattr__(self, method):
         def proxy_method(*args):
-            result = openerp.netsvc.dispatch_rpc(self.service_name, method, args)
+            result = dispatch_rpc(self.service_name, method, args)
             return result
         return proxy_method
 
 class Model(object):
     """
         .. deprecated:: 8.0
-        Use the resistry and cursor in ``openerp.addons.web.http.request`` instead.
+        Use the resistry and cursor in ``openerp.http.request`` instead.
     """
     def __init__(self, session, model):
         self.session = session
@@ -633,7 +781,7 @@ class OpenERPSession(werkzeug.contrib.sessions.Session):
                 HTTP_HOST=wsgienv['HTTP_HOST'],
                 REMOTE_ADDR=wsgienv['REMOTE_ADDR'],
             )
-            uid = openerp.netsvc.dispatch_rpc('common', 'authenticate', [db, login, password, env])
+            uid = dispatch_rpc('common', 'authenticate', [db, login, password, env])
         else:
             security.check(db, uid, password)
         self.db = db
@@ -656,9 +804,10 @@ class OpenERPSession(werkzeug.contrib.sessions.Session):
             raise SessionExpiredException("Session expired")
         security.check(self.db, self.uid, self.password)
 
-    def logout(self):
+    def logout(self, keep_db=False):
         for k in self.keys():
-            del self[k]
+            if not (keep_db and k == 'db'):
+                del self[k]
         self._default_values()
 
     def _default_values(self):
@@ -666,7 +815,7 @@ class OpenERPSession(werkzeug.contrib.sessions.Session):
         self.setdefault("uid", None)
         self.setdefault("login", None)
         self.setdefault("password", None)
-        self.setdefault("context", {'tz': "UTC", "uid": None})
+        self.setdefault("context", {})
 
     def get_context(self):
         """
@@ -736,14 +885,14 @@ class OpenERPSession(werkzeug.contrib.sessions.Session):
     def send(self, service_name, method, *args):
         """
         .. deprecated:: 8.0
-        Use ``openerp.netsvc.dispatch_rpc()`` instead.
+        Use ``dispatch_rpc()`` instead.
         """
-        return openerp.netsvc.dispatch_rpc(service_name, method, args)
+        return dispatch_rpc(service_name, method, args)
 
     def proxy(self, service):
         """
         .. deprecated:: 8.0
-        Use ``openerp.netsvc.dispatch_rpc()`` instead.
+        Use ``dispatch_rpc()`` instead.
         """
         return Service(self, service)
 
@@ -806,6 +955,40 @@ class OpenERPSession(werkzeug.contrib.sessions.Session):
 
         return Model(self, model)
 
+    def save_action(self, action):
+        """
+        This method store an action object in the session and returns an integer
+        identifying that action. The method get_action() can be used to get
+        back the action.
+
+        :param the_action: The action to save in the session.
+        :type the_action: anything
+        :return: A key identifying the saved action.
+        :rtype: integer
+        """
+        saved_actions = self.setdefault('saved_actions', {"next": 1, "actions": {}})
+        # we don't allow more than 10 stored actions
+        if len(saved_actions["actions"]) >= 10:
+            del saved_actions["actions"][min(saved_actions["actions"])]
+        key = saved_actions["next"]
+        saved_actions["actions"][key] = action
+        saved_actions["next"] = key + 1
+        self.modified = True
+        return key
+
+    def get_action(self, key):
+        """
+        Gets back a previously saved action. This method can return None if the action
+        was saved since too much time (this case should be handled in a smart way).
+
+        :param key: The key given by save_action()
+        :type key: integer
+        :return: The saved action or None.
+        :rtype: anything
+        """
+        saved_actions = self.get('saved_actions', {})
+        return saved_actions.get("actions", {}).get(key)
+
 def session_gc(session_store):
     if random.random() < 0.001:
         # we keep session one week
@@ -826,19 +1009,51 @@ mimetypes.add_type('application/font-woff', '.woff')
 mimetypes.add_type('application/vnd.ms-fontobject', '.eot')
 mimetypes.add_type('application/x-font-ttf', '.ttf')
 
-class LazyResponse(werkzeug.wrappers.Response):
-    """ Lazy werkzeug response.
-    API not yet frozen"""
+class Response(werkzeug.wrappers.Response):
+    """ Response object passed through controller route chain.
 
-    def __init__(self, callback, status_code=None, **kwargs):
-        super(LazyResponse, self).__init__(mimetype='text/html')
-        if status_code:
-            self.status_code = status_code
-        self.callback = callback
-        self.params = kwargs
-    def process(self):
-        response = self.callback(**self.params)
-        self.response.append(response)
+    In addition to the werkzeug.wrappers.Response parameters, this
+    classe's constructor can take the following additional parameters
+    for QWeb Lazy Rendering.
+
+    :param basestring template: template to render
+    :param dict qcontext: Rendering context to use
+    :param int uid: User id to use for the ir.ui.view render call
+    """
+    default_mimetype = 'text/html'
+    def __init__(self, *args, **kw):
+        template = kw.pop('template', None)
+        qcontext = kw.pop('qcontext', None)
+        uid = kw.pop('uid', None)
+        super(Response, self).__init__(*args, **kw)
+        self.set_default(template, qcontext, uid)
+
+    def set_default(self, template=None, qcontext=None, uid=None):
+        self.template = template
+        self.qcontext = qcontext or dict()
+        self.uid = uid
+        # Support for Cross-Origin Resource Sharing
+        if request.endpoint and 'cors' in request.endpoint.routing:
+            self.headers.set('Access-Control-Allow-Origin', request.endpoint.routing['cors'])
+            methods = 'GET, POST'
+            if request.endpoint.routing['type'] == 'json':
+                methods = 'POST'
+            elif request.endpoint.routing.get('methods'):
+                methods = ', '.join(request.endpoint.routing['methods'])
+            self.headers.set('Access-Control-Allow-Methods', methods)
+
+    @property
+    def is_qweb(self):
+        return self.template is not None
+
+    def render(self):
+        view_obj = request.registry["ir.ui.view"]
+        uid = self.uid or request.uid or openerp.SUPERUSER_ID
+        return view_obj.render(request.cr, uid, self.template, self.qcontext, context=request.context)
+
+    def flatten(self):
+        self.response.append(self.render())
+        self.template = None
 
 class DisableCacheMiddleware(object):
     def __init__(self, app):
@@ -862,51 +1077,33 @@ class DisableCacheMiddleware(object):
             start_response(status, new_headers)
         return self.app(environ, start_wrapped)
 
-def session_path():
-    try:
-        import pwd
-        username = pwd.getpwuid(os.geteuid()).pw_name
-    except ImportError:
-        try:
-            username = getpass.getuser()
-        except Exception:
-            username = "unknown"
-    path = os.path.join(tempfile.gettempdir(), "oe-sessions-" + username)
-    try:
-        os.mkdir(path, 0700)
-    except OSError as exc:
-        if exc.errno == errno.EEXIST:
-            # directory exists: ensure it has the correct permissions
-            # this will fail if the directory is not owned by the current user
-            os.chmod(path, 0700)
-        else:
-            raise
-    return path
-
 class Root(object):
     """Root WSGI application for the OpenERP Web Client.
     """
     def __init__(self):
         # Setup http sessions
-        path = session_path()
+        path = openerp.tools.config.session_dir
         _logger.debug('HTTP sessions stored in: %s', path)
         self.session_store = werkzeug.contrib.sessions.FilesystemSessionStore(path, session_class=OpenERPSession)
+        self._loaded = False
 
-        # TODO should we move this to ir.http so that only configured modules are served ?
-        _logger.info("HTTP Configuring static files")
-        self.load_addons()
-
+    @lazy_property
+    def nodb_routing_map(self):
         _logger.info("Generating nondb routing")
-        self.nodb_routing_map = routing_map(['', "web"], True)
+        return routing_map([''] + openerp.conf.server_wide_modules, True)
 
     def __call__(self, environ, start_response):
         """ Handle a WSGI request
         """
+        if not self._loaded:
+            self._loaded = True
+            self.load_addons()
         return self.dispatch(environ, start_response)
 
     def load_addons(self):
-        """ Load all addons from addons patch containg static files and
+        """ Load all addons from addons path containing static files and
         controllers and configure them.  """
+        # TODO should we move this to ir.http so that only configured modules are served ?
         statics = {}
 
         for addons_path in openerp.modules.module.ad_paths:
@@ -920,12 +1117,16 @@ class Root(object):
                         _logger.debug("Loading %s", module)
                         if 'openerp.addons' in sys.modules:
                             m = __import__('openerp.addons.' + module)
+                        else:
+                            m = None
                         addons_module[module] = m
                         addons_manifest[module] = manifest
                         statics['/%s/static' % module] = path_static
 
-        app = werkzeug.wsgi.SharedDataMiddleware(self.dispatch, statics)
-        self.dispatch = DisableCacheMiddleware(app)
+        if statics:
+            _logger.info("HTTP Configuring static files")
+            app = werkzeug.wsgi.SharedDataMiddleware(self.dispatch, statics)
+            self.dispatch = DisableCacheMiddleware(app)
 
     def setup_session(self, httprequest):
         # recover or create session
@@ -945,8 +1146,16 @@ class Root(object):
         return explicit_session
 
     def setup_db(self, httprequest):
-        if not httprequest.session.db:
-            # allow "admin" routes to works without being logged in when in monodb.
+        db = httprequest.session.db
+        # Check if session.db is legit
+        if db:
+            if db not in db_filter([db], httprequest=httprequest):
+                _logger.warn("Logged into database '%s', but dbfilter "
+                             "rejects it; logging session out.", db)
+                httprequest.session.logout()
+                db = None
+
+        if not db:
             httprequest.session.db = db_monodb(httprequest)
 
     def setup_lang(self, httprequest):
@@ -965,19 +1174,17 @@ class Root(object):
             return HttpRequest(httprequest)
 
     def get_response(self, httprequest, result, explicit_session):
-        if isinstance(result, LazyResponse):
+        if isinstance(result, Response) and result.is_qweb:
             try:
-                result.process()
+                result.flatten()
             except(Exception), e:
-                # In case of auth="none" we re-activate db getter for exception handling
-                request.disable_db = False
                 if request.db:
                     result = request.registry['ir.http']._handle_exception(e)
                 else:
                     raise
 
         if isinstance(result, basestring):
-            response = werkzeug.wrappers.Response(result, mimetype='text/html')
+            response = Response(result, mimetype='text/html')
         else:
             response = result
 
@@ -1019,10 +1226,12 @@ class Root(object):
                 if db:
                     openerp.modules.registry.RegistryManager.check_registry_signaling(db)
                     try:
-                        ir_http = request.registry['ir.http']
+                        with openerp.tools.mute_logger('openerp.sql_db'):
+                            ir_http = request.registry['ir.http']
                     except psycopg2.OperationalError:
-                        # psycopg2 error. At this point, that's mean the database does not exists
-                        # anymore. We unlog the user and failback in nodb mode
+                        # psycopg2 error. At this point, that means the
+                        # database probably does not exists anymore. Log the
+                        # user out and fall back to nodb
                         request.session.logout()
                         result = _dispatch_nodb()
                     else:
@@ -1043,9 +1252,12 @@ class Root(object):
         return request.registry['ir.http'].routing_map()
 
 def db_list(force=False, httprequest=None):
+    dbs = dispatch_rpc("db", "list", [force])
+    return db_filter(dbs, httprequest=httprequest)
+
+def db_filter(dbs, httprequest=None):
     httprequest = httprequest or request.httprequest
-    dbs = openerp.netsvc.dispatch_rpc("db", "list", [force])
-    h = httprequest.environ['HTTP_HOST'].split(':')[0]
+    h = httprequest.environ.get('HTTP_HOST', '').split(':')[0]
     d = h.split('.')[0]
     r = openerp.tools.config['dbfilter'].replace('%h', h).replace('%d', d)
     dbs = [i for i in dbs if re.match(r, i)]
@@ -1063,8 +1275,6 @@ def db_monodb(httprequest=None):
         Returns ``None`` if the magic is not magic enough.
     """
     httprequest = httprequest or request.httprequest
-    db = None
-    redirect = None
 
     dbs = db_list(True, httprequest)
 
@@ -1087,18 +1297,10 @@ class CommonController(Controller):
     @route('/jsonrpc', type='json', auth="none")
     def jsonrpc(self, service, method, args):
         """ Method used by client APIs to contact OpenERP. """
-        return openerp.netsvc.dispatch_rpc(service, method, args)
-
-    @route('/gen_session_id', type='json', auth="none")
-    def gen_session_id(self):
-        nsession = root.session_store.new()
-        return nsession.sid
-
-root = None
+        return dispatch_rpc(service, method, args)
 
-def wsgi_postload():
-    global root
-    root = Root()
-    openerp.wsgi.register_wsgi_handler(root)
+# register main wsgi handler
+root = Root()
+openerp.service.wsgi_server.register_wsgi_handler(root)
 
 # vim:et:ts=4:sw=4:
Unnamed repository; edit this file 'description' to name the repository.