Odoo Release Updates

This fix corrects the TOTP (Two-Factor Authentication) secret validation logic in the auth_totp module by removing support for the string literal 'false' as a disabled state. The code now properly treats empty strings (null or '') as the only indicator that TOTP is disabled, changing the enabled check from explicitly testing against False and 'false' to a simple boolean conversion, and updating the SQL domain query to match this behavior. This ensures consistent and cleaner handling of TOTP enablement state across the authentication system.

[FIX] auth_totp: secret is not 'false'

This commit updates the placeholder text in the mail composer when sending messages to clarify that communications reach both followers and selected contacts, not just followers. The change modifies the user-facing message in the web portal project composer from "Send a message to followers…" to "Send a message to all followers and selected contacts…" and updates all corresponding test assertions to match the new text.

[IMP] mail: update "Send message" placeholder

This fix prevents a crash during the Account module uninstallation by skipping audit log operations when the account module is being removed from the system. Previously, the code attempted to access audit log database tables that had already been deleted, causing the uninstall process to fail. The solution adds a check to bypass the audit log exception handler when account is in the list of modules being uninstalled.

[FIX] account: uninstall prevent error with audit log

This commit fixes a layout issue in Odoo's reference fields where selecting a longer value in the first dropdown would compress the subsequent many2one field, leaving insufficient space. The fix applies flexible width distribution to both the select and many2one components within reference field rows, with additional right padding on the select to prevent overlap.

[FIX] web: alignment of select and many2one in reference

This commit adds the is_condition() method to the Domain API, enabling developers to check whether a domain represents a simple condition and optionally match against specific field expressions, operators, and value types. The method supports flexible pattern matching through optional parameters, allowing for concise filtering of domain conditions without manual iteration.

[IMP] orm: Domain.is_condition

The AI module's attachment vacuum model now uses Odoo's standard record rules mechanism instead of overriding the _check_access() method to enforce access controls. Two new record rules have been added that mirror attachment access permissions, allowing read access to public or readable attachments and write/create/delete access based on attachment write permissions, while the custom access control method has been removed from the codebase.

[REF] ai: use record rules for access domain

This commit fixes a migration issue in Belgian localization where account XMLIDs a4121 and a4521 were missing after database migration, causing the l10n_be_reports module to fail recovering partner and reconcile account references. The fix adds a fallback mechanism that resolves these accounts by their account code when XMLIDs are unavailable, eliminating post-init warnings while preserving normal XMLID behavior for non-migrated databases.

[FIX] account: preload BE report account xmlids during migration

This commit fixes a module dependency issue in helpdesk_stock where installation without auto_install would fail because the module was missing an explicit dependency on sale_stock. The fix adds sale_stock as a direct dependency instead of relying on stock, ensuring that sale_order.picking_ids field is available when the module initializes.

[FIX] helpdesk_stock: fix single module installation

This commit fixes a critical traceback that occurred when internal users started live chat conversations with the hr_holidays module installed. The root cause was unsafe access to user.activeCompany in the employee_id computed field, which is not available in the frontend session. The fix adds optional chaining (?.) to guard against undefined activeCompany, reorganizes asset bundles for better modularity, and adds comprehensive test coverage including a new shared embed test that validates the scenario works with HR employee records present.

[FIX] hr, *: prevent traceback when starting live chat as internal user

This change excludes Joint Committee 999 (chairman/executive positions) from Belgian minimum wage compliance warnings in both contract salary offers and employee contract versions. The fix adds explicit filtering to skip minimum wage validation for JC 999 positions since they have different compensation rules, and includes test coverage to prevent regression.

[IMP] l10n_be_hr_payroll: Exclude JC 999 from the min wage warnings

This fix corrects the calculation of worked day line amounts in payslips when public holidays are present. The bug caused worked day amounts to be incorrectly inflated because public holiday hours were being excluded from work interval calculations, which then artificially reduced the computed work time and increased the per-hour attendance rate. By adding the compute_leaves=False parameter to _work_intervals_batch, the calculation now properly accounts for all hours including those on public holidays.

[IMP] hr_payroll: fix worked day lines amount

This fix corrects the calculation of hourly rates displayed on US payslips when working very small time periods (such as seconds). Previously, the rate was calculated by dividing the rounded monetary amount by hours worked, causing compounding rounding errors that produced incorrect overtime multiplier rates. The fix now computes the rate directly from the hourly wage multiplied by the work entry type's rate multiplier, ensuring accurate display regardless of hours worked.

[FIX] l10n_us_hr_payroll: fix rate display for tiny overtime

This commit fixes a test that was incorrectly assigning a menu ID to a user's action field, treating it as if it were an action ID. The fix replaces the hardcoded incorrect assignment with a proper query to find an actual ir.actions.actions record named 'Settings', and adds validation to ensure the assignment succeeded. This resolves intermittent test failures that occurred when tests were run together due to ID allocation changes in a previous commit.

[FIX] website: fix `TestUi.test_29`

This commit refactors WhatsApp test assertions to use a new BusResult helper class for improved clarity and maintainability of bus notification testing. The change replaces verbose dictionary-based assertions with a more structured BusResult object that explicitly separates the bus channel, message type, and payload, making tests more readable and reducing assertion boilerplate while maintaining the same functional validation.

[REF] test_whatsapp: improve assertion on bus notifications

This commit fixes the calendar visualization of time-off requests that span half-days by correcting the field name validation from "half" to "half_day" and replacing static CSS clip-path rules with dynamic positioning logic that properly handles AM/PM period combinations. The rendering now correctly displays partial-day leave periods on the calendar instead of rounding them to full days, improving accuracy in leave management visibility.

[IMP] hr_holidays: adjust half-days visibility on calendar view

This fix addresses a test flakiness issue in the project sharing module where dynamically assigned ports (port 0) caused mismatches between the port written to web.base.url during database installation and the actual port used during post_install test execution. The solution explicitly sets web.base.url to a controlled value before running the test and updates the assertion to check for that exact value, ensuring the generated portal signup links contain the correct base URL regardless of kernel port assignment behavior.

[FIX] project: reset web.base.url in order to control link

This fix prevents Manufacturing Orders (MOs) from sharing purchase order references when duplicated. Previously, when an MO was copied, its reference_ids field was also duplicated, causing the new MO to become incorrectly linked to the original MO's purchase order. This resulted in quantities being consolidated on a single PO instead of creating separate purchase orders for each MO. The fix adds copy=False to the reference_ids field definition to ensure each duplicated MO gets its own independent reference records.

[FIX] mrp: prevent duplicated MO from reusing same reference

This commit refactors Odoo's tracking API to simplify how addons generate and log field changes across models. It introduces new methods like _track_add (for manual tracking on current model) and _track_record (for logging changes to parent models), removes low-level data manipulation requirements, and adds a mail.track.mixin to allow tracking without inheriting from mail.thread. The changes include comprehensive tests covering various tracking use cases and API documentation updates to reduce confusion around tracking structures.

[IMP] mail: cleanup and test tracking usage

This commit refactors Odoo's field tracking infrastructure to simplify the API and improve code organization. It introduces a new mail.track.mixin that separates tracking value generation from message posting, adds new _track_add and _track_record methods to replace manual tracking value manipulation, and renames _track_subtype to _track_log_get_default_subtype for clarity. The changes eliminate low-level data structure handling across multiple modules (account, CRM, HR, fleet, Peppol) while adding comprehensive test coverage for various tracking scenarios including parent model logging and manual tracking calls.

[IMP] mail: cleanup and test tracking usage

This change removes the "Uploading..." text that appeared during file attachment uploads in the mail chatter by setting the showUploadingText property to false on the FileUploader component. The removal is justified because an upload progress indicator already exists within the attachment box itself, making the redundant text unnecessary and improving the user interface clarity.

[IMP] mail: remove "Uploading..." text

This fix corrects a CSS selector typo in the website_sale module that prevented the product grid from displaying a left border on smaller viewports when the sidebar is hidden. The selector was incorrectly structured with redundant class chaining, causing the border styling rule to never apply on mobile and tablet devices where the sidebar is collapsed.

[FIX] website_sale: add missing border on grid layout

This fix modifies the salary rule and parameter deletion logic in hr_payroll to allow the SUPERUSER to bypass the restriction that prevents deletion of system-created payroll parameters. Previously, the code blocked deletion of any parameter created by the system regardless of user role; now it only enforces this restriction for non-superuser accounts. This enables system administrators and automated processes running with elevated privileges to manage or clean up payroll configuration as needed.

[FIX] hr_payroll: Allow SUPERUSER to unlink salary rules and parameters

This commit systematically adds `.this` prefixes to template variable references across multiple Odoo modules in preparation for OWL3 framework compatibility. The migration changes unqualified component properties, state variables, and method references in XML templates to explicitly use `.this` notation, ensuring templates correctly target component instance members rather than template scope variables. This is a large-scale refactoring applied across accounting, documents, appointment, and knowledge modules to maintain compatibility with OWL3's stricter variable scoping requirements.

[REF] *: run rendering context migration script entire codebase

This commit applies a systematic OWL3 migration across the entire Odoo codebase by prefixing all template variable references with "this." to comply with upcoming OWL3 requirements. In OWL3, component instance properties must be explicitly accessed via "this." in templates, changing from implicit scope resolution to explicit context binding. This large-scale automated refactoring affects template files across multiple modules including account, board, CRM, HR, and many others, converting patterns like "showUploadButton" to "this.showUploadButton" and "state.name" to "this.state.name" throughout XML templates.

[IMP] *: run rendering context migration script entire codebase

This fix prevents the "Export XML" option from appearing in the print menu for bills that cannot be properly exported as UBL/CII XML, specifically non-imported bills where the XML computation would incorrectly invert customer and supplier party information. The solution adds a validation check via _need_ubl_cii_xml() to only allow XML export for self-bills or previously imported documents, eliminating user confusion from malformed XML output.

[FIX] account_edi_ubl_cii: Don't show "Export XML" for none exportable

This commit refactors the avatar popover system across multiple Odoo modules to use a unified AvatarCard component from the mail module instead of separate popover implementations, while updating the chat opening mechanism to use mail.store service. The planning module receives enhanced functionality to display employee role tags in the avatar card, and several modules (hr_appraisal, knowledge, hr_gantt, timesheet_grid) are updated to reference the new standardized components and hooks.

[REF] planning: update AvatarCardPopover template