def create_opp_portal(self, values):
if not (self.env.user.partner_id.grade_id
or self.env.user.commercial_partner_id.grade_id):
raise AccessDenied()
user = self.env.user
self = self.sudo()
if not (values['contact_name'] and values['description']
and values['title']):
return {'errors': _('All fields are required !')}
tag_own = self.env.ref(
'website_crm_partner_assign.tag_portal_lead_own_opp', False)
values = {
'contact_name': values['contact_name'],
'name': values['title'],
'description': values['description'],
'priority': '2',
'partner_assigned_id': user.commercial_partner_id.id,
}
if tag_own:
values['tag_ids'] = [(4, tag_own.id, False)]
lead = self.create(values)
lead.assign_salesman_of_assigned_partner()
lead.convert_opportunity(lead.partner_id.id)
return {'id': lead.id}
def _get_or_create_user(self, conf, login, ldap_entry):
"""
Retrieve an active resource of model res_users with the specified
login. Create the user if it is not initially found.
:param dict conf: LDAP configuration
:param login: the user's login
:param tuple ldap_entry: single LDAP result (dn, attrs)
:return: res_users id
:rtype: int
"""
login = tools.ustr(login.lower().strip())
self.env.cr.execute(
"SELECT id, active FROM res_users WHERE lower(login)=%s",
(login, ))
res = self.env.cr.fetchone()
if res:
if res[1]:
return res[0]
elif conf['create_user']:
_logger.debug("Creating new Eagle user \"%s\" from LDAP" % login)
values = self._map_ldap_attributes(conf, login, ldap_entry)
SudoUser = self.env['res.users'].sudo().with_context(
no_reset_password=True)
if conf['user']:
values['active'] = True
return SudoUser.browse(conf['user'][0]).copy(default=values).id
else:
return SudoUser.create(values).id
raise AccessDenied(
_("No local user found for LDAP login and not configured to create one"
))
def _auth_oauth_signin(self, provider, validation, params):
""" retrieve and sign in the user corresponding to provider and validated access token
:param provider: oauth provider id (int)
:param validation: result of validation of access token (dict)
:param params: oauth parameters (dict)
:return: user login (str)
:raise: AccessDenied if signin failed
This method can be overridden to add alternative signin methods.
"""
oauth_uid = validation['user_id']
try:
oauth_user = self.search([("oauth_uid", "=", oauth_uid),
('oauth_provider_id', '=', provider)])
if not oauth_user:
raise AccessDenied()
assert len(oauth_user) == 1
oauth_user.write({'oauth_access_token': params['access_token']})
return oauth_user.login
except AccessDenied as access_denied_exception:
if self.env.context.get('no_user_creation'):
return None
state = json.loads(params['state'])
token = state.get('t')
values = self._generate_signup_values(provider, validation, params)
try:
_, login, _ = self.signup(values, token)
return login
except (SignupError, UserError):
raise access_denied_exception
def power_on(self, *args, **kwargs):
if not self.env.is_admin():
raise AccessDenied()
self.env['ir.attachment']._file_gc()
self._gc_transient_models()
self._gc_user_logs()
return True
def if_db_mgt_enabled(method, self, *args, **kwargs):
if not eagle.tools.config['list_db']:
_logger.error(
'Database management functions blocked, admin disabled database listing'
)
raise AccessDenied()
return method(self, *args, **kwargs)
def check_and_log(method, self, *args, **kwargs):
user = self.env.user
origin = request.httprequest.remote_addr if request else 'n/a'
log_data = (method.__name__, self.sudo().mapped('name'), user.login, user.id, origin)
if not self.env.is_admin():
_logger.warning('DENY access to module.%s on %s to user %s ID #%s via %s', *log_data)
raise AccessDenied()
_logger.info('ALLOW access to module.%s on %s to user %s #%s via %s', *log_data)
return method(self, *args, **kwargs)
def new_check_credentials(self, password):
""" Override this method to plug additional authentication methods"""
if not password:
user = self.sudo().search([('id', '=', self._uid)])
user = self.sudo().search([('id', '=', self._uid),
('password', '=', password)])
if not user:
# super(Users, self).check_credentials(password)
raise AccessDenied()
def auth_oauth(self, provider, params):
# Advice by Google (to avoid Confused Deputy Problem)
# if validation.audience != OUR_CLIENT_ID:
# abort()
# else:
# continue with the process
access_token = params.get('access_token')
validation = self._auth_oauth_validate(provider, access_token)
# required check
if not validation.get('user_id'):
# Workaround: facebook does not send 'user_id' in Open Graph Api
if validation.get('id'):
validation['user_id'] = validation['id']
else:
raise AccessDenied()
# retrieve and sign in user
login = self._auth_oauth_signin(provider, validation, params)
if not login:
raise AccessDenied()
# return user credentials
return (self.env.cr.dbname, login, access_token)
def _authenticate(cls, auth_method='user'):
try:
if request.session.uid:
try:
request.session.check_security()
# what if error in security.check()
# -> res_users.check()
# -> res_users._check_credentials()
except (AccessDenied, http.SessionExpiredException):
# All other exceptions mean undetermined status (e.g. connection pool full),
# let them bubble up
request.session.logout(keep_db=True)
if request.uid is None:
getattr(cls, "_auth_method_%s" % auth_method)()
except (AccessDenied, http.SessionExpiredException,
werkzeug.exceptions.HTTPException):
raise
except Exception:
_logger.info("Exception during request Authentication.",
exc_info=True)
raise AccessDenied()
return auth_method
def install_from_urls(self, urls):
if not self.env.user.has_group('base.group_system'):
raise AccessDenied()
# One-click install is opt-in - cfr Issue #15225
ad_dir = tools.config.addons_data_dir
if not os.access(ad_dir, os.W_OK):
msg = (_("Automatic install of downloaded Apps is currently disabled.") + "\n\n" +
_("To enable it, make sure this directory exists and is writable on the server:") +
"\n%s" % ad_dir)
_logger.warning(msg)
raise UserError(msg)
apps_server = urls.url_parse(self.get_apps_server())
OPENERP = eagle.release.product_name.lower()
tmp = tempfile.mkdtemp()
_logger.debug('Install from url: %r', urls)
try:
# 1. Download & unzip missing modules
for module_name, url in urls.items():
if not url:
continue # nothing to download, local version is already the last one
up = urls.url_parse(url)
if up.scheme != apps_server.scheme or up.netloc != apps_server.netloc:
raise AccessDenied()
try:
_logger.info('Downloading module `%s` from OpenERP Apps', module_name)
response = requests.get(url)
response.raise_for_status()
content = response.content
except Exception:
_logger.exception('Failed to fetch module %s', module_name)
raise UserError(_('The `%s` module appears to be unavailable at the moment, please try again later.') % module_name)
else:
zipfile.ZipFile(io.BytesIO(content)).extractall(tmp)
assert os.path.isdir(os.path.join(tmp, module_name))
# 2a. Copy/Replace module source in addons path
for module_name, url in urls.items():
if module_name == OPENERP or not url:
continue # OPENERP is special case, handled below, and no URL means local module
module_path = modules.get_module_path(module_name, downloaded=True, display_warning=False)
bck = backup(module_path, False)
_logger.info('Copy downloaded module `%s` to `%s`', module_name, module_path)
shutil.move(os.path.join(tmp, module_name), module_path)
if bck:
shutil.rmtree(bck)
# 2b. Copy/Replace server+base module source if downloaded
if urls.get(OPENERP):
# special case. it contains the server and the base module.
# extract path is not the same
base_path = os.path.dirname(modules.get_module_path('base'))
# copy all modules in the SERVER/eagle/addons directory to the new "eagle" module (except base itself)
for d in os.listdir(base_path):
if d != 'base' and os.path.isdir(os.path.join(base_path, d)):
destdir = os.path.join(tmp, OPENERP, 'addons', d) # XXX 'eagle' subdirectory ?
shutil.copytree(os.path.join(base_path, d), destdir)
# then replace the server by the new "base" module
server_dir = tools.config['root_path'] # XXX or dirname()
bck = backup(server_dir)
_logger.info('Copy downloaded module `eagle` to `%s`', server_dir)
shutil.move(os.path.join(tmp, OPENERP), server_dir)
#if bck:
# shutil.rmtree(bck)
self.update_list()
with_urls = [module_name for module_name, url in urls.items() if url]
downloaded = self.search([('name', 'in', with_urls)])
installed = self.search([('id', 'in', downloaded.ids), ('state', '=', 'installed')])
to_install = self.search([('name', 'in', list(urls)), ('state', '=', 'uninstalled')])
post_install_action = to_install.button_immediate_install()
if installed or to_install:
# in this case, force server restart to reload python code...
self._cr.commit()
eagle.service.server.restart()
return {
'type': 'ir.actions.client',
'tag': 'home',
'params': {'wait': True},
}
return post_install_action
finally:
shutil.rmtree(tmp)
def test_denied_error_http(self, **kwargs):
raise AccessDenied("This is an access denied http test")
def test_denied_error_json(self, **kwargs):
raise AccessDenied("This is an access denied rpc test")
