def slides_embed(self, slide_id, page="1", **kw): # Note : don't use the 'model' in the route (use 'slide_id'), otherwise if public cannot access the embedded # slide, the error will be the website.403 page instead of the one of the website_slides.embed_slide. # Do not forget the rendering here will be displayed in the embedded iframe # determine if it is embedded from external web page referrer_url = request.httprequest.headers.get('Referer', '') base_url = request.env['ir.config_parameter'].sudo().get_param( 'web.base.url') is_embedded = referrer_url and not bool( base_url in referrer_url) or False # try accessing slide, and display to corresponding template try: slide = request.env['slide.slide'].browse(slide_id) if is_embedded: request.env['slide.embed'].sudo().add_embed_url( slide.id, referrer_url) values = self._get_slide_detail(slide) values['page'] = page values['is_embedded'] = is_embedded if not values.get('private'): self._set_viewed_slide(slide, 'embed') return request.render('website_slides.embed_slide', values) except AccessError: # TODO : please, make it clean one day, or find another secure way to detect # if the slide can be embedded, and properly display the error message. slide = request.env['slide.slide'].sudo().browse(slide_id) return request.render('website_slides.embed_slide_forbidden', {'slide': slide})
def confirm_unsubscribe(self, channel, partner_id, token, **kw): subscriber = request.env['mail.channel.partner'].search([ ('channel_id', '=', channel.id), ('partner_id', '=', partner_id) ]) if not subscriber: partner = request.env['res.partner'].browse( partner_id).sudo().exists() # FIXME: remove try/except in master try: response = request.render( 'website_mail_channel.not_subscribed', {'partner_id': partner}) # make sure the rendering (and thus error if template is # missing) happens inside the try block response.flatten() return response except ValueError: return _( "The address %s is already unsubscribed or was never subscribed to any mailing list" ) % (partner.email) subscriber_token = channel._generate_action_token(partner_id, action='unsubscribe') if token != subscriber_token: return request.render( 'website_mail_channel.invalid_token_subscription') # remove partner channel.sudo().write({'channel_partner_ids': [(3, partner_id)]}) return request.render("website_mail_channel.confirmation_subscription", {'subscribing': False})
def add(self, option_id, order_id, token, **post): Order = request.env['sale.order'].sudo().browse(order_id) if token != Order.access_token: return request.render('website.404') if Order.state not in ['draft', 'sent']: return request.render( 'website.http_error', { 'status_code': 'Forbidden', 'status_message': _('You cannot add options to a confirmed order.') }) Option = request.env['sale.order.option'].sudo().browse(option_id) vals = { 'price_unit': Option.price_unit, 'website_description': Option.website_description, 'name': Option.name, 'order_id': Order.id, 'product_id': Option.product_id.id, 'layout_category_id': Option.layout_category_id.id, 'product_uom_qty': Option.quantity, 'product_uom': Option.uom_id.id, 'discount': Option.discount, } OrderLine = request.env['sale.order.line'].sudo().create(vals) OrderLine._compute_tax_id() Option.write({'line_id': OrderLine.id}) return werkzeug.utils.redirect("/quote/%s/%s#pricing" % (Order.id, token))
def jobs_detail(self, job, **kwargs): if not request.env.user.has_group('website.group_website_publisher') \ and request.website.id not in job.website_ids.ids: return request.render('website.404') return request.render("website_hr_recruitment.detail", { 'job': job, 'main_object': job, })
def event_register(self, event, **post): if not request.env.user.has_group('website.group_website_publisher') \ and request.website != event.website_id: return request.render('website.404') values = { 'event': event, 'main_object': event, 'range': range, 'registrable': event._is_event_registrable() } return request.render("website_event.event_description_full", values)
def statistics_shorten_url(self, code, **post): code = request.env['link.tracker.code'].search([('code', '=', code)], limit=1) if code: return request.render("website_links.graphs", code.link_id.read()[0]) else: return werkzeug.utils.redirect('', 301)
def tags(self, forum, tag_char=None, **post): # build the list of tag first char, with their value as tag_char param Ex : [('All', 'all'), ('C', 'c'), ('G', 'g'), ('Z', z)] first_char_tag = forum.get_tags_first_char() first_char_list = [(t, t.lower()) for t in first_char_tag if t.isalnum()] first_char_list.insert(0, (_('All'), 'all')) # get active first char tag active_char_tag = first_char_list[1][1] if len( first_char_list) > 1 else 'all' if tag_char: active_char_tag = tag_char.lower() # generate domain for searched tags domain = [('forum_id', '=', forum.id), ('posts_count', '>', 0)] order_by = 'name' if active_char_tag and active_char_tag != 'all': domain.append( ('name', '=ilike', tools.escape_psql(active_char_tag) + '%')) order_by = 'posts_count DESC' tags = request.env['forum.tag'].search(domain, limit=None, order=order_by) # prepare values and render template values = self._prepare_forum_values(forum=forum, searches={'tags': True}, **post) values.update({ 'tags': tags, 'pager_tag_chars': first_char_list, 'active_char_tag': active_char_tag, }) return request.render("website_forum.tag", values)
def web_auth_signup(self, *args, **kw): qcontext = self.get_auth_signup_qcontext() if not qcontext.get('token') and not qcontext.get('signup_enabled'): raise werkzeug.exceptions.NotFound() if 'error' not in qcontext and request.httprequest.method == 'POST': try: self.do_signup(qcontext) # Send an account creation confirmation email if qcontext.get('token'): user_sudo = request.env['res.users'].sudo().search([('login', '=', qcontext.get('login'))]) template = request.env.ref('auth_signup.mail_template_user_signup_account_created', raise_if_not_found=False) if user_sudo and template: template.sudo().with_context( lang=user_sudo.lang, auth_login=werkzeug.url_encode({'auth_login': user_sudo.email}), password=request.params.get('password') ).send_mail(user_sudo.id, force_send=True) return super(AuthSignupHome, self).web_login(*args, **kw) except UserError as e: qcontext['error'] = e.name or e.value except (SignupError, AssertionError) as e: if request.env["res.users"].sudo().search([("login", "=", qcontext.get("login"))]): qcontext["error"] = _("Another user is already registered using this email address.") else: _logger.error("%s", e) qcontext['error'] = _("Could not create a new account.") response = request.render('auth_signup.signup', qcontext) response.headers['X-Frame-Options'] = 'DENY' return response
def users(self, forum, page=1, **searches): User = request.env['res.users'] step = 30 tag_count = User.sudo().search_count([('karma', '>', 1), ('website_published', '=', True), ('website_ids', 'in', request.website.id)]) pager = request.website.pager(url="/forum/%s/users" % slug(forum), total=tag_count, page=page, step=step, scope=30) user_obj = User.sudo().search( [('karma', '>', 1), ('website_published', '=', True), ('website_ids', 'in', request.website.id)], limit=step, offset=pager['offset'], order='karma DESC') # put the users in block of 3 to display them as a table users = [[] for i in range(len(user_obj) // 3 + 1)] for index, user in enumerate(user_obj): users[index // 3].append(user) searches['users'] = 'True' values = self._prepare_forum_values(forum=forum, searches=searches) values.update({ 'users': users, 'main_object': forum, 'notifications': self._get_notifications(), 'pager': pager, }) return request.render("website_forum.users", values)
def channel_list(self, **kw): # display the list of the channel channels = request.env['im_livechat.channel'].search([ ('website_published', '=', True) ]) values = {'channels': channels} return request.render('website_livechat.channel_list_page', values)
def web_auth_reset_password(self, *args, **kw): qcontext = self.get_auth_signup_qcontext() if not qcontext.get('token') and not qcontext.get('reset_password_enabled'): raise werkzeug.exceptions.NotFound() if 'error' not in qcontext and request.httprequest.method == 'POST': try: if qcontext.get('token'): self.do_signup(qcontext) return super(AuthSignupHome, self).web_login(*args, **kw) else: login = qcontext.get('login') assert login, _("No login provided.") _logger.info( "Password reset attempt for <%s> by user <%s> from %s", login, request.env.user.login, request.httprequest.remote_addr) request.env['res.users'].sudo().reset_password(login) qcontext['message'] = _("An email has been sent with credentials to reset your password") except SignupError: qcontext['error'] = _("Could not reset your password") _logger.exception('error when resetting password') except Exception as e: qcontext['error'] = str(e) response = request.render('auth_signup.reset_password', qcontext) response.headers['X-Frame-Options'] = 'DENY' return response
def FieldTextHtml(self, model=None, res_id=None, field=None, callback=None, **kwargs): kwargs.update(model=model, res_id=res_id, field=field, datarecord=json.loads(kwargs['datarecord']), debug=request.debug) for k in kwargs: if isinstance(kwargs[k], pycompat.string_types) and kwargs[k].isdigit(): kwargs[k] = int(kwargs[k]) trans = dict(lang=kwargs.get('lang', request.env.context.get('lang')), translatable=kwargs.get('translatable'), edit_translations=kwargs.get('edit_translations'), editable=kwargs.get('enable_editor')) kwargs.update(trans) record = None if model and kwargs.get('res_id'): record = request.env[model].with_context(trans).browse( kwargs.get('res_id')) kwargs.update(content=record and getattr(record, field) or "") return request.render(kwargs.get("template") or "web_editor.FieldTextHtml", kwargs, uid=request.uid)
def portal_my_requet(self, page=1, date_begin=None, date_end=None, sortby=None, **kw): values = self._prepare_portal_layout_values() ReturnRequest = request.env['rma.request'] domain = [ ('state', 'in', ['draft', 'confirmed', 'rma_created', 'replacement_created']) ] request_count = ReturnRequest.search_count(domain) pager = portal_pager(url="/my/request", url_args={}, total=request_count, page=page, step=self._items_per_page) # content according to pager and archive selected requests = ReturnRequest.sudo().search(domain, limit=self._items_per_page, offset=pager['offset']) request.session['my_requests_history'] = requests.ids[:100] values.update({ 'date': date_begin, 'requests': requests.sudo(), 'page_name': 'return_request', 'pager': pager, 'archive_groups': '', 'default_url': '/my/request', 'searchbar_sortings': '', 'sortby': sortby, }) return request.render("website_rma.portal_my_requests", values)
def partners_detail(self, partner_id, **post): _, partner_id = unslug(partner_id) current_grade, current_country = None, None grade_id = post.get('grade_id') country_id = post.get('country_id') if grade_id: current_grade = request.env['res.partner.grade'].browse( int(grade_id)).exists() if country_id: current_country = request.env['res.country'].browse( int(country_id)).exists() if partner_id: partner = request.env['res.partner'].sudo().browse(partner_id) is_website_publisher = request.env['res.users'].has_group( 'website.group_website_publisher') if partner.exists() and ((partner.website_published and request.website in partner.website_ids) or is_website_publisher): values = { 'main_object': partner, 'partner': partner, 'current_grade': current_grade, 'current_country': current_country } return request.render("website_crm_partner_assign.partner", values) return self.partners(**post)
def fill_survey(self, survey, token, prev=None, **post): '''Display and validates a survey''' Survey = request.env['survey.survey'] UserInput = request.env['survey.user_input'] # Controls if the survey can be displayed errpage = self._check_bad_cases(survey) if errpage: return errpage # Load the user_input user_input = UserInput.sudo().search([('token', '=', token)], limit=1) if not user_input: # Invalid token return request.render("website.403") # Do not display expired survey (even if some pages have already been # displayed -- There's a time for everything!) errpage = self._check_deadline(user_input) if errpage: return errpage # Select the right page if user_input.state == 'new': # First page page, page_nr, last = Survey.next_page(user_input, 0, go_back=False) data = {'survey': survey, 'page': page, 'page_nr': page_nr, 'token': user_input.token} if last: data.update({'last': True}) return request.render('survey.survey', data) elif user_input.state == 'done': # Display success message return request.render('survey.sfinished', {'survey': survey, 'token': token, 'user_input': user_input}) elif user_input.state == 'skip': flag = (True if prev and prev == 'prev' else False) page, page_nr, last = Survey.next_page(user_input, user_input.last_displayed_page_id.id, go_back=flag) #special case if you click "previous" from the last page, then leave the survey, then reopen it from the URL, avoid crash if not page: page, page_nr, last = Survey.next_page(user_input, user_input.last_displayed_page_id.id, go_back=True) data = {'survey': survey, 'page': page, 'page_nr': page_nr, 'token': user_input.token} if last: data.update({'last': True}) return request.render('survey.survey', data) else: return request.render("website.403")
def portal_order_page(self, order=None, access_token=None, **kw): try: order_sudo = self._order_check_access(order, access_token=access_token) except AccessError: return request.redirect('/my') values = self._order_get_page_view_values(order_sudo, access_token, **kw) return request.render("sale.portal_order_page", values)
def web_auth_signup(self, *args, **kw): try: return super(PasswordSecurityHome, self).web_auth_signup(*args, **kw) except PassError as e: qcontext = self.get_auth_signup_qcontext() qcontext['error'] = e.message return request.render('auth_signup.signup', qcontext)
def print_survey(self, survey, token=None, **post): '''Display an survey in printable view; if <token> is set, it will grab the answers of the user_input_id that has <token>.''' return request.render('survey.survey_print', {'survey': survey, 'token': token, 'page_nr': 0, 'quizz_correction': True if survey.quizz_mode and token else False})
def partners_detail(self, partner_id, **post): _, partner_id = unslug(partner_id) if partner_id: partner_sudo = request.env['res.partner'].sudo().browse(partner_id) if not request.env.user.has_group('website.group_website_publisher') \ and request.website.id not in partner_sudo.website_ids.ids: return request.render('website.404') is_website_publisher = request.env['res.users'].has_group( 'website.group_website_publisher') if partner_sudo.exists() and (partner_sudo.website_published or is_website_publisher): values = { 'main_object': partner_sudo, 'partner': partner_sudo, 'edit_page': False } return request.render("website_partner.partner_page", values) return request.not_found()
def portal_my_invoice_detail(self, invoice_id, access_token=None, **kw): try: invoice_sudo = self._invoice_check_access(invoice_id, access_token) except AccessError: return request.redirect('/my') values = self._invoice_get_page_view_values(invoice_sudo, access_token, **kw) return request.render("account.portal_invoice_page", values)
def return_confirmation(self, **post): return_request_id = request.session.get('request_last_return_id') if return_request_id: return_request = request.env['rma.request'].sudo().browse( return_request_id) return request.render("website_rma.return_confirmation", {'return_req_id': return_request}) else: return request.redirect('/shop')
def mailing(self, mailing_id, email=None, res_id=None, **post): mailing = request.env['mail.mass_mailing'].sudo().browse(mailing_id) if mailing.exists(): if mailing.mailing_model_name == 'mail.mass_mailing.contact': contacts = request.env['mail.mass_mailing.contact'].sudo( ).search([('email', '=', email)]) return request.render('website_mass_mailing.page_unsubscribe', { 'contacts': contacts, 'email': email, 'mailing_id': mailing_id }) else: super(MassMailController, self).mailing(mailing_id, email=email, res_id=res_id, **post) return request.render('website_mass_mailing.page_unsubscribed')
def edit_profile(self, forum, user, **kwargs): countries = request.env['res.country'].search([]) values = self._prepare_forum_values(forum=forum, searches=kwargs) values.update({ 'email_required': kwargs.get('email_required'), 'countries': countries, 'notifications': self._get_notifications(), }) return request.render("website_forum.edit_profile", values)
def slides_index(self, *args, **post): """ Returns a list of available channels: if only one is available, redirects directly to its slides """ domain = [] if not request.env.user.has_group('website.group_website_designer'): domain += [("website_ids", "in", request.website.id)] channels = request.env['slide.channel'].search(domain, order='sequence, id') if not channels: return request.render("website_slides.channel_not_found") elif len(channels) == 1: return request.redirect("/slides/%s" % channels.id) return request.render( 'website_slides.channels', { 'channels': channels, 'user': request.env.user, 'is_public_user': request.env.user == request.website.user_id })
def blog_feed(self, blog, limit='15'): v = {} v['blog'] = blog v['base_url'] = request.env['ir.config_parameter'].sudo().get_param('web.base.url') v['posts'] = request.env['blog.post'].search([('blog_id','=', blog.id)], limit=min(int(limit), 50), order="post_date DESC") v['html2plaintext'] = html2plaintext r = request.render("website_blog.blog_feed", v, headers=[('Content-Type', 'application/atom+xml')]) return r
def post(self, toc, post, **kwargs): # TODO: implement a redirect instead of crash assert post.documentation_toc_id == toc, "Wrong post!" value = { 'toc': toc, 'post': post, 'main_object': post, 'forum': post.forum_id } return request.render("website_forum_doc.documentation_post", value)
def partners_detail(self, partner_id, **post): _, partner_id = unslug(partner_id) if partner_id: partner = request.env['res.partner'].sudo().browse(partner_id) if partner.exists( ) and partner.website_published and request.website in partner.website_ids: # TODO should be done with access rules values = {} values['main_object'] = values['partner'] = partner return request.render("website_membership.partner", values) return self.members(**post)
def partners_detail(self, partner_id, **post): _, partner_id = unslug(partner_id) if partner_id: partner = request.env['res.partner'].sudo().browse(partner_id) if partner.exists( ) and partner.website_published and request.website in partner.website_ids: values = {} values['main_object'] = values['partner'] = partner return request.render("website_customer.details", values) return self.customers(**post)
def _check_bad_cases(self, survey, token=None): # In case of bad survey, redirect to surveys list if not survey.sudo().exists(): return werkzeug.utils.redirect("/survey/") # In case of auth required, block public user if survey.auth_required and request.env.user == request.website.user_id: return request.render("survey.auth_required", {'survey': survey, 'token': token}) # In case of non open surveys if survey.stage_id.closed: return request.render("survey.notopen") # If there is no pages if not survey.page_ids: return request.render("survey.nopages", {'survey': survey}) # Everything seems to be ok return None
def confirm_subscribe(self, channel, partner_id, token, **kw): subscriber = request.env['mail.channel.partner'].search([ ('channel_id', '=', channel.id), ('partner_id', '=', partner_id) ]) if subscriber: # already registered, maybe clicked twice return request.render( 'website_mail_channel.invalid_token_subscription') subscriber_token = channel._generate_action_token(partner_id, action='subscribe') if token != subscriber_token: return request.render( 'website_mail_channel.invalid_token_subscription') # add partner channel.sudo().write({'channel_partner_ids': [(4, partner_id)]}) return request.render("website_mail_channel.confirmation_subscription", {'subscribing': True})