def slides_embed(self, slide_id, page="1", **kw):
# Note : don't use the 'model' in the route (use 'slide_id'), otherwise if public cannot access the embedded
# slide, the error will be the website.403 page instead of the one of the website_slides.embed_slide.
# Do not forget the rendering here will be displayed in the embedded iframe
# determine if it is embedded from external web page
referrer_url = request.httprequest.headers.get('Referer', '')
base_url = request.env['ir.config_parameter'].sudo().get_param(
'web.base.url')
is_embedded = referrer_url and not bool(
base_url in referrer_url) or False
# try accessing slide, and display to corresponding template
try:
slide = request.env['slide.slide'].browse(slide_id)
if is_embedded:
request.env['slide.embed'].sudo().add_embed_url(
slide.id, referrer_url)
values = self._get_slide_detail(slide)
values['page'] = page
values['is_embedded'] = is_embedded
if not values.get('private'):
self._set_viewed_slide(slide, 'embed')
return request.render('website_slides.embed_slide', values)
except AccessError: # TODO : please, make it clean one day, or find another secure way to detect
# if the slide can be embedded, and properly display the error message.
slide = request.env['slide.slide'].sudo().browse(slide_id)
return request.render('website_slides.embed_slide_forbidden',
{'slide': slide})
def confirm_unsubscribe(self, channel, partner_id, token, **kw):
subscriber = request.env['mail.channel.partner'].search([
('channel_id', '=', channel.id), ('partner_id', '=', partner_id)
])
if not subscriber:
partner = request.env['res.partner'].browse(
partner_id).sudo().exists()
# FIXME: remove try/except in master
try:
response = request.render(
'website_mail_channel.not_subscribed',
{'partner_id': partner})
# make sure the rendering (and thus error if template is
# missing) happens inside the try block
response.flatten()
return response
except ValueError:
return _(
"The address %s is already unsubscribed or was never subscribed to any mailing list"
) % (partner.email)
subscriber_token = channel._generate_action_token(partner_id,
action='unsubscribe')
if token != subscriber_token:
return request.render(
'website_mail_channel.invalid_token_subscription')
# remove partner
channel.sudo().write({'channel_partner_ids': [(3, partner_id)]})
return request.render("website_mail_channel.confirmation_subscription",
{'subscribing': False})
def add(self, option_id, order_id, token, **post):
Order = request.env['sale.order'].sudo().browse(order_id)
if token != Order.access_token:
return request.render('website.404')
if Order.state not in ['draft', 'sent']:
return request.render(
'website.http_error', {
'status_code':
'Forbidden',
'status_message':
_('You cannot add options to a confirmed order.')
})
Option = request.env['sale.order.option'].sudo().browse(option_id)
vals = {
'price_unit': Option.price_unit,
'website_description': Option.website_description,
'name': Option.name,
'order_id': Order.id,
'product_id': Option.product_id.id,
'layout_category_id': Option.layout_category_id.id,
'product_uom_qty': Option.quantity,
'product_uom': Option.uom_id.id,
'discount': Option.discount,
}
OrderLine = request.env['sale.order.line'].sudo().create(vals)
OrderLine._compute_tax_id()
Option.write({'line_id': OrderLine.id})
return werkzeug.utils.redirect("/quote/%s/%s#pricing" %
(Order.id, token))
def jobs_detail(self, job, **kwargs):
if not request.env.user.has_group('website.group_website_publisher') \
and request.website.id not in job.website_ids.ids:
return request.render('website.404')
return request.render("website_hr_recruitment.detail", {
'job': job,
'main_object': job,
})
def event_register(self, event, **post):
if not request.env.user.has_group('website.group_website_publisher') \
and request.website != event.website_id:
return request.render('website.404')
values = {
'event': event,
'main_object': event,
'range': range,
'registrable': event._is_event_registrable()
}
return request.render("website_event.event_description_full", values)
def statistics_shorten_url(self, code, **post):
code = request.env['link.tracker.code'].search([('code', '=', code)], limit=1)
if code:
return request.render("website_links.graphs", code.link_id.read()[0])
else:
return werkzeug.utils.redirect('', 301)
def tags(self, forum, tag_char=None, **post):
# build the list of tag first char, with their value as tag_char param Ex : [('All', 'all'), ('C', 'c'), ('G', 'g'), ('Z', z)]
first_char_tag = forum.get_tags_first_char()
first_char_list = [(t, t.lower()) for t in first_char_tag
if t.isalnum()]
first_char_list.insert(0, (_('All'), 'all'))
# get active first char tag
active_char_tag = first_char_list[1][1] if len(
first_char_list) > 1 else 'all'
if tag_char:
active_char_tag = tag_char.lower()
# generate domain for searched tags
domain = [('forum_id', '=', forum.id), ('posts_count', '>', 0)]
order_by = 'name'
if active_char_tag and active_char_tag != 'all':
domain.append(
('name', '=ilike', tools.escape_psql(active_char_tag) + '%'))
order_by = 'posts_count DESC'
tags = request.env['forum.tag'].search(domain,
limit=None,
order=order_by)
# prepare values and render template
values = self._prepare_forum_values(forum=forum,
searches={'tags': True},
**post)
values.update({
'tags': tags,
'pager_tag_chars': first_char_list,
'active_char_tag': active_char_tag,
})
return request.render("website_forum.tag", values)
def web_auth_signup(self, *args, **kw):
qcontext = self.get_auth_signup_qcontext()
if not qcontext.get('token') and not qcontext.get('signup_enabled'):
raise werkzeug.exceptions.NotFound()
if 'error' not in qcontext and request.httprequest.method == 'POST':
try:
self.do_signup(qcontext)
# Send an account creation confirmation email
if qcontext.get('token'):
user_sudo = request.env['res.users'].sudo().search([('login', '=', qcontext.get('login'))])
template = request.env.ref('auth_signup.mail_template_user_signup_account_created', raise_if_not_found=False)
if user_sudo and template:
template.sudo().with_context(
lang=user_sudo.lang,
auth_login=werkzeug.url_encode({'auth_login': user_sudo.email}),
password=request.params.get('password')
).send_mail(user_sudo.id, force_send=True)
return super(AuthSignupHome, self).web_login(*args, **kw)
except UserError as e:
qcontext['error'] = e.name or e.value
except (SignupError, AssertionError) as e:
if request.env["res.users"].sudo().search([("login", "=", qcontext.get("login"))]):
qcontext["error"] = _("Another user is already registered using this email address.")
else:
_logger.error("%s", e)
qcontext['error'] = _("Could not create a new account.")
response = request.render('auth_signup.signup', qcontext)
response.headers['X-Frame-Options'] = 'DENY'
return response
def users(self, forum, page=1, **searches):
User = request.env['res.users']
step = 30
tag_count = User.sudo().search_count([('karma', '>', 1),
('website_published', '=', True),
('website_ids', 'in',
request.website.id)])
pager = request.website.pager(url="/forum/%s/users" % slug(forum),
total=tag_count,
page=page,
step=step,
scope=30)
user_obj = User.sudo().search(
[('karma', '>', 1), ('website_published', '=', True),
('website_ids', 'in', request.website.id)],
limit=step,
offset=pager['offset'],
order='karma DESC')
# put the users in block of 3 to display them as a table
users = [[] for i in range(len(user_obj) // 3 + 1)]
for index, user in enumerate(user_obj):
users[index // 3].append(user)
searches['users'] = 'True'
values = self._prepare_forum_values(forum=forum, searches=searches)
values.update({
'users': users,
'main_object': forum,
'notifications': self._get_notifications(),
'pager': pager,
})
return request.render("website_forum.users", values)
def channel_list(self, **kw):
# display the list of the channel
channels = request.env['im_livechat.channel'].search([
('website_published', '=', True)
])
values = {'channels': channels}
return request.render('website_livechat.channel_list_page', values)
def web_auth_reset_password(self, *args, **kw):
qcontext = self.get_auth_signup_qcontext()
if not qcontext.get('token') and not qcontext.get('reset_password_enabled'):
raise werkzeug.exceptions.NotFound()
if 'error' not in qcontext and request.httprequest.method == 'POST':
try:
if qcontext.get('token'):
self.do_signup(qcontext)
return super(AuthSignupHome, self).web_login(*args, **kw)
else:
login = qcontext.get('login')
assert login, _("No login provided.")
_logger.info(
"Password reset attempt for <%s> by user <%s> from %s",
login, request.env.user.login, request.httprequest.remote_addr)
request.env['res.users'].sudo().reset_password(login)
qcontext['message'] = _("An email has been sent with credentials to reset your password")
except SignupError:
qcontext['error'] = _("Could not reset your password")
_logger.exception('error when resetting password')
except Exception as e:
qcontext['error'] = str(e)
response = request.render('auth_signup.reset_password', qcontext)
response.headers['X-Frame-Options'] = 'DENY'
return response
def FieldTextHtml(self,
model=None,
res_id=None,
field=None,
callback=None,
**kwargs):
kwargs.update(model=model,
res_id=res_id,
field=field,
datarecord=json.loads(kwargs['datarecord']),
debug=request.debug)
for k in kwargs:
if isinstance(kwargs[k],
pycompat.string_types) and kwargs[k].isdigit():
kwargs[k] = int(kwargs[k])
trans = dict(lang=kwargs.get('lang', request.env.context.get('lang')),
translatable=kwargs.get('translatable'),
edit_translations=kwargs.get('edit_translations'),
editable=kwargs.get('enable_editor'))
kwargs.update(trans)
record = None
if model and kwargs.get('res_id'):
record = request.env[model].with_context(trans).browse(
kwargs.get('res_id'))
kwargs.update(content=record and getattr(record, field) or "")
return request.render(kwargs.get("template")
or "web_editor.FieldTextHtml",
kwargs,
uid=request.uid)
def portal_my_requet(self,
page=1,
date_begin=None,
date_end=None,
sortby=None,
**kw):
values = self._prepare_portal_layout_values()
ReturnRequest = request.env['rma.request']
domain = [
('state', 'in',
['draft', 'confirmed', 'rma_created', 'replacement_created'])
]
request_count = ReturnRequest.search_count(domain)
pager = portal_pager(url="/my/request",
url_args={},
total=request_count,
page=page,
step=self._items_per_page)
# content according to pager and archive selected
requests = ReturnRequest.sudo().search(domain,
limit=self._items_per_page,
offset=pager['offset'])
request.session['my_requests_history'] = requests.ids[:100]
values.update({
'date': date_begin,
'requests': requests.sudo(),
'page_name': 'return_request',
'pager': pager,
'archive_groups': '',
'default_url': '/my/request',
'searchbar_sortings': '',
'sortby': sortby,
})
return request.render("website_rma.portal_my_requests", values)
def partners_detail(self, partner_id, **post):
_, partner_id = unslug(partner_id)
current_grade, current_country = None, None
grade_id = post.get('grade_id')
country_id = post.get('country_id')
if grade_id:
current_grade = request.env['res.partner.grade'].browse(
int(grade_id)).exists()
if country_id:
current_country = request.env['res.country'].browse(
int(country_id)).exists()
if partner_id:
partner = request.env['res.partner'].sudo().browse(partner_id)
is_website_publisher = request.env['res.users'].has_group(
'website.group_website_publisher')
if partner.exists() and ((partner.website_published and
request.website in partner.website_ids)
or is_website_publisher):
values = {
'main_object': partner,
'partner': partner,
'current_grade': current_grade,
'current_country': current_country
}
return request.render("website_crm_partner_assign.partner",
values)
return self.partners(**post)
def fill_survey(self, survey, token, prev=None, **post):
'''Display and validates a survey'''
Survey = request.env['survey.survey']
UserInput = request.env['survey.user_input']
# Controls if the survey can be displayed
errpage = self._check_bad_cases(survey)
if errpage:
return errpage
# Load the user_input
user_input = UserInput.sudo().search([('token', '=', token)], limit=1)
if not user_input: # Invalid token
return request.render("website.403")
# Do not display expired survey (even if some pages have already been
# displayed -- There's a time for everything!)
errpage = self._check_deadline(user_input)
if errpage:
return errpage
# Select the right page
if user_input.state == 'new': # First page
page, page_nr, last = Survey.next_page(user_input, 0, go_back=False)
data = {'survey': survey, 'page': page, 'page_nr': page_nr, 'token': user_input.token}
if last:
data.update({'last': True})
return request.render('survey.survey', data)
elif user_input.state == 'done': # Display success message
return request.render('survey.sfinished', {'survey': survey,
'token': token,
'user_input': user_input})
elif user_input.state == 'skip':
flag = (True if prev and prev == 'prev' else False)
page, page_nr, last = Survey.next_page(user_input, user_input.last_displayed_page_id.id, go_back=flag)
#special case if you click "previous" from the last page, then leave the survey, then reopen it from the URL, avoid crash
if not page:
page, page_nr, last = Survey.next_page(user_input, user_input.last_displayed_page_id.id, go_back=True)
data = {'survey': survey, 'page': page, 'page_nr': page_nr, 'token': user_input.token}
if last:
data.update({'last': True})
return request.render('survey.survey', data)
else:
return request.render("website.403")
def portal_order_page(self, order=None, access_token=None, **kw):
try:
order_sudo = self._order_check_access(order, access_token=access_token)
except AccessError:
return request.redirect('/my')
values = self._order_get_page_view_values(order_sudo, access_token, **kw)
return request.render("sale.portal_order_page", values)
def web_auth_signup(self, *args, **kw):
try:
return super(PasswordSecurityHome,
self).web_auth_signup(*args, **kw)
except PassError as e:
qcontext = self.get_auth_signup_qcontext()
qcontext['error'] = e.message
return request.render('auth_signup.signup', qcontext)
def print_survey(self, survey, token=None, **post):
'''Display an survey in printable view; if <token> is set, it will
grab the answers of the user_input_id that has <token>.'''
return request.render('survey.survey_print',
{'survey': survey,
'token': token,
'page_nr': 0,
'quizz_correction': True if survey.quizz_mode and token else False})
def partners_detail(self, partner_id, **post):
_, partner_id = unslug(partner_id)
if partner_id:
partner_sudo = request.env['res.partner'].sudo().browse(partner_id)
if not request.env.user.has_group('website.group_website_publisher') \
and request.website.id not in partner_sudo.website_ids.ids:
return request.render('website.404')
is_website_publisher = request.env['res.users'].has_group(
'website.group_website_publisher')
if partner_sudo.exists() and (partner_sudo.website_published
or is_website_publisher):
values = {
'main_object': partner_sudo,
'partner': partner_sudo,
'edit_page': False
}
return request.render("website_partner.partner_page", values)
return request.not_found()
def portal_my_invoice_detail(self, invoice_id, access_token=None, **kw):
try:
invoice_sudo = self._invoice_check_access(invoice_id, access_token)
except AccessError:
return request.redirect('/my')
values = self._invoice_get_page_view_values(invoice_sudo, access_token,
**kw)
return request.render("account.portal_invoice_page", values)
def return_confirmation(self, **post):
return_request_id = request.session.get('request_last_return_id')
if return_request_id:
return_request = request.env['rma.request'].sudo().browse(
return_request_id)
return request.render("website_rma.return_confirmation",
{'return_req_id': return_request})
else:
return request.redirect('/shop')
def mailing(self, mailing_id, email=None, res_id=None, **post):
mailing = request.env['mail.mass_mailing'].sudo().browse(mailing_id)
if mailing.exists():
if mailing.mailing_model_name == 'mail.mass_mailing.contact':
contacts = request.env['mail.mass_mailing.contact'].sudo(
).search([('email', '=', email)])
return request.render('website_mass_mailing.page_unsubscribe',
{
'contacts': contacts,
'email': email,
'mailing_id': mailing_id
})
else:
super(MassMailController, self).mailing(mailing_id,
email=email,
res_id=res_id,
**post)
return request.render('website_mass_mailing.page_unsubscribed')
def edit_profile(self, forum, user, **kwargs):
countries = request.env['res.country'].search([])
values = self._prepare_forum_values(forum=forum, searches=kwargs)
values.update({
'email_required': kwargs.get('email_required'),
'countries': countries,
'notifications': self._get_notifications(),
})
return request.render("website_forum.edit_profile", values)
def slides_index(self, *args, **post):
""" Returns a list of available channels: if only one is available,
redirects directly to its slides
"""
domain = []
if not request.env.user.has_group('website.group_website_designer'):
domain += [("website_ids", "in", request.website.id)]
channels = request.env['slide.channel'].search(domain,
order='sequence, id')
if not channels:
return request.render("website_slides.channel_not_found")
elif len(channels) == 1:
return request.redirect("/slides/%s" % channels.id)
return request.render(
'website_slides.channels', {
'channels': channels,
'user': request.env.user,
'is_public_user': request.env.user == request.website.user_id
})
def blog_feed(self, blog, limit='15'):
v = {}
v['blog'] = blog
v['base_url'] = request.env['ir.config_parameter'].sudo().get_param('web.base.url')
v['posts'] = request.env['blog.post'].search([('blog_id','=', blog.id)],
limit=min(int(limit), 50),
order="post_date DESC")
v['html2plaintext'] = html2plaintext
r = request.render("website_blog.blog_feed", v, headers=[('Content-Type', 'application/atom+xml')])
return r
def post(self, toc, post, **kwargs):
# TODO: implement a redirect instead of crash
assert post.documentation_toc_id == toc, "Wrong post!"
value = {
'toc': toc,
'post': post,
'main_object': post,
'forum': post.forum_id
}
return request.render("website_forum_doc.documentation_post", value)
def partners_detail(self, partner_id, **post):
_, partner_id = unslug(partner_id)
if partner_id:
partner = request.env['res.partner'].sudo().browse(partner_id)
if partner.exists(
) and partner.website_published and request.website in partner.website_ids: # TODO should be done with access rules
values = {}
values['main_object'] = values['partner'] = partner
return request.render("website_membership.partner", values)
return self.members(**post)
def partners_detail(self, partner_id, **post):
_, partner_id = unslug(partner_id)
if partner_id:
partner = request.env['res.partner'].sudo().browse(partner_id)
if partner.exists(
) and partner.website_published and request.website in partner.website_ids:
values = {}
values['main_object'] = values['partner'] = partner
return request.render("website_customer.details", values)
return self.customers(**post)
def _check_bad_cases(self, survey, token=None):
# In case of bad survey, redirect to surveys list
if not survey.sudo().exists():
return werkzeug.utils.redirect("/survey/")
# In case of auth required, block public user
if survey.auth_required and request.env.user == request.website.user_id:
return request.render("survey.auth_required", {'survey': survey, 'token': token})
# In case of non open surveys
if survey.stage_id.closed:
return request.render("survey.notopen")
# If there is no pages
if not survey.page_ids:
return request.render("survey.nopages", {'survey': survey})
# Everything seems to be ok
return None
def confirm_subscribe(self, channel, partner_id, token, **kw):
subscriber = request.env['mail.channel.partner'].search([
('channel_id', '=', channel.id), ('partner_id', '=', partner_id)
])
if subscriber:
# already registered, maybe clicked twice
return request.render(
'website_mail_channel.invalid_token_subscription')
subscriber_token = channel._generate_action_token(partner_id,
action='subscribe')
if token != subscriber_token:
return request.render(
'website_mail_channel.invalid_token_subscription')
# add partner
channel.sudo().write({'channel_partner_ids': [(4, partner_id)]})
return request.render("website_mail_channel.confirmation_subscription",
{'subscribing': True})
