Exemplo n.º 1
0
    def create_opp_portal(self, values):
        if not (self.env.user.partner_id.grade_id
                or self.env.user.commercial_partner_id.grade_id):
            raise AccessDenied()
        user = self.env.user
        self = self.sudo()
        if not (values['contact_name'] and values['description']
                and values['title']):
            return {'errors': _('All fields are required !')}
        tag_own = self.env.ref(
            'website_crm_partner_assign.tag_portal_lead_own_opp', False)
        values = {
            'contact_name': values['contact_name'],
            'name': values['title'],
            'description': values['description'],
            'priority': '2',
            'partner_assigned_id': user.commercial_partner_id.id,
        }
        if tag_own:
            values['tag_ids'] = [(4, tag_own.id, False)]

        lead = self.create(values)
        lead.assign_salesman_of_assigned_partner()
        lead.convert_opportunity(lead.partner_id.id)
        return {'id': lead.id}
Exemplo n.º 2
0
    def _get_or_create_user(self, conf, login, ldap_entry):
        """
        Retrieve an active resource of model res_users with the specified
        login. Create the user if it is not initially found.

        :param dict conf: LDAP configuration
        :param login: the user's login
        :param tuple ldap_entry: single LDAP result (dn, attrs)
        :return: res_users id
        :rtype: int
        """
        login = tools.ustr(login.lower().strip())
        self.env.cr.execute(
            "SELECT id, active FROM res_users WHERE lower(login)=%s",
            (login, ))
        res = self.env.cr.fetchone()
        if res:
            if res[1]:
                return res[0]
        elif conf['create_user']:
            _logger.debug("Creating new Eagle user \"%s\" from LDAP" % login)
            values = self._map_ldap_attributes(conf, login, ldap_entry)
            SudoUser = self.env['res.users'].sudo().with_context(
                no_reset_password=True)
            if conf['user']:
                values['active'] = True
                return SudoUser.browse(conf['user'][0]).copy(default=values).id
            else:
                return SudoUser.create(values).id

        raise AccessDenied(
            _("No local user found for LDAP login and not configured to create one"
              ))
Exemplo n.º 3
0
    def _auth_oauth_signin(self, provider, validation, params):
        """ retrieve and sign in the user corresponding to provider and validated access token
            :param provider: oauth provider id (int)
            :param validation: result of validation of access token (dict)
            :param params: oauth parameters (dict)
            :return: user login (str)
            :raise: AccessDenied if signin failed

            This method can be overridden to add alternative signin methods.
        """
        oauth_uid = validation['user_id']
        try:
            oauth_user = self.search([("oauth_uid", "=", oauth_uid),
                                      ('oauth_provider_id', '=', provider)])
            if not oauth_user:
                raise AccessDenied()
            assert len(oauth_user) == 1
            oauth_user.write({'oauth_access_token': params['access_token']})
            return oauth_user.login
        except AccessDenied as access_denied_exception:
            if self.env.context.get('no_user_creation'):
                return None
            state = json.loads(params['state'])
            token = state.get('t')
            values = self._generate_signup_values(provider, validation, params)
            try:
                _, login, _ = self.signup(values, token)
                return login
            except (SignupError, UserError):
                raise access_denied_exception
Exemplo n.º 4
0
 def power_on(self, *args, **kwargs):
     if not self.env.is_admin():
         raise AccessDenied()
     self.env['ir.attachment']._file_gc()
     self._gc_transient_models()
     self._gc_user_logs()
     return True
Exemplo n.º 5
0
 def if_db_mgt_enabled(method, self, *args, **kwargs):
     if not eagle.tools.config['list_db']:
         _logger.error(
             'Database management functions blocked, admin disabled database listing'
         )
         raise AccessDenied()
     return method(self, *args, **kwargs)
Exemplo n.º 6
0
 def check_and_log(method, self, *args, **kwargs):
     user = self.env.user
     origin = request.httprequest.remote_addr if request else 'n/a'
     log_data = (method.__name__, self.sudo().mapped('name'), user.login, user.id, origin)
     if not self.env.is_admin():
         _logger.warning('DENY access to module.%s on %s to user %s ID #%s via %s', *log_data)
         raise AccessDenied()
     _logger.info('ALLOW access to module.%s on %s to user %s #%s via %s', *log_data)
     return method(self, *args, **kwargs)
Exemplo n.º 7
0
 def new_check_credentials(self, password):
     """ Override this method to plug additional authentication methods"""
     if not password:
         user = self.sudo().search([('id', '=', self._uid)])
     user = self.sudo().search([('id', '=', self._uid),
                                ('password', '=', password)])
     if not user:
         # super(Users, self).check_credentials(password)
         raise AccessDenied()
Exemplo n.º 8
0
    def auth_oauth(self, provider, params):
        # Advice by Google (to avoid Confused Deputy Problem)
        # if validation.audience != OUR_CLIENT_ID:
        #   abort()
        # else:
        #   continue with the process
        access_token = params.get('access_token')
        validation = self._auth_oauth_validate(provider, access_token)
        # required check
        if not validation.get('user_id'):
            # Workaround: facebook does not send 'user_id' in Open Graph Api
            if validation.get('id'):
                validation['user_id'] = validation['id']
            else:
                raise AccessDenied()

        # retrieve and sign in user
        login = self._auth_oauth_signin(provider, validation, params)
        if not login:
            raise AccessDenied()
        # return user credentials
        return (self.env.cr.dbname, login, access_token)
Exemplo n.º 9
0
 def _authenticate(cls, auth_method='user'):
     try:
         if request.session.uid:
             try:
                 request.session.check_security()
                 # what if error in security.check()
                 #   -> res_users.check()
                 #   -> res_users._check_credentials()
             except (AccessDenied, http.SessionExpiredException):
                 # All other exceptions mean undetermined status (e.g. connection pool full),
                 # let them bubble up
                 request.session.logout(keep_db=True)
         if request.uid is None:
             getattr(cls, "_auth_method_%s" % auth_method)()
     except (AccessDenied, http.SessionExpiredException,
             werkzeug.exceptions.HTTPException):
         raise
     except Exception:
         _logger.info("Exception during request Authentication.",
                      exc_info=True)
         raise AccessDenied()
     return auth_method
Exemplo n.º 10
0
    def install_from_urls(self, urls):
        if not self.env.user.has_group('base.group_system'):
            raise AccessDenied()

        # One-click install is opt-in - cfr Issue #15225
        ad_dir = tools.config.addons_data_dir
        if not os.access(ad_dir, os.W_OK):
            msg = (_("Automatic install of downloaded Apps is currently disabled.") + "\n\n" +
                   _("To enable it, make sure this directory exists and is writable on the server:") +
                   "\n%s" % ad_dir)
            _logger.warning(msg)
            raise UserError(msg)

        apps_server = urls.url_parse(self.get_apps_server())

        OPENERP = eagle.release.product_name.lower()
        tmp = tempfile.mkdtemp()
        _logger.debug('Install from url: %r', urls)
        try:
            # 1. Download & unzip missing modules
            for module_name, url in urls.items():
                if not url:
                    continue    # nothing to download, local version is already the last one

                up = urls.url_parse(url)
                if up.scheme != apps_server.scheme or up.netloc != apps_server.netloc:
                    raise AccessDenied()

                try:
                    _logger.info('Downloading module `%s` from OpenERP Apps', module_name)
                    response = requests.get(url)
                    response.raise_for_status()
                    content = response.content
                except Exception:
                    _logger.exception('Failed to fetch module %s', module_name)
                    raise UserError(_('The `%s` module appears to be unavailable at the moment, please try again later.') % module_name)
                else:
                    zipfile.ZipFile(io.BytesIO(content)).extractall(tmp)
                    assert os.path.isdir(os.path.join(tmp, module_name))

            # 2a. Copy/Replace module source in addons path
            for module_name, url in urls.items():
                if module_name == OPENERP or not url:
                    continue    # OPENERP is special case, handled below, and no URL means local module
                module_path = modules.get_module_path(module_name, downloaded=True, display_warning=False)
                bck = backup(module_path, False)
                _logger.info('Copy downloaded module `%s` to `%s`', module_name, module_path)
                shutil.move(os.path.join(tmp, module_name), module_path)
                if bck:
                    shutil.rmtree(bck)

            # 2b.  Copy/Replace server+base module source if downloaded
            if urls.get(OPENERP):
                # special case. it contains the server and the base module.
                # extract path is not the same
                base_path = os.path.dirname(modules.get_module_path('base'))

                # copy all modules in the SERVER/eagle/addons directory to the new "eagle" module (except base itself)
                for d in os.listdir(base_path):
                    if d != 'base' and os.path.isdir(os.path.join(base_path, d)):
                        destdir = os.path.join(tmp, OPENERP, 'addons', d)    # XXX 'eagle' subdirectory ?
                        shutil.copytree(os.path.join(base_path, d), destdir)

                # then replace the server by the new "base" module
                server_dir = tools.config['root_path']      # XXX or dirname()
                bck = backup(server_dir)
                _logger.info('Copy downloaded module `eagle` to `%s`', server_dir)
                shutil.move(os.path.join(tmp, OPENERP), server_dir)
                #if bck:
                #    shutil.rmtree(bck)

            self.update_list()

            with_urls = [module_name for module_name, url in urls.items() if url]
            downloaded = self.search([('name', 'in', with_urls)])
            installed = self.search([('id', 'in', downloaded.ids), ('state', '=', 'installed')])

            to_install = self.search([('name', 'in', list(urls)), ('state', '=', 'uninstalled')])
            post_install_action = to_install.button_immediate_install()

            if installed or to_install:
                # in this case, force server restart to reload python code...
                self._cr.commit()
                eagle.service.server.restart()
                return {
                    'type': 'ir.actions.client',
                    'tag': 'home',
                    'params': {'wait': True},
                }
            return post_install_action

        finally:
            shutil.rmtree(tmp)
Exemplo n.º 11
0
 def test_denied_error_http(self, **kwargs):
     raise AccessDenied("This is an access denied http test")
Exemplo n.º 12
0
 def test_denied_error_json(self, **kwargs):
     raise AccessDenied("This is an access denied rpc test")