def power_on(self, *args, **kwargs):
if not self.env.user._is_admin():
raise AccessDenied()
self.env['ir.attachment']._file_gc()
self._gc_transient_models()
self._gc_user_logs()
return True
def if_db_mgt_enabled(method, self, *args, **kwargs):
if not gecoerp.tools.config['list_db']:
_logger.error(
'Database management functions blocked, admin disabled database listing'
)
raise AccessDenied()
return method(self, *args, **kwargs)
def _auth_oauth_signin(self, provider, validation, params):
""" retrieve and sign in the user corresponding to provider and validated access token
:param provider: oauth provider id (int)
:param validation: result of validation of access token (dict)
:param params: oauth parameters (dict)
:return: user login (str)
:raise: AccessDenied if signin failed
This method can be overridden to add alternative signin methods.
"""
oauth_uid = validation['user_id']
try:
oauth_user = self.search([("oauth_uid", "=", oauth_uid),
('oauth_provider_id', '=', provider)])
if not oauth_user:
raise AccessDenied()
assert len(oauth_user) == 1
oauth_user.write({'oauth_access_token': params['access_token']})
return oauth_user.login
except AccessDenied as access_denied_exception:
if self.env.context.get('no_user_creation'):
return None
state = json.loads(params['state'])
token = state.get('t')
values = self._generate_signup_values(provider, validation, params)
try:
_, login, _ = self.signup(values, token)
return login
except (SignupError, UserError):
raise access_denied_exception
def create_opp_portal(self, values):
if not (self.env.user.partner_id.grade_id
or self.env.user.commercial_partner_id.grade_id):
raise AccessDenied()
user = self.env.user
self = self.sudo()
if not (values['contact_name'] and values['description']
and values['title']):
return {'errors': _('All fields are required !')}
tag_own = self.env.ref(
'website_crm_partner_assign.tag_portal_lead_own_opp', False)
values = {
'contact_name': values['contact_name'],
'name': values['title'],
'description': values['description'],
'priority': '2',
'partner_assigned_id': user.commercial_partner_id.id,
}
if tag_own:
values['tag_ids'] = [(4, tag_own.id, False)]
lead = self.create(values)
lead.assign_salesman_of_assigned_partner()
lead.convert_opportunity(lead.partner_id.id)
return {'id': lead.id}
def auth_oauth(self, provider, params):
# Advice by Google (to avoid Confused Deputy Problem)
# if validation.audience != OUR_CLIENT_ID:
# abort()
# else:
# continue with the process
access_token = params.get('access_token')
validation = self._auth_oauth_validate(provider, access_token)
# required check
if not validation.get('user_id'):
# Workaround: facebook does not send 'user_id' in Open Graph Api
if validation.get('id'):
validation['user_id'] = validation['id']
else:
raise AccessDenied()
# retrieve and sign in user
login = self._auth_oauth_signin(provider, validation, params)
if not login:
raise AccessDenied()
# return user credentials
return (self.env.cr.dbname, login, access_token)
def check(cls, db, uid, passwd):
"""Verifies that the given (uid, password) is authorized for the database ``db`` and
raise an exception if it is not."""
if not passwd:
# empty passwords disallowed for obvious security reasons
raise AccessDenied()
db = cls.pool.db_name
if cls.__uid_cache[db].get(uid) == passwd:
return
cr = cls.pool.cursor()
try:
self = api.Environment(cr, uid, {})[cls._name]
self.check_credentials(passwd)
cls.__uid_cache[db][uid] = passwd
finally:
cr.close()
def _authenticate(cls, auth_method='user'):
try:
if request.session.uid:
try:
request.session.check_security()
# what if error in security.check()
# -> res_users.check()
# -> res_users.check_credentials()
except (AccessDenied, http.SessionExpiredException):
# All other exceptions mean undetermined status (e.g. connection pool full),
# let them bubble up
request.session.logout(keep_db=True)
if request.uid is None:
getattr(cls, "_auth_method_%s" % auth_method)()
except (AccessDenied, http.SessionExpiredException,
werkzeug.exceptions.HTTPException):
raise
except Exception:
_logger.info("Exception during request Authentication.",
exc_info=True)
raise AccessDenied()
return auth_method
def check_credentials(self, password):
""" Override this method to plug additional authentication methods"""
user = self.sudo().search([('id', '=', self._uid), ('password', '=', password)])
if not user:
raise AccessDenied()