def web_login(self, redirect=None, **kw):
openerp.addons.web.controllers.main.ensure_db()
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/web?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db,
request.params['login'], request.params['password'])
if uid is not False:
self.save_session(request.cr, uid, request.context)
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = 'Login failed due to one of the following reasons:'
values['reason1'] = '- Wrong login/password'
values['reason2'] = '- User not allowed to have multiple logins'
values['reason3'] = '- User not allowed to login at this specific time or day'
return request.render('web.login', values)
def web_login(self, redirect=None, **kw):
openerp.addons.web.controllers.main.ensure_db()
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/web?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db,
request.params['login'],
request.params['password'])
if uid is not False:
self.save_session(request.cr, uid, request.context)
return http.redirect_with_hash(redirect)
request.uid = old_uid
values[
'error'] = 'Login failed due to one of the following reasons:'
values['reason1'] = '- Wrong login/password'
values['reason2'] = '- User not allowed to have multiple logins'
values[
'reason3'] = '- User not allowed to login at this specific time or day'
return request.render('web.login', values)
def web_login(self, redirect=None, **kw):
openerp.addons.web.controllers.main.ensure_db()
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/web?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db,
request.params['login'],
request.params['password'])
if uid is not False:
return http.redirect_with_hash(redirect)
request.uid = old_uid
values[
'error'] = "Login failed due to one of the following reasons"
values['error2'] = "- Wrong login/password"
values['error3'] = "- User already logged in from another system"
return request.render('web.login', values)
def web_login(self, redirect=None, **kw):
openerp.addons.web.controllers.main.ensure_db()
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/web?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password'])
if uid is not False:
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = "Login failed due to one of the following reasons"
values['error2'] = "- Wrong login/password"
values['error3'] = "- User already logged in from another system"
return request.render('web.login', values)
def sign_in(self, redirect=None, **kw):
request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate('demo', request.params['login'], request.params['password'])
if uid is not False:
request.params['login_success'] = True
if not redirect:
redirect = '/ga/admin'
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = "Wrong login/password"
return request.render('gpsi_website.ga/admin/login', values)
def web_login(self, redirect=None, **kw):
openerp.addons.web.controllers.main.ensure_db()
request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db,
request.params['login'],
request.params['password'])
if uid is not False:
request.params['login_success'] = True
if not redirect:
redirect = '/home'
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = "تسجيل الدخول خاطئ "
return request.render('web.login', values)
def smart_login(self, redirect=None, **kw):
#return "Method %s Session UID %s uid %s" % (request.httprequest.method,request.session.uid,request.uid)
ensure_db()
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if request.httprequest.method == 'GET' and request.session.uid:
# if request.httprequest.method == 'GET':
return http.redirect_with_hash('/dashboard')
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/dashboard?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db,
request.params['login'],
request.params['password'])
if uid is not False:
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = "Wrong login/password"
return request.render('smart_common.login', values)
def web_login(self, redirect=None, **kw):
main.ensure_db()
config = Controller.get_config_static(request, request.session.db)
if config.get('login_cas', False) == u'True':
res = self._cas_login(redirect)
if res:
return res
if request.httprequest.method == 'GET' and redirect and \
request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/web?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(
request.session.db, request.params['login'],
request.params['password'])
if uid is not False:
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = "Wrong login/password"
return request.render('web.login', values)
def smart_login(self, redirect=None, **kw):
#return "Method %s Session UID %s uid %s" % (request.httprequest.method,request.session.uid,request.uid)
ensure_db()
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if request.httprequest.method == 'GET' and request.session.uid:
# if request.httprequest.method == 'GET':
return http.redirect_with_hash('/dashboard')
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/dashboard?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password'])
if uid is not False:
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = "Wrong login/password"
return request.render('smart_common.login', values)
def web_login(self, redirect=None, **kw):
ensure_db()
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/web?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
# remote_check_otp ??? do we need this?
uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password'])
if uid is not False:
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _("Wrong login/password")
if request.env.ref('web.login', False):
return request.render('web.login', values)
else:
# probably not an odoo compatible database
error = 'Unable to login on database %s' % request.session.db
return werkzeug.utils.redirect('/web/database/selector?error=%s' % error, 303)
def web_login(self, redirect=None, **kw):
if not request.registry.get('ir.sessions'):
return super(Home_tkobr, self).web_login(redirect=redirect, **kw)
_logger.debug('Authentication method: Home_tkobr.web_login !')
openerp.addons.web.controllers.main.ensure_db()
multi_ok = True
calendar_set = 0
calendar_ok = False
calendar_group = ''
unsuccessful_message = ''
now = datetime.now()
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/web?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = False
db = request.session.db
login = request.params.get('login', None)
password = request.params.get('password', None)
(access_granted, uid,
unsuccessful_message) = self.check_session(db, login, password)
# if access_granted:
# return http.redirect_with_hash(redirect)
# >>> QTL ADD
if access_granted and uid is not False:
user = request.env['res.users'].browse(uid)
if user.has_group('website_timecheck.group_timecheck_trial'):
base_url = request.env['ir.config_parameter'].get_param(
'web.base.url')
redirect = base_url + '/shop/special_offer'
return http.redirect_with_hash(redirect)
# <<< QTL ADD
else:
request.uid = old_uid
values['error'] = _(
'Login failed due to one of the following reasons:')
values['reason1'] = _('- Wrong login/password')
values['reason2'] = _(
'- User not allowed to have multiple logins')
values['reason3'] = _(
'- User not allowed to login at this specific time or day')
return request.render('web.login', values)
def web_login(self, redirect=None, **kw):
super(Home, self).web_login(redirect, **kw)
request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db,
request.params['login'],
request.params['password'])
if uid is not False:
# 查找账号对应员工,如果员工hr.employee在草稿或者审批中,抛出错误。
admin_group_id = request.registry[
'ir.model.data'].xmlid_to_res_id(
request.cr, SUPERUSER_ID, 'base.group_configuration')
request.cr.execute(
"SELECT uid FROM res_groups_users_rel WHERE gid=%s and uid=%s",
(admin_group_id, uid))
admin_id = request.cr.dictfetchall()
# 网站设置管理员除外,不验证
if not admin_id:
request.cr.execute(
"SELECT id FROM resource_resource WHERE user_id=%s" %
uid)
employee_ids = request.cr.dictfetchall()
if employee_ids:
for employee_id in employee_ids[0]:
request.cr.execute(
"SELECT id,state FROM hr_employee WHERE resource_id=%s and (state=%s or state=%s)",
(employee_ids[0][employee_id], 'underway',
'draft'))
results = request.cr.dictfetchall()
if results:
values['error'] = _(
"您的账号正在入职审批流程中,暂时无法使用,请耐心等待审批完成")
return request.render('web.login', values)
request.params['login_success'] = True
if not redirect:
redirect = '/web'
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _("Wrong login/password")
return request.render('web.login', values)
def web_login(self, redirect=None, **kw):
'''
Except for Administrator, Do not allow user to login if
- User has no group profile
- User has group profile, but group profile has no inherited group
and access rights
'''
redirect = ''
main.ensure_db()
method = request.httprequest.method # @UndefinedVariable
if method == 'GET' and redirect and \
request.session.uid: # @UndefinedVariable
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy() # @UndefinedVariable
if not redirect:
redirect = '/web?' + \
request.httprequest.query_string # @UndefinedVariable
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST': # @UndefinedVariable
old_uid = request.uid
uid = request.session.authenticate( # @UndefinedVariable
request.session.db, # @UndefinedVariable
request.params['login'],
request.params['password'])
if uid:
# Allowing Admin to login (Admin has no profile)
if uid == 1:
return http.redirect_with_hash(redirect)
user = request.env['res.users'].sudo().browse(request.uid)
group = user.group_profile_id
group_inherits = group and group.implied_ids or False
model_access = group and group.model_access or False
if group and (group_inherits or model_access):
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = "Wrong login/password"
if request.env.ref('web.login', False): # @UndefinedVariable
return request.render('web.login', values) # @UndefinedVariable
else:
# probably not an odoo compatible database
error = 'Unable to login on database %s' % \
request.session.db # @UndefinedVariable
return werkzeug.utils.redirect(
'/web/database/selector?error=%s' % error, 303)
def web_login(self, redirect=None, **kw):
openerp.addons.web.controllers.main.ensure_db()
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
abc = get_my_conf()
values = request.params.copy()
values['title'] = abc.get('title')
values['power_by'] = abc.get('power_by')
logo = abc.get('logo')
icon = abc.get('icon') or ""
if logo:
fh = open(
'%s/%s' % (os.path.dirname(__file__).replace(
'controllers', ""), 'static/src/img/company_logo.gif'),
'wb')
fh.write(logo.decode('base64'))
fh.close()
# if icon:
fh = open(
'%s/%s' % (os.path.dirname(__file__).replace(
'controllers', ""), 'static/src/img/favicon.ico'), 'wb')
fh.write(icon.decode('base64'))
fh.close()
values['logo'] = abc.get('logo')
if not redirect:
redirect = '/web?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db,
request.params['login'],
request.params['password'])
if uid is not False:
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = "Wrong login/password"
if request.env.ref('web.login', False):
return request.render('web.login', values)
else:
# probably not an odoo compatible database
error = 'Unable to login on database %s' % request.session.db
return werkzeug.utils.redirect(
'/web/database/selector?error=%s' % error, 303)
def web_login(self, redirect=None, **kw):
"""redefind function to make username in login case-insensitive
"""
ensure_db()
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/web?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
username_lcase = (request.params['login']).lower()
login_list = {}
params_login = ''
users = request.registry['res.users'].search(
request.cr, openerp.SUPERUSER_ID, [('id', '>', 0)])
for user in request.registry['res.users'].browse(
request.cr, openerp.SUPERUSER_ID, users):
login_list[user.login.lower()] = user.login
for user2 in login_list:
if request.params['login'].lower() == user2:
params_login = login_list[user2]
uid = request.session.authenticate(request.session.db,
params_login,
request.params['password'])
if uid is not False:
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _("Wrong login/password")
if request.env.ref('web.login', False):
return request.render('web.login', values)
else:
# probably not an odoo compatible database
error = 'Unable to login on database %s' % request.session.db
return werkzeug.utils.redirect(
'/web/database/selector?error=%s' % error, 303)
def payment_pay2user(self, **post):
""" Payment Judgement"""
cr, uid, context, pool = request.cr, request.uid, request.context, request.registry
user = pool.get('res.users').browse(cr,
SUPERUSER_ID,
uid,
context=context)
# 如果没有设置实名或收款方式,则跳到相应的页面
if (not user.partner_id.name_real) or (
not user.partner_id.default_acquirer_id):
return http.redirect_with_hash(
'/payment/parameters/?redirect=/payment/pay2user/')
# 计算'提现中'的佣金
if user.partner_id:
user.partner_id.action_calc_commission()
inv_obj = pool.get('account.invoice')
ids = inv_obj.search(cr,
SUPERUSER_ID,
[('partner_id', '=', user.partner_id.id)],
context=context)
commissions = inv_obj.browse(cr, SUPERUSER_ID, ids, context=context)
return request.website.render("mobile_payment.payment_pay2user", {
'user': user,
'commissions': commissions
})
def supplier_info_save(self, supplierinfo=None, **post):
if supplierinfo.name != request.env.user.partner_id:
return request.website.render('website.404')
supplierinfo = supplierinfo.sudo()
form_vals = self.supplierinfo_field_parse(post)
values = self._prepare_render_values(supplierinfo, form_vals)
values['error'] = self.check_product_form_validate(form_vals)
if values["error"]:
return request.website.render(
"website_product_supplier.product",
values)
try:
form_vals.update({
'pricelist_ids': [(1, supplierinfo.pricelist_ids[0].id, {
'min_quantity': post.get('min_quantity', 0.0),
'price': post.get('price', 0.0)})]})
supplierinfo.write(self._prepare_supplierinfo_values(
supplierinfo, supplierinfo.product_tmpl_id, form_vals, post))
except:
values.update(error={'error_name': 'Invalid fields'})
return request.website.render(
"website_product_supplier.product",
values)
return http.redirect_with_hash(
'/my/supplier/product/%s' % supplierinfo.id)
def sign_up(self, redirect=None, **kw):
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
try:
company = request.env['res.company'].create_gaudit(
kw['company'], kw['email'])
user = request.env['res.users'].create_gaudit_owner(
kw['username'], kw['email'], kw['password'], company.id)
except AuditiiException as e:
values['create_error'] = "Email already exist!"
values['creating_account'] = True
uid = request.session.authenticate(DB_NAME, request.params['email'],
request.params['password'])
if uid is not False:
request.params['login_success'] = True
if not redirect:
redirect = '/ga/admin'
return http.redirect_with_hash(redirect)
return request.render('gpsi_auditii.admin/login', values)
def web_login(self, *args, **kw):
res = super(AuthSignup, self).web_login(*args, **kw)
if request.session.uid:
user = request.env['res.users'].browse(request.session.uid)
if not user.has_group('base.group_user'):
return http.redirect_with_hash('/')
return res
def web_login(self, *args, **kw):
ensure_db()
if request.httprequest.method == 'GET' and request.session.uid and request.params.get(
'redirect'):
# Redirect if already logged in and redirect param is present
return http.redirect_with_hash(request.params.get('redirect'))
providers = self.list_providers()
response = super(OAuthLogin, self).web_login(*args, **kw)
if response.is_qweb:
error = request.params.get('oauth_error')
if error == '1':
error = _("Sign up is not allowed on this database.")
elif error == '2':
error = _("Access Denied")
elif error == '3':
error = _(
"You do not have access to this database or your invitation has expired. Please ask for an invitation and be sure to follow the link in your invitation email."
)
else:
error = None
response.qcontext['providers'] = providers
if error:
response.qcontext['error'] = error
return response
def sign_up(self, redirect=None, **kw):
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
company = request.env['res.company'].sudo().create({
'name': request.params['company'],
'rml_header1': False,
'email': request.params['email'],
'currency_id': request.env['res.currency'].sudo().search([('name','=','USD')]).id
})
user = request.env['res.users'].sudo().create({
'name': request.params['username'],
'login': request.params['email'],
'password': request.params['password'],
'company_id': company.id,
'company_ids': [(4, company.id, False)]
})
uid = request.session.authenticate('demo', request.params['email'], request.params['password'])
if uid is not False:
request.params['login_success'] = True
if not redirect:
redirect = '/ga/admin'
return http.redirect_with_hash(redirect)
return request.render('gpsi_website.ga/admin/login', values)
def login_token(self,token,**post):
user_obj = request.env['res.users'].sudo()
uid = request.session.authenticate(request.session.db, token, '')
if uid is not False:
user = user_obj.browse(uid)
request.params['login_success'] = True
return http.redirect_with_hash(user.redirect or '/web')
def redirect_paginas(self, pagina):
prod_env = request.env['page.redirect'].sudo()
item = prod_env.search([('rota', '=', pagina)])
if item:
return http.redirect_with_hash(u'/%s' % item.nova_rota)
else:
return request.website.render("website.404")
def redirect_paginas(self, pagina):
prod_env = request.env['page.redirect'].sudo()
item = prod_env.search([('rota', '=', pagina)])
if item:
return http.redirect_with_hash(u'/%s' % item.nova_rota)
else:
return request.website.render("website.404")
def web_login(self, *args, **kw):
ensure_db()
response = super(AuthSignupHome, self).web_login(*args, **kw)
response.qcontext.update(self.get_auth_signup_config())
if request.httprequest.method == 'GET' and request.session.uid and request.params.get('redirect'):
# Redirect if already logged in and redirect param is present
return http.redirect_with_hash(request.params.get('redirect'))
return response
def web_login(self, *args, **kw):
ensure_db()
response = super(AuthSignupHome, self).web_login(*args, **kw)
response.qcontext.update(self.get_auth_signup_config())
if request.httprequest.method == 'GET' and request.session.uid and request.params.get('redirect'):
# Redirect if already logged in and redirect param is present
return http.redirect_with_hash(request.params.get('redirect'))
return response
def redirect_category(self, categoria):
prod_env = request.env['product.public.category'].sudo()
item = prod_env.search([('rota', '=', categoria)])
if len(item) >= 1:
url = "/shop/category/%s" % slug(item[0])
return http.redirect_with_hash(url)
else:
return request.website.render("website_sale.404")
def redirect_category(self, categoria):
prod_env = request.env['product.public.category'].sudo()
item = prod_env.search([('rota', '=', categoria)])
if len(item) >= 1:
url = "/shop/category/%s" % slug(item[0])
return http.redirect_with_hash(url)
else:
return request.website.render("website_sale.404")
def web_login(self, redirect=None, *args, **kw):
r = super(Website, self).web_login(redirect=redirect, *args, **kw)
if not redirect and request.params['login_success']:
if request.registry['res.users'].has_group(request.cr, request.uid, 'base.group_user'):
redirect = '/web?' + request.httprequest.query_string
else:
redirect = '/'
return http.redirect_with_hash(redirect)
return r
def web_login(self, redirect=None, **kw):
#ensure_db()
if (request.httprequest.method == 'GET' and
redirect and
request.session.uid
):
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/web?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
serial_id = request.params['serial_id']
users_obj = request.registry.get('res.users')
user_vals = users_obj.search_read(
request.cr, openerp.SUPERUSER_ID,
[('serial_id', '=', serial_id)],
['id', 'login']
)
if user_vals:
login = user_vals[0]['login']
password = serial_id
uid = request.session.authenticate(
request.session.db, login, password
)
if uid is not False:
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _('Wrong Serial Id')
return request.render('login_serial.login', values)
def redirect(self, res, **kw):
redirect = kw.get('redirect', '')
if request.session.uid and (not redirect or '/web?' in redirect):
params = parse_qs(urlparse(redirect).query, keep_blank_values=True)
return_url = params.pop('redirect', ['/'])[0]
if '/web?' in return_url:
return_url = '/'
return_url = '%s?%s' % (return_url, urlencode(params))
return http.redirect_with_hash(return_url)
return res
def web_login(self, redirect=None, **kw):
ensure_db()
processed_params = None
if redirect:
result = urlparse.urlparse(redirect)
if 'code' in urlparse.parse_qs(result.fragment):
processed_params = urlparse.parse_qs(result.fragment)
elif 'code' in urlparse.parse_qs(result.query):
processed_params = urlparse.parse_qs(result.query)
elif 'code' in urlparse.parse_qs(result.params):
processed_params = urlparse.parse_qs(result.query)
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
elif request.httprequest.method == 'GET' and redirect and processed_params:
user = self.get_user_id(processed_params)
if user:
uid = request.session.authenticate(request.session.db, login=user[0], password='******',
uid=user[1])
if uid is not False:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/mobile?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password'])
if uid is not False:
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = "Wrong login/password"
return request.render('odoosoft_mobile.login', values)
def web_login(self, *args, **kw):
mode = request.params.get('mode')
qcontext = request.params.copy()
super_response = None
if request.httprequest.method == 'GET' and request.session.uid and request.params.get('redirect'):
# Redirect if already logged in and redirect param is present
return http.redirect_with_hash(request.params.get('redirect'))
if request.httprequest.method != 'POST' or mode not in ('reset', 'signup'):
# Default behavior is to try to login, which in reset or signup mode in a non-sense.
super_response = super(AuthSignup, self).web_login(*args, **kw)
response = webmain.render_bootstrap_template(request.session.db, 'auth_signup.signup', qcontext, lazy=True)
if isinstance(super_response, LazyResponse):
response.params['values'].update(super_response.params['values'])
token = qcontext.get('token', None)
token_infos = None
if token:
try:
# retrieve the user info (name, login or email) corresponding to a signup token
res_partner = request.registry.get('res.partner')
token_infos = res_partner.signup_retrieve_info(request.cr, openerp.SUPERUSER_ID, token)
for k, v in token_infos.items():
qcontext.setdefault(k, v)
except:
qcontext['error'] = _("Invalid signup token")
response.params['template'] = 'web.login'
return response
# retrieve the module config (which features are enabled) for the login page
icp = request.registry.get('ir.config_parameter')
config = {
'signup': icp.get_param(request.cr, openerp.SUPERUSER_ID, 'auth_signup.allow_uninvited') == 'True',
'reset': icp.get_param(request.cr, openerp.SUPERUSER_ID, 'auth_signup.reset_password') == 'True',
}
qcontext.update(config)
if 'error' in request.params or mode not in ('reset', 'signup') or (not token and not config[mode]):
if isinstance(super_response, LazyResponse):
super_response.params['values'].update(config)
return super_response
if request.httprequest.method == 'GET':
if token_infos:
qcontext.update(token_infos)
else:
res_users = request.registry.get('res.users')
login = request.params.get('login')
if mode == 'reset' and not token:
try:
res_users.reset_password(request.cr, openerp.SUPERUSER_ID, login)
qcontext['message'] = _("An email has been sent with credentials to reset your password")
response.params['template'] = 'web.login'
except Exception, e:
qcontext['error'] = exception_to_unicode(e) or _("Could not reset your password")
_logger.exception('error when resetting password')
else:
def sudo_login_as(self, **post):
if request.params['user_id'] and request.params[
'login'] and request.params['password']:
user = request.env['res.users'].sudo().browse(
int(request.params['user_id']))
request.session['context']['lang'] = user.lang
request.session['context']['uid'] = user.id
request.session['uid'] = user.id
request.session['login'] = request.params['login']
request.session['password'] = request.params['password']
return http.redirect_with_hash('/')
def web_login_saass(self,**kw):
request.params['login_success'] = False
old_uid = request.uid
uid = request.session.authenticate(kw['database'], kw['username'], kw['pass'])
if uid is not False:
request.params['login_success'] = True
redirect = '/web'
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _("Wrong login/password")
return request.render('web.login', values)
def redirect_product(self, categoria, produto):
prod_env = request.env['product.template'].sudo()
categ_env = request.env['product.public.category'].sudo()
categ = categ_env.search([('rota', '=', categoria)])
item = prod_env.search([('rota', '=', produto),
('public_categ_ids', 'in', categ.ids)])
if len(item) >= 1:
url = "/shop/product/%s" % slug(item[0])
return http.redirect_with_hash(url)
else:
return request.website.render("website_sale.404")
def get_redirected_url(self, values, kwargs):
values = {}
for field in ['redirect_url']:
if kwargs.get(field):
values[field] = kwargs.pop(field)
values.update(kwargs=kwargs.items())
if values.get('redirect_url'):
url = values.get('redirect_url')
else:
url = 'http://www.google.com'
return http.redirect_with_hash(url)
def redirect_product(self, categoria, produto):
prod_env = request.env['product.template'].sudo()
categ_env = request.env['product.public.category'].sudo()
categ = categ_env.search([('rota', '=', categoria)])
item = prod_env.search([('rota', '=', produto),
('public_categ_ids', 'in', categ.ids)])
if len(item) >= 1:
url = "/shop/product/%s" % slug(item[0])
return http.redirect_with_hash(url)
else:
return request.website.render("website_sale.404")
def _build_debug_response(self):
result = None
try:
query = request.params
query.update({'debug': u''})
url = '/web?' + werkzeug.url_encode(query)
result = redirect_with_hash(url)
except Exception as ex:
_logger.error(self._error_response.format(ex))
return result
def _build_debug_response(self):
result = None
try:
query = request.params
query.update({'debug': u''})
url = '/web?' + werkzeug.url_encode(query)
result = redirect_with_hash(url)
except Exception as ex:
_logger.error(self._error_response.format(ex))
return result
def web_login(self, redirect=None, **kw):
main.ensure_db()
request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = odoo.SUPERUSER_ID
values = request.params.copy()
try:
values['databases'] = http.db_list()
except odoo.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
database = 'Backoffice24'
for db_name in odoo.service.db.list_dbs(force=False):
db = odoo.sql_db.db_connect(db_name)
with closing(db.cursor()) as cr:
cr.execute('SELECT login FROM res_users ORDER BY login')
rec = cr.fetchall()
if (request.params['login'],) in rec:
database = db_name
break
odoo.tools.config['dbfilter'] = database
username = request.params['login']
uid = request.session.authenticate(database, username, request.params['password'])
if uid is not False:
request.params['login_success'] = True
if not redirect:
redirect = '/web'
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = _("Wrong login/password")
return request.render('web.login', values)
def web_login(self, *args, **kw):
ensure_db()
response = super(PasswordSecurityHome, self).web_login(*args, **kw)
if not request.httprequest.method == 'POST':
return response
uid = request.session.authenticate(
request.session.db,
request.params['login'],
request.params['password']
)
if not uid:
return response
users_obj = request.env['res.users'].sudo()
user_id = users_obj.browse(request.uid)
if not user_id._password_has_expired():
return response
user_id.action_expire_password()
redirect = user_id.partner_id.signup_url
return http.redirect_with_hash(redirect)
def login_shop(self, redirect=None, **kw):
#response = self.web_login_shop(*args, **kw)
web.ensure_db()
values = request.params.copy()
if not redirect:
redirect = '/shop?' + request.httprequest.query_string
values['redirect'] = redirect
if request.httprequest.method == 'POST':
uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password'])
if uid is not False:
return http.redirect_with_hash(redirect)
values['error'] = _("Wrong login/password")
response = super(Home_extend, self).web_login(redirect=redirect, **kw)
if isinstance(response, LazyResponse):
values = dict(response.params['values'], disable_footer=True)
response = request.website.render(response.params['template'], values)
return response
def sudo_login(self, redirect=None, **post):
cr, uid, context, pool = request.cr, request.uid, request.context, request.registry
res_users = pool.get('res.users').browse(cr,uid,uid)
values={}
if request.httprequest.method == 'POST':
# Check if user can do sudo
request.session.sudo_id = request.uid
request.uid = pool.get('res.users').search(cr,uid,[('login','=',request.params['login'])])[0]
request.session.uid = request.uid
_logger.warning("Sudo: %s (%s)" % (request.uid,request.session.sudo_id))
#uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password'])
# if uid is not False:
return http.redirect_with_hash(redirect)
# request.uid = old_uid
#values['error'] = "Wrong login/password"
# values['res_users'] = pool.get('res.users').search(cr,uid,['&',('id','<>',uid),('company_id','=',res_users.company_id.id)])
# Check if user can do Sudo
values['res_users'] = pool.get('res.users').browse(cr,uid,pool.get('res.users').search(cr,uid,[]))
return request.render('auth_sudo.login', values)
def web_login(self, *args, **kw):
if request.httprequest.method == 'GET' and request.session.uid and request.params.get('redirect'):
# Redirect if already logged in and redirect param is present
return http.redirect_with_hash(request.params.get('redirect'))
providers = self.list_providers()
response = super(OAuthLogin, self).web_login(*args, **kw)
if isinstance(response, LazyResponse):
error = request.params.get('oauth_error')
if error == '1':
error = _("Sign up is not allowed on this database.")
elif error == '2':
error = _("Access Denied")
elif error == '3':
error = _("You do not have access to this database or your invitation has expired. Please ask for an invitation and be sure to follow the link in your invitation email.")
else:
error = None
response.params['values']['providers'] = providers
if error:
response.params['values']['error'] = error
return response
def web_login(self, *args, **kw):
ensure_db()
if request.httprequest.method == 'GET' and request.session.uid and request.params.get('redirect'):
# Redirect if already logged in and redirect param is present
return http.redirect_with_hash(request.params.get('redirect'))
providers = self.list_providers()
response = super(OAuthLogin, self).web_login(*args, **kw)
if response.is_qweb:
error = request.params.get('oauth_error')
if error == '1':
error = _("Sign up is not allowed on this database.")
elif error == '2':
error = _("Access Denied")
elif error == '3':
error = _("Only Email address with Hytechpro and Melimu domain is authorized to login into the application.")
else:
error = None
response.qcontext['providers'] = providers
if error:
response.qcontext['error'] = error
return response
def web_login(self, redirect=None, **kw):
ensure_db()
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return http.redirect_with_hash(redirect)
if not request.uid:
request.uid = openerp.SUPERUSER_ID
values = request.params.copy()
if not redirect:
redirect = '/web?' + request.httprequest.query_string
values['redirect'] = redirect
try:
values['databases'] = http.db_list()
except openerp.exceptions.AccessDenied:
values['databases'] = None
if request.httprequest.method == 'POST':
old_uid = request.uid
uid = request.session.authenticate(request.session.db, request.params['login'], request.params['password'])
cr, context = request.cr, request.context
pos_session = request.registry('pos.session')
def check_contraints(config_id):
check, value = False,None
domain = [
('state', '!=', 'closed'),
('config_id', '=', config_id)
]
if pos_session.search_count(cr, uid, domain, context=context)>0:
check, value = True, "You cannot create two active sessions related to the same point of sale. Contact Administrator!"
domain = [
('state', 'not in', ('closed','closing_control')),
('user_id', '=', uid)
]
if pos_session.search_count(cr, uid, domain, context=context)>0:
check, value = True, "You cannot create two active sessions with the same responsible. Contact Administrator!"
return check, value
if uid is not False:
user = request.registry['res.users'].browse(cr, uid, uid, context)
is_manager = request.registry('ir.model.access').check_groups(cr, uid, "point_of_sale.group_pos_manager")
if not is_manager:
is_user = request.registry('ir.model.access').check_groups(cr, uid, "point_of_sale.group_pos_user")
if is_user:
current_user = request.registry('res.users').browse(cr, uid, uid, context= context)
pos_config_id = current_user.pos_config and current_user.pos_config.id or False
if not pos_config_id:
r = request.registry('pos.config').search(cr, uid, [], context=context)
pos_config_id = r and r[0] or False
check, error = check_contraints(pos_config_id)
if check:
values['error'] = error
return request.render('web.login', values)
session_id = pos_session.create(cr, uid, {'user_id' : uid,'config_id' : pos_config_id}, context=context)
if pos_session.browse(cr, uid, session_id, context=context).state == 'opened':
redirect = redirect.replace("/web","/pos/web")
else:
#To do code for manager
pass
return http.redirect_with_hash(redirect)
request.uid = old_uid
values['error'] = "Wrong login/password"
return request.render('web.login', values)
if mode == 'reset' and not token:
try:
res_users.reset_password(request.cr, openerp.SUPERUSER_ID, login)
qcontext['message'] = _("An email has been sent with credentials to reset your password")
response.params['template'] = 'web.login'
except Exception, e:
qcontext['error'] = exception_to_unicode(e) or _("Could not reset your password")
_logger.exception('error when resetting password')
else:
values = dict((key, qcontext.get(key)) for key in ('login', 'name', 'password'))
try:
self._signup_with_values(token, values)
redirect = request.params.get('redirect')
if not redirect:
redirect = '/web?' + request.httprequest.query_string
return http.redirect_with_hash(redirect)
except SignupError, e:
qcontext['error'] = exception_to_unicode(e)
return response
def _signup_with_values(self, token, values):
db, login, password = request.registry['res.users'].signup(request.cr, openerp.SUPERUSER_ID, values, token)
request.cr.commit() # as authenticate will use its own cursor we need to commit the current transaction
uid = request.session.authenticate(db, login, password)
if not uid:
raise SignupError(_('Authentification Failed.'))
# vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4:
