Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chapter 13 - Group authentication on controllers #4

Open
cjpit opened this issue Apr 8, 2021 · 0 comments
Open

Chapter 13 - Group authentication on controllers #4

cjpit opened this issue Apr 8, 2021 · 0 comments

Comments

@cjpit
Copy link

cjpit commented Apr 8, 2021
edited
Loading

Hi there, I wasn't able to get this to work without overriding the authenticate method of odoo, since it couldn't handle the extra parameters passed through.

This is what I had to do to make it work, might want to add some extra comments that its not possible just using the snippets given in the book.

from odoo import models, exceptions
from odoo.http import request
from odoo import http
import werkzeug.exceptions
import logging

_logger = logging.getLogger(__name__)


class IrHttp(models.AbstractModel):
    _inherit = ['ir.http']

    @classmethod
    def _auth_method_base_group_user(cls):
        cls._auth_method_user()
        if not request.env.user.has_group('base.group_user'):
            raise exceptions.AccessDenied()

    # this is for the exercise
    @classmethod
    def _auth_method_groups(cls, group_xmlids=None):
        cls._auth_method_user()
        if not any(map(request.env.user.has_group, group_xmlids.split(',') or [])):
            raise exceptions.AccessDenied()

    @classmethod
    def _authenticate(cls, endpoint):
        auth_method = endpoint.routing["auth"]
        if request._is_cors_preflight(endpoint):
            auth_method = 'none'
        try:
            if request.session.uid:
                try:
                    request.session.check_security()
                    # what if error in security.check()
                    #   -> res_users.check()
                    #   -> res_users._check_credentials()
                except (exceptions.AccessDenied, http.SessionExpiredException):
                    # All other exceptions mean undetermined status (e.g. connection pool full),
                    # let them bubble up
                    request.session.logout(keep_db=True)
            if request.uid is None:
                parameters = None
                method_name = auth_method
                if '(' in auth_method:
                    end = auth_method.find('(')
                    method_name = auth_method[:end]
                    parameters = auth_method[end+1:-1]
                    getattr(cls, "_auth_method_%s" % method_name)(parameters)
                else:
                    getattr(cls, "_auth_method_%s" % auth_method)()
        except (exceptions.AccessDenied, http.SessionExpiredException, werkzeug.exceptions.HTTPException):
            raise
        except Exception:
            _logger.info("Exception during request Authentication.", exc_info=True)
            raise exceptions.AccessDenied()
        return auth_method
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cjpit