[FIX] module: allow disabling 1-click install

As discussed on issue #15225, it should be possible for system administrators to disable the 1-click installation system. The plan is to disable the feature by default, but make it relatively easy to turn on when it is explicitly desired. 1. At the moment we cannot guarantee that all Apps published on the Odoo Apps Store are safe. And it is a security risk to let end-users deploy Python code on their Odoo servers without requiring any review/deployment by a competent system administrator. We will work on improving the validation process of the Store, but this will require time, and won't probably be a 100% safe process in any case. 2. The one-click install feature is however really useful to help non-technical users install Apps, as long as the feature has been explicitly allowed by the system administrator. This is a common feature in other software suites as well. So we'd like to keep it as an opt-in feature. 3. Administrators of multi-tenant servers, cloud hosting services, etc. understandably expect to be able to turn off the feature for security/control reasons. 4. By turning off the feature by default, but still exposing it in the UI, we keep it *discoverable* for users. The error message should be helpful to direct users to their sysadmins. 5. By using the permissions of the download folder as a flag for turning off the feature, we avoid introducing an extra server parameter. The folder is still created (read-only) by default, for the sole purpose of making it easier to locate. Fixes #15225
2017-01-27 02:29:11 +01:00 · 2017-01-27 02:29:11 +01:00 · 15583a4813
parent cfcc37bca5
commit 15583a4813
3 changed files with 15 additions and 5 deletions
--- a/openerp/addons/base/module/module.py
+++ b/openerp/addons/base/module/module.py
@ -659,6 +659,15 @@ class module(osv.osv):
        if not self.pool['res.users'].has_group(cr, uid, 'base.group_system'):
            raise openerp.exceptions.AccessDenied()

+        # One-click install is opt-in - cfr Issue #15225
+        ad_dir = openerp.tools.config.addons_data_dir
+        if not os.access(ad_dir, os.W_OK):
+            msg = (_("Automatic install of downloaded Apps is currently disabled.") + "\n\n" +
+                   _("To enable it, make sure this directory exists and is writable on the server:") +
+                   "\n%s" % ad_dir)
+            _logger.warning(msg)
+            raise openerp.exceptions.AccessError(msg)
+
        apps_server = urlparse.urlparse(self.get_apps_server(cr, uid, context=context))

        OPENERP = openerp.release.product_name.lower()
--- a/openerp/modules/module.py
+++ b/openerp/modules/module.py
@ -94,7 +94,7 @@ def initialize_sys_path():
    global hooked

    dd = tools.config.addons_data_dir
-    if dd not in ad_paths:
+    if os.access(dd, os.R_OK) and dd not in ad_paths:
        ad_paths.append(dd)

    for ad in tools.config['addons_path'].split(','):
--- a/openerp/tools/config.py
+++ b/openerp/tools/config.py
@ -686,10 +686,11 @@ class configmanager(object):
    def addons_data_dir(self):
        d = os.path.join(self['data_dir'], 'addons', release.series)
        if not os.path.exists(d):
-            os.makedirs(d, 0700)
-        else:
-            assert os.access(d, os.W_OK), \
-                "%s: directory is not writable" % d
+            try:
+                # try to make +rx placeholder dir, will need manual +w to activate it
+                os.makedirs(d, 0500)
+            except OSError:
+                logging.getLogger(__name__).debug('Failed to create addons data dir %s', d)
        return d

    @property