From 15583a48134db69ebd9d93f955c3b4d6692e4b99 Mon Sep 17 00:00:00 2001 From: Olivier Dony Date: Fri, 27 Jan 2017 02:29:11 +0100 Subject: [PATCH] [FIX] module: allow disabling 1-click install As discussed on issue #15225, it should be possible for system administrators to disable the 1-click installation system. The plan is to disable the feature by default, but make it relatively easy to turn on when it is explicitly desired. 1. At the moment we cannot guarantee that all Apps published on the Odoo Apps Store are safe. And it is a security risk to let end-users deploy Python code on their Odoo servers without requiring any review/deployment by a competent system administrator. We will work on improving the validation process of the Store, but this will require time, and won't probably be a 100% safe process in any case. 2. The one-click install feature is however really useful to help non-technical users install Apps, as long as the feature has been explicitly allowed by the system administrator. This is a common feature in other software suites as well. So we'd like to keep it as an opt-in feature. 3. Administrators of multi-tenant servers, cloud hosting services, etc. understandably expect to be able to turn off the feature for security/control reasons. 4. By turning off the feature by default, but still exposing it in the UI, we keep it *discoverable* for users. The error message should be helpful to direct users to their sysadmins. 5. By using the permissions of the download folder as a flag for turning off the feature, we avoid introducing an extra server parameter. The folder is still created (read-only) by default, for the sole purpose of making it easier to locate. Fixes #15225 --- openerp/addons/base/module/module.py | 9 +++++++++ openerp/modules/module.py | 2 +- openerp/tools/config.py | 9 +++++---- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/openerp/addons/base/module/module.py b/openerp/addons/base/module/module.py index 1105ccd0fa1..158edf311d8 100644 --- a/openerp/addons/base/module/module.py +++ b/openerp/addons/base/module/module.py @@ -659,6 +659,15 @@ class module(osv.osv): if not self.pool['res.users'].has_group(cr, uid, 'base.group_system'): raise openerp.exceptions.AccessDenied() + # One-click install is opt-in - cfr Issue #15225 + ad_dir = openerp.tools.config.addons_data_dir + if not os.access(ad_dir, os.W_OK): + msg = (_("Automatic install of downloaded Apps is currently disabled.") + "\n\n" + + _("To enable it, make sure this directory exists and is writable on the server:") + + "\n%s" % ad_dir) + _logger.warning(msg) + raise openerp.exceptions.AccessError(msg) + apps_server = urlparse.urlparse(self.get_apps_server(cr, uid, context=context)) OPENERP = openerp.release.product_name.lower() diff --git a/openerp/modules/module.py b/openerp/modules/module.py index e9e643001f0..7c1f8b104a8 100644 --- a/openerp/modules/module.py +++ b/openerp/modules/module.py @@ -94,7 +94,7 @@ def initialize_sys_path(): global hooked dd = tools.config.addons_data_dir - if dd not in ad_paths: + if os.access(dd, os.R_OK) and dd not in ad_paths: ad_paths.append(dd) for ad in tools.config['addons_path'].split(','): diff --git a/openerp/tools/config.py b/openerp/tools/config.py index f1dd6251036..8e30845063f 100644 --- a/openerp/tools/config.py +++ b/openerp/tools/config.py @@ -686,10 +686,11 @@ class configmanager(object): def addons_data_dir(self): d = os.path.join(self['data_dir'], 'addons', release.series) if not os.path.exists(d): - os.makedirs(d, 0700) - else: - assert os.access(d, os.W_OK), \ - "%s: directory is not writable" % d + try: + # try to make +rx placeholder dir, will need manual +w to activate it + os.makedirs(d, 0500) + except OSError: + logging.getLogger(__name__).debug('Failed to create addons data dir %s', d) return d @property