odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[FIX] website: Access rights and Access for: website_crm_partner_assign, website_customer, website_event, website_event_track, website_membership, website_partner, website_sale 

bzr revid: chm@openerp.com-20140107135933-h622wxwfhwoulg7q
This commit is contained in:
Christophe Matthieu 2014-01-07 14:59:33 +01:00
parent 2c46694462
commit 3f0f6b820b
14 changed files with 109 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
addons/website_crm_partner_assign/controllers/main.py
View File

@ -3,11 +3,13 @@
import urllib
import openerp
from openerp import SUPERUSER_ID
from openerp.addons.web import http
from openerp.tools.translate import _
from openerp.addons.web.http import request
from openerp.addons.website.models import website
from openerp.addons.website_partner.controllers import main as website_partner
import werkzeug
class WebsiteCrmPartnerAssign(http.Controller):
@ -17,7 +19,9 @@ class WebsiteCrmPartnerAssign(http.Controller):
'/partners/',
'/partners/page/<int:page>/',
'/partners/country/<int:country_id>',
'/partners/country/page/<int:country_id>/',
'/partners/country/<country_name>-<int:country_id>',
'/partners/country/<int:country_id>/page/<int:page>/',
'/partners/country/<country_name>-<int:country_id>/page/<int:page>/',
], type='http', auth="public", multilang=True)
def partners(self, country_id=0, page=0, **post):
country_obj = request.registry['res.country']
@ -91,8 +95,9 @@ class WebsiteCrmPartnerAssign(http.Controller):
}
return request.website.render("website_crm_partner_assign.index", values)
@website.route(['/partners/<model("res.partner"):partner>/'], type='http', auth="public", multilang=True)
def partners_ref(self, partner, **post):
@website.route(['/partners/<int:partner_id>/', '/partners/<partner_name>-<int:partner_id>/'], type='http', auth="public", multilang=True)
def partners_ref(self, partner_id, **post):
partner = request.registry['res.partner'].browse(request.cr, SUPERUSER_ID, partner_id, context=request.context)
website.preload_records(partner)
values = website_partner.get_partner_template_value(partner)
if not values:

2
addons/website_crm_partner_assign/views/website_crm_partner_assign.xml
View File

@ -41,7 +41,7 @@
<t t-foreach="countries" t-as="country_dict">
<t t-if="country_dict['country_id']">
<li t-att-class="country_dict['country_id'][0] == current_country_id and 'active' or ''">
<a t-href="/partners/country/#{ country_dict['country_id'][0] }">
<a t-href="#{ country_dict['country_id'][0] and '/partners/country/%s' % slug(country_dict['country_id']) or '/partners/' }">
<t t-esc="country_dict['country_id'][1]"/> <small>(<t t-esc="country_dict['country_id_count']"/>)</small>
</a>
</li>

20
addons/website_customer/controllers/main.py
View File

@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
import openerp
from openerp import SUPERUSER_ID
from openerp.addons.web import http
from openerp.tools.translate import _
from openerp.addons.web.http import request
@ -15,11 +16,12 @@ class WebsiteCustomer(http.Controller):
@website.route([
'/customers/',
'/customers/page/<int:page>/',
'/customers/country/<model("res.country"):country>',
'/customers/country/<model("res.country"):country>/page/<int:page>/'
'/customers/country/<int:country_id>',
'/customers/country/<country_name>-<int:country_id>',
'/customers/country/<int:country_id>/page/<int:page>/',
'/customers/country/<country_name>-<int:country_id>/page/<int:page>/',
], type='http', auth="public", multilang=True)
def customers(self, country=None, page=0, **post):
website.preload_records(country)
def customers(self, country_id=0, page=0, **post):
cr, uid, context = request.cr, request.uid, request.context
partner_obj = request.registry['res.partner']
partner_name = post.get('search', '')
@ -33,9 +35,8 @@ class WebsiteCustomer(http.Controller):
('website_description', 'ilike', "%%%s%%" % post.get("search"))
]
country_id = None
if country:
domain += [('country_id', '=', country.id)]
country_id = country.id
if country_id:
domain += [('country_id', '=', country_id)]
# group by country, based on all customers (base domain)
countries = partner_obj.read_group(
@ -75,8 +76,9 @@ class WebsiteCustomer(http.Controller):
}
return request.website.render("website_customer.index", values)
@website.route(['/customers/<model("res.partner"):partner>/'], type='http', auth="public", multilang=True)
def customer(self, partner, **post):
@website.route(['/customers/<int:partner_id>/', '/customers/<partner_name>-<int:partner_id>/'], type='http', auth="public", multilang=True)
def customer(self, partner_id, **post):
partner = request.registry['res.partner'].browse(request.cr, SUPERUSER_ID, partner_id, context=request.context)
website.preload_records(partner)
values = website_partner.get_partner_template_value(partner)
if not values:

5
addons/website_event/models/event.py
View File

@ -21,6 +21,7 @@
from openerp.osv import orm, osv, fields
from openerp import SUPERUSER_ID
from openerp.addons.web.http import request
from openerp.tools.translate import _
import re
@ -132,7 +133,9 @@ class sale_order_line(osv.osv):
if not ids:
return super(sale_order_line, self)._recalculate_product_values(cr, uid, ids, product_id, context=context)
order_line = self.browse(cr, uid, ids[0], context=context)
order_line = self.browse(cr, SUPERUSER_ID, ids[0], context=context)
assert order_line.order_id.website_session_id == request.httprequest.session['website_session_id']
product = product_id and self.pool.get('product.product').browse(cr, uid, product_id, context=context) or order_line.product_id
res = super(sale_order_line, self)._recalculate_product_values(cr, uid, ids, product.id, context=context)
if product.event_type_id and order_line.event_ticket_id and order_line.event_ticket_id.price != product.lst_price:

2
addons/website_event_track/controllers/event.py
View File

@ -86,7 +86,7 @@ class website_event(http.Controller):
values = { 'event': event }
return request.website.render("website_event_track.event_track_proposal", values)
@website.route(['/event/<model("event.event"):event>/track_proposal/post'], type='http', auth="public", multilang=True)
@website.route(['/event/<model("event.event"):event>/track_proposal/post'], type='http', auth="public", methods=['POST'], multilang=True)
def event_track_proposal_post(self, event, **post):
cr, uid, context = request.cr, request.uid, request.context

6
addons/website_event_track/models/event.py
View File

@ -173,4 +173,10 @@ class event_sponsors_type(osv.osv):
'sequence': fields.related('sponsor_type_id', 'sequence', string='Sequence', store=True),
}
def has_access_to_partner(self, cr, uid, ids, context=None):
try:
self.browse(cr, uid, ids[0], context=context).partner_id.name
return True
except:
return False

25
addons/website_event_track/views/website_event.xml
View File

@ -16,13 +16,24 @@
</section>
<div class="row">
<div t-attf-class="col-md-#{(len(event.sponsor_ids) > 6) and 2 or (12/ len(event.sponsor_ids))} text-center" t-foreach="event.sponsor_ids" t-as="sponsor">
<a t-href="#{sponsor.partner_id and ('/partners/%s/' % sponsor.partner_id.id) or '#'}" style="position: relative; display: inline-block;">
<span t-field="sponsor.partner_id.image"
t-field-options='{"widget": "image", "class": "shadow"}'/>
<div class="ribbon-wrapper">
<div t-field="sponsor.sponsor_type_id" t-attf-class="ribbon ribbon_#{sponsor.sponsor_type_id.name}"/>
</div>
</a>
<t t-if="sponsor.has_access_to_partner()">
<a t-href="/partners/#{ slug([sponsor.partner_id.id, sponsor.partner_id.name]) }" style="position: relative; display: inline-block;">
<span t-field="sponsor.partner_id.image"
t-field-options='{"widget": "image", "class": "shadow"}'/>
<div class="ribbon-wrapper">
<div t-field="sponsor.sponsor_type_id" t-attf-class="ribbon ribbon_#{sponsor.sponsor_type_id.name}"/>
</div>
</a>
</t>
<t t-if="not sponsor.has_access_to_partner()">
<span style="position: relative; display: inline-block;">
<span t-field="sponsor.partner_id.image"
t-field-options='{"widget": "image", "class": "shadow"}'/>
<div class="ribbon-wrapper">
<div t-field="sponsor.sponsor_type_id" t-attf-class="ribbon ribbon_#{sponsor.sponsor_type_id.name}"/>
</div>
</span>
</t>
</div>
</div>
</div>

23
addons/website_membership/controllers/main.py
View File

@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
import openerp
from openerp import SUPERUSER_ID
from openerp.addons.web import http
from openerp.addons.web.http import request
from openerp.addons.website.models import website
@ -18,14 +19,23 @@ class WebsiteMembership(http.Controller):
'/members/page/<int:page>/',
'/members/association/<int:membership_id>/',
'/members/association/<int:membership_id>/page/<int:page>/',
'/members/country/<int:country_id>',
'/members/country/<country_name>-<int:country_id>',
'/members/country/<int:country_id>/page/<int:page>/',
'/members/country/<country_name>-<int:country_id>/page/<int:page>/',
'/members/association/<int:membership_id>/country/<country_name>-<int:country_id>',
'/members/association/<int:membership_id>/country/<int:country_id>',
'/members/association/<int:membership_id>/country/<country_name>-<int:country_id>/page/<int:page>/',
'/members/association/<int:membership_id>/country/<int:country_id>/page/<int:page>/',
], type='http', auth="public", multilang=True)
def members(self, membership_id=None, page=0, **post):
def members(self, membership_id=None, country_name=None, country_id=0, page=0, **post):
cr, uid, context = request.cr, request.uid, request.context
product_obj = request.registry['product.product']
membership_line_obj = request.registry['membership.membership_line']
partner_obj = request.registry['res.partner']
post_name = post.get('name', '')
post_country_id = int(post.get('country_id', '0'))
# base domain for groupby / searches
base_line_domain = []
@ -50,8 +60,8 @@ class WebsiteMembership(http.Controller):
# displayed membership lines
line_domain = list(base_line_domain)
if post_country_id:
line_domain.append(('partner.country_id', '=', post_country_id))
if country_id:
line_domain.append(('partner.country_id', '=', country_id))
membership_line_ids = membership_line_obj.search(cr, uid, line_domain, context=context)
membership_lines = membership_line_obj.browse(cr, uid, membership_line_ids, context=context)
@ -82,8 +92,9 @@ class WebsiteMembership(http.Controller):
}
return request.website.render("website_membership.index", values)
@website.route(['/members/<model("res.partner"):partner>/'], type='http', auth="public", multilang=True)
def partners_ref(self, partner, **post):
@website.route(['/members/<int:partner_id>/', '/members/<partner_name>-<int:partner_id>/'], type='http', auth="public", multilang=True)
def partners_ref(self, partner_id, **post):
partner = request.registry['res.partner'].browse(request.cr, SUPERUSER_ID, partner_id, context=request.context)
website.preload_records(partner)
values = website_partner.get_partner_template_value(partner)
if not values:

2
addons/website_membership/views/website_membership.xml
View File

@ -87,7 +87,7 @@
<li class="nav-header"><h3>Location</h3></li>
<t t-foreach="countries">
<li t-if="country_id" t-att-class="post.get('country_id', '0') == str(country_id and country_id[0]) and 'active' or ''">
<a t-href="/members/#{ search }&amp;country_id=#{ country_id[0] }"><t t-esc="country_id[1]"/>
<a t-href="/members/#{ membership and 'association/%s/' % membership.id or '' }#{ country_id[0] and 'country/%s/' % slug(country_id) or '' }#{ search }"><t t-esc="country_id[1]"/>
<span class="badge pull-right"><t t-esc="country_id_count"/></span>
</a>
</li>

6
addons/website_partner/controllers/main.py
View File

@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
import openerp
from openerp import SUPERUSER_ID
from openerp.addons.web import http
from openerp.addons.web.http import request
from openerp.addons.website.models import website
@ -33,9 +34,10 @@ def get_partner_template_value(partner):
return values
class WebsitePartner(http.Controller):
@website.route(['/partners/<model("res.partner"):partner>/'], type='http', auth="public", multilang=True)
def partner(self, partner, **post):
@website.route(['/partners/<int:partner_id>/', '/partners/<partner_name>-<int:partner_id>/'], type='http', auth="public", multilang=True)
def partner(self, partner_id, **post):
""" Route for displaying a single partner / customer. """
partner = request.registry['res.partner'].browse(request.cr, SUPERUSER_ID, partner_id, context=request.context)
website.preload_records(partner)
values = get_partner_template_value(partner)
if not values:

8
addons/website_partner/views/website_partner_view.xml
View File

@ -3,9 +3,11 @@
<data>
<template id="partner_detail" name="Partner Details (Complex Template for Access Right)">
<t t-if="partner" t-call="website.publish_management">
<t t-set="object" t-value="partner"/>
<t t-set="publish_edit" t-value="True"/>
<t t-if="partner" >
<t t-call="website.publish_management">
<t t-set="object" t-value="partner"/>
<t t-set="publish_edit" t-value="True"/>
</t>
</t>
<t t-if="partner"><h1 class="col-md-12 text-center" t-field="partner.name"/></t>
<t t-if="not partner"><h1 class="col-md-12 text-center" t-esc="partner_data.get('name_get')[1]"/></t>

36
addons/website_sale/controllers/main.py
View File

@ -320,8 +320,12 @@ class Ecommerce(http.Controller):
# set order_line_id and product_id
if order_line_id:
order_line = order_line_obj.browse(request.cr, SUPERUSER_ID, order_line_id, context=request.context)
if order_line.order_id.id == order.id:
order_line = None
for line in order.order_line:
if line.id == order_line_id:
order_line = line
break
if order_line:
product_id = order_line.product_id.id
else:
order_line_id = None
@ -348,13 +352,15 @@ class Ecommerce(http.Controller):
quantity = order_line_val['product_uom_qty'] + number
if quantity < 0:
quantity = 0
order_line_ids = [order_line_id]
else:
fields = [k for k, v in order_line_obj._columns.items()]
values = order_line_obj.default_get(request.cr, SUPERUSER_ID, fields, context=request.context)
quantity = 1
order_line_ids = []
# change and record value
vals = order_line_obj._recalculate_product_values(request.cr, request.uid, [order_line_id], product_id, context=request.context)
vals = order_line_obj._recalculate_product_values(request.cr, request.uid, order_line_ids, product_id, context=request.context)
values.update(vals)
values['product_uom_qty'] = quantity
@ -415,9 +421,9 @@ class Ecommerce(http.Controller):
self.add_product_to_cart(product_id=product.id)
return request.redirect("/shop/mycart/")
@website.route(['/shop/change_cart/<model("sale.order.line"):order_line>/'], type='http', auth="public", multilang=True)
def add_cart_order_line(self, order_line=None, remove=None, **kw):
self.add_product_to_cart(order_line_id=int(order_line.id), number=(remove and -1 or 1))
@website.route(['/shop/change_cart/<int:order_line_id>/'], type='http', auth="public", multilang=True)
def add_cart_order_line(self, order_line_id=None, remove=None, **kw):
self.add_product_to_cart(order_line_id=order_line_id, number=(remove and -1 or 1))
return request.redirect("/shop/mycart/")
@website.route(['/shop/add_cart_json/'], type='json', auth="public")
@ -691,9 +697,13 @@ class Ecommerce(http.Controller):
acquirer_total_url = '%s?%s' % (acquirer_form_post_url, urllib.urlencode(post))
return request.redirect(acquirer_total_url)
@website.route('/shop/payment/get_status/<model("sale.order"):order>', type='json', auth="public", multilang=True)
def payment_get_status(self, order, **post):
@website.route('/shop/payment/get_status/<int:sale_order_id>', type='json', auth="public", multilang=True)
def payment_get_status(self, sale_order_id, **post):
cr, uid, context = request.cr, request.uid, request.context
order = request.registry['sale.order'].browse(cr, SUPERUSER_ID, sale_order_id, context=context)
assert order.website_session_id == request.httprequest.session['website_session_id']
if not order:
return {
'state': 'error',
@ -733,7 +743,8 @@ class Ecommerce(http.Controller):
if sale_order_id is None:
order = self.get_order()
else:
order = request.registry['sale.order'].browse(cr, uid, sale_order_id, context=context)
order = request.registry['sale.order'].browse(cr, SUPERUSER_ID, sale_order_id, context=context)
assert order.website_session_id == request.httprequest.session['website_session_id']
if tx.state == 'done':
# confirm the quotation
@ -752,8 +763,8 @@ class Ecommerce(http.Controller):
return request.redirect('/shop/confirmation/%s' % order.id)
@website.route(['/shop/confirmation/<model("sale.order"):order>'], type='http', auth="public", multilang=True)
def payment_confirmation(self, order, **post):
@website.route(['/shop/confirmation/<int:sale_order_id>'], type='http', auth="public", multilang=True)
def payment_confirmation(self, sale_order_id, **post):
""" End of checkout process controller. Confirmation is basically seing
the status of a sale.order. State at this point :
@ -763,6 +774,9 @@ class Ecommerce(http.Controller):
"""
cr, uid, context = request.cr, request.uid, request.context
order = request.registry['sale.order'].browse(cr, SUPERUSER_ID, sale_order_id, context=context)
assert order.website_session_id == request.httprequest.session['website_session_id']
return request.website.render("website_sale.confirmation", {'order': order})
@website.route(['/shop/change_sequence/'], type='json', auth="public")

7
addons/website_sale/models/sale_order.py
View File

@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
from openerp import SUPERUSER_ID
from openerp.osv import osv, fields
from openerp.addons.web.http import request
class SaleOrder(osv.Model):
@ -34,7 +35,11 @@ class SaleOrderLine(osv.Model):
if context is None:
context = {}
user_obj = self.pool.get('res.users')
product_id = product_id or ids and self.browse(cr, uid, ids[0], context=context).product_id.id
if ids and not product_id:
order_line = self.browse(cr, SUPERUSER_ID, ids[0], context=context)
assert order_line.order_id.website_session_id == request.httprequest.session['website_session_id']
product_id = product_id or order_line.product_id.id
return self.product_id_change(
cr, SUPERUSER_ID, ids,

4
addons/website_sale/views/website_sale.xml
View File

@ -507,14 +507,14 @@
<td>
<div class="input-group">
<span class="input-group-addon">
<a t-href="./change_cart/#{ line.id }/?remove=True" class="mb8 js_add_cart_json">
<a t-href="../change_cart/#{ line.id }/?remove=True" class="mb8 js_add_cart_json">
<i class="fa fa-minus-square"></i>
</a>
</span>
<input type="text" class="js_quantity form-control"
t-att-data-id="line.id" t-att-value="int(line.product_uom_qty)"/>
<span class="input-group-addon">
<a t-href="./change_cart/#{ line.id }/" class="mb8 float_left js_add_cart_json">
<a t-href="../change_cart/#{ line.id }/" class="mb8 float_left js_add_cart_json">
<i class="fa fa-plus-square"></i>
</a>
</span>