[FIX] website: Access rights and Access for: website_crm_partner_assign, website_customer, website_event, website_event_track, website_membership, website_partner, website_sale
bzr revid: chm@openerp.com-20140107135933-h622wxwfhwoulg7q
This commit is contained in:
parent
2c46694462
commit
3f0f6b820b
|
@ -3,11 +3,13 @@
|
|||
import urllib
|
||||
|
||||
import openerp
|
||||
from openerp import SUPERUSER_ID
|
||||
from openerp.addons.web import http
|
||||
from openerp.tools.translate import _
|
||||
from openerp.addons.web.http import request
|
||||
from openerp.addons.website.models import website
|
||||
from openerp.addons.website_partner.controllers import main as website_partner
|
||||
import werkzeug
|
||||
|
||||
|
||||
class WebsiteCrmPartnerAssign(http.Controller):
|
||||
|
@ -17,7 +19,9 @@ class WebsiteCrmPartnerAssign(http.Controller):
|
|||
'/partners/',
|
||||
'/partners/page/<int:page>/',
|
||||
'/partners/country/<int:country_id>',
|
||||
'/partners/country/page/<int:country_id>/',
|
||||
'/partners/country/<country_name>-<int:country_id>',
|
||||
'/partners/country/<int:country_id>/page/<int:page>/',
|
||||
'/partners/country/<country_name>-<int:country_id>/page/<int:page>/',
|
||||
], type='http', auth="public", multilang=True)
|
||||
def partners(self, country_id=0, page=0, **post):
|
||||
country_obj = request.registry['res.country']
|
||||
|
@ -91,8 +95,9 @@ class WebsiteCrmPartnerAssign(http.Controller):
|
|||
}
|
||||
return request.website.render("website_crm_partner_assign.index", values)
|
||||
|
||||
@website.route(['/partners/<model("res.partner"):partner>/'], type='http', auth="public", multilang=True)
|
||||
def partners_ref(self, partner, **post):
|
||||
@website.route(['/partners/<int:partner_id>/', '/partners/<partner_name>-<int:partner_id>/'], type='http', auth="public", multilang=True)
|
||||
def partners_ref(self, partner_id, **post):
|
||||
partner = request.registry['res.partner'].browse(request.cr, SUPERUSER_ID, partner_id, context=request.context)
|
||||
website.preload_records(partner)
|
||||
values = website_partner.get_partner_template_value(partner)
|
||||
if not values:
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
<t t-foreach="countries" t-as="country_dict">
|
||||
<t t-if="country_dict['country_id']">
|
||||
<li t-att-class="country_dict['country_id'][0] == current_country_id and 'active' or ''">
|
||||
<a t-href="/partners/country/#{ country_dict['country_id'][0] }">
|
||||
<a t-href="#{ country_dict['country_id'][0] and '/partners/country/%s' % slug(country_dict['country_id']) or '/partners/' }">
|
||||
<t t-esc="country_dict['country_id'][1]"/> <small>(<t t-esc="country_dict['country_id_count']"/>)</small>
|
||||
</a>
|
||||
</li>
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
import openerp
|
||||
from openerp import SUPERUSER_ID
|
||||
from openerp.addons.web import http
|
||||
from openerp.tools.translate import _
|
||||
from openerp.addons.web.http import request
|
||||
|
@ -15,11 +16,12 @@ class WebsiteCustomer(http.Controller):
|
|||
@website.route([
|
||||
'/customers/',
|
||||
'/customers/page/<int:page>/',
|
||||
'/customers/country/<model("res.country"):country>',
|
||||
'/customers/country/<model("res.country"):country>/page/<int:page>/'
|
||||
'/customers/country/<int:country_id>',
|
||||
'/customers/country/<country_name>-<int:country_id>',
|
||||
'/customers/country/<int:country_id>/page/<int:page>/',
|
||||
'/customers/country/<country_name>-<int:country_id>/page/<int:page>/',
|
||||
], type='http', auth="public", multilang=True)
|
||||
def customers(self, country=None, page=0, **post):
|
||||
website.preload_records(country)
|
||||
def customers(self, country_id=0, page=0, **post):
|
||||
cr, uid, context = request.cr, request.uid, request.context
|
||||
partner_obj = request.registry['res.partner']
|
||||
partner_name = post.get('search', '')
|
||||
|
@ -33,9 +35,8 @@ class WebsiteCustomer(http.Controller):
|
|||
('website_description', 'ilike', "%%%s%%" % post.get("search"))
|
||||
]
|
||||
country_id = None
|
||||
if country:
|
||||
domain += [('country_id', '=', country.id)]
|
||||
country_id = country.id
|
||||
if country_id:
|
||||
domain += [('country_id', '=', country_id)]
|
||||
|
||||
# group by country, based on all customers (base domain)
|
||||
countries = partner_obj.read_group(
|
||||
|
@ -75,8 +76,9 @@ class WebsiteCustomer(http.Controller):
|
|||
}
|
||||
return request.website.render("website_customer.index", values)
|
||||
|
||||
@website.route(['/customers/<model("res.partner"):partner>/'], type='http', auth="public", multilang=True)
|
||||
def customer(self, partner, **post):
|
||||
@website.route(['/customers/<int:partner_id>/', '/customers/<partner_name>-<int:partner_id>/'], type='http', auth="public", multilang=True)
|
||||
def customer(self, partner_id, **post):
|
||||
partner = request.registry['res.partner'].browse(request.cr, SUPERUSER_ID, partner_id, context=request.context)
|
||||
website.preload_records(partner)
|
||||
values = website_partner.get_partner_template_value(partner)
|
||||
if not values:
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
|
||||
from openerp.osv import orm, osv, fields
|
||||
from openerp import SUPERUSER_ID
|
||||
from openerp.addons.web.http import request
|
||||
|
||||
from openerp.tools.translate import _
|
||||
import re
|
||||
|
@ -132,7 +133,9 @@ class sale_order_line(osv.osv):
|
|||
if not ids:
|
||||
return super(sale_order_line, self)._recalculate_product_values(cr, uid, ids, product_id, context=context)
|
||||
|
||||
order_line = self.browse(cr, uid, ids[0], context=context)
|
||||
order_line = self.browse(cr, SUPERUSER_ID, ids[0], context=context)
|
||||
assert order_line.order_id.website_session_id == request.httprequest.session['website_session_id']
|
||||
|
||||
product = product_id and self.pool.get('product.product').browse(cr, uid, product_id, context=context) or order_line.product_id
|
||||
res = super(sale_order_line, self)._recalculate_product_values(cr, uid, ids, product.id, context=context)
|
||||
if product.event_type_id and order_line.event_ticket_id and order_line.event_ticket_id.price != product.lst_price:
|
||||
|
|
|
@ -86,7 +86,7 @@ class website_event(http.Controller):
|
|||
values = { 'event': event }
|
||||
return request.website.render("website_event_track.event_track_proposal", values)
|
||||
|
||||
@website.route(['/event/<model("event.event"):event>/track_proposal/post'], type='http', auth="public", multilang=True)
|
||||
@website.route(['/event/<model("event.event"):event>/track_proposal/post'], type='http', auth="public", methods=['POST'], multilang=True)
|
||||
def event_track_proposal_post(self, event, **post):
|
||||
cr, uid, context = request.cr, request.uid, request.context
|
||||
|
||||
|
|
|
@ -173,4 +173,10 @@ class event_sponsors_type(osv.osv):
|
|||
'sequence': fields.related('sponsor_type_id', 'sequence', string='Sequence', store=True),
|
||||
}
|
||||
|
||||
def has_access_to_partner(self, cr, uid, ids, context=None):
|
||||
try:
|
||||
self.browse(cr, uid, ids[0], context=context).partner_id.name
|
||||
return True
|
||||
except:
|
||||
return False
|
||||
|
||||
|
|
|
@ -16,13 +16,24 @@
|
|||
</section>
|
||||
<div class="row">
|
||||
<div t-attf-class="col-md-#{(len(event.sponsor_ids) > 6) and 2 or (12/ len(event.sponsor_ids))} text-center" t-foreach="event.sponsor_ids" t-as="sponsor">
|
||||
<a t-href="#{sponsor.partner_id and ('/partners/%s/' % sponsor.partner_id.id) or '#'}" style="position: relative; display: inline-block;">
|
||||
<span t-field="sponsor.partner_id.image"
|
||||
t-field-options='{"widget": "image", "class": "shadow"}'/>
|
||||
<div class="ribbon-wrapper">
|
||||
<div t-field="sponsor.sponsor_type_id" t-attf-class="ribbon ribbon_#{sponsor.sponsor_type_id.name}"/>
|
||||
</div>
|
||||
</a>
|
||||
<t t-if="sponsor.has_access_to_partner()">
|
||||
<a t-href="/partners/#{ slug([sponsor.partner_id.id, sponsor.partner_id.name]) }" style="position: relative; display: inline-block;">
|
||||
<span t-field="sponsor.partner_id.image"
|
||||
t-field-options='{"widget": "image", "class": "shadow"}'/>
|
||||
<div class="ribbon-wrapper">
|
||||
<div t-field="sponsor.sponsor_type_id" t-attf-class="ribbon ribbon_#{sponsor.sponsor_type_id.name}"/>
|
||||
</div>
|
||||
</a>
|
||||
</t>
|
||||
<t t-if="not sponsor.has_access_to_partner()">
|
||||
<span style="position: relative; display: inline-block;">
|
||||
<span t-field="sponsor.partner_id.image"
|
||||
t-field-options='{"widget": "image", "class": "shadow"}'/>
|
||||
<div class="ribbon-wrapper">
|
||||
<div t-field="sponsor.sponsor_type_id" t-attf-class="ribbon ribbon_#{sponsor.sponsor_type_id.name}"/>
|
||||
</div>
|
||||
</span>
|
||||
</t>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
import openerp
|
||||
from openerp import SUPERUSER_ID
|
||||
from openerp.addons.web import http
|
||||
from openerp.addons.web.http import request
|
||||
from openerp.addons.website.models import website
|
||||
|
@ -18,14 +19,23 @@ class WebsiteMembership(http.Controller):
|
|||
'/members/page/<int:page>/',
|
||||
'/members/association/<int:membership_id>/',
|
||||
'/members/association/<int:membership_id>/page/<int:page>/',
|
||||
|
||||
'/members/country/<int:country_id>',
|
||||
'/members/country/<country_name>-<int:country_id>',
|
||||
'/members/country/<int:country_id>/page/<int:page>/',
|
||||
'/members/country/<country_name>-<int:country_id>/page/<int:page>/',
|
||||
|
||||
'/members/association/<int:membership_id>/country/<country_name>-<int:country_id>',
|
||||
'/members/association/<int:membership_id>/country/<int:country_id>',
|
||||
'/members/association/<int:membership_id>/country/<country_name>-<int:country_id>/page/<int:page>/',
|
||||
'/members/association/<int:membership_id>/country/<int:country_id>/page/<int:page>/',
|
||||
], type='http', auth="public", multilang=True)
|
||||
def members(self, membership_id=None, page=0, **post):
|
||||
def members(self, membership_id=None, country_name=None, country_id=0, page=0, **post):
|
||||
cr, uid, context = request.cr, request.uid, request.context
|
||||
product_obj = request.registry['product.product']
|
||||
membership_line_obj = request.registry['membership.membership_line']
|
||||
partner_obj = request.registry['res.partner']
|
||||
post_name = post.get('name', '')
|
||||
post_country_id = int(post.get('country_id', '0'))
|
||||
|
||||
# base domain for groupby / searches
|
||||
base_line_domain = []
|
||||
|
@ -50,8 +60,8 @@ class WebsiteMembership(http.Controller):
|
|||
|
||||
# displayed membership lines
|
||||
line_domain = list(base_line_domain)
|
||||
if post_country_id:
|
||||
line_domain.append(('partner.country_id', '=', post_country_id))
|
||||
if country_id:
|
||||
line_domain.append(('partner.country_id', '=', country_id))
|
||||
|
||||
membership_line_ids = membership_line_obj.search(cr, uid, line_domain, context=context)
|
||||
membership_lines = membership_line_obj.browse(cr, uid, membership_line_ids, context=context)
|
||||
|
@ -82,8 +92,9 @@ class WebsiteMembership(http.Controller):
|
|||
}
|
||||
return request.website.render("website_membership.index", values)
|
||||
|
||||
@website.route(['/members/<model("res.partner"):partner>/'], type='http', auth="public", multilang=True)
|
||||
def partners_ref(self, partner, **post):
|
||||
@website.route(['/members/<int:partner_id>/', '/members/<partner_name>-<int:partner_id>/'], type='http', auth="public", multilang=True)
|
||||
def partners_ref(self, partner_id, **post):
|
||||
partner = request.registry['res.partner'].browse(request.cr, SUPERUSER_ID, partner_id, context=request.context)
|
||||
website.preload_records(partner)
|
||||
values = website_partner.get_partner_template_value(partner)
|
||||
if not values:
|
||||
|
|
|
@ -87,7 +87,7 @@
|
|||
<li class="nav-header"><h3>Location</h3></li>
|
||||
<t t-foreach="countries">
|
||||
<li t-if="country_id" t-att-class="post.get('country_id', '0') == str(country_id and country_id[0]) and 'active' or ''">
|
||||
<a t-href="/members/#{ search }&country_id=#{ country_id[0] }"><t t-esc="country_id[1]"/>
|
||||
<a t-href="/members/#{ membership and 'association/%s/' % membership.id or '' }#{ country_id[0] and 'country/%s/' % slug(country_id) or '' }#{ search }"><t t-esc="country_id[1]"/>
|
||||
<span class="badge pull-right"><t t-esc="country_id_count"/></span>
|
||||
</a>
|
||||
</li>
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
import openerp
|
||||
from openerp import SUPERUSER_ID
|
||||
from openerp.addons.web import http
|
||||
from openerp.addons.web.http import request
|
||||
from openerp.addons.website.models import website
|
||||
|
@ -33,9 +34,10 @@ def get_partner_template_value(partner):
|
|||
return values
|
||||
|
||||
class WebsitePartner(http.Controller):
|
||||
@website.route(['/partners/<model("res.partner"):partner>/'], type='http', auth="public", multilang=True)
|
||||
def partner(self, partner, **post):
|
||||
@website.route(['/partners/<int:partner_id>/', '/partners/<partner_name>-<int:partner_id>/'], type='http', auth="public", multilang=True)
|
||||
def partner(self, partner_id, **post):
|
||||
""" Route for displaying a single partner / customer. """
|
||||
partner = request.registry['res.partner'].browse(request.cr, SUPERUSER_ID, partner_id, context=request.context)
|
||||
website.preload_records(partner)
|
||||
values = get_partner_template_value(partner)
|
||||
if not values:
|
||||
|
|
|
@ -3,9 +3,11 @@
|
|||
<data>
|
||||
|
||||
<template id="partner_detail" name="Partner Details (Complex Template for Access Right)">
|
||||
<t t-if="partner" t-call="website.publish_management">
|
||||
<t t-set="object" t-value="partner"/>
|
||||
<t t-set="publish_edit" t-value="True"/>
|
||||
<t t-if="partner" >
|
||||
<t t-call="website.publish_management">
|
||||
<t t-set="object" t-value="partner"/>
|
||||
<t t-set="publish_edit" t-value="True"/>
|
||||
</t>
|
||||
</t>
|
||||
<t t-if="partner"><h1 class="col-md-12 text-center" t-field="partner.name"/></t>
|
||||
<t t-if="not partner"><h1 class="col-md-12 text-center" t-esc="partner_data.get('name_get')[1]"/></t>
|
||||
|
|
|
@ -320,8 +320,12 @@ class Ecommerce(http.Controller):
|
|||
|
||||
# set order_line_id and product_id
|
||||
if order_line_id:
|
||||
order_line = order_line_obj.browse(request.cr, SUPERUSER_ID, order_line_id, context=request.context)
|
||||
if order_line.order_id.id == order.id:
|
||||
order_line = None
|
||||
for line in order.order_line:
|
||||
if line.id == order_line_id:
|
||||
order_line = line
|
||||
break
|
||||
if order_line:
|
||||
product_id = order_line.product_id.id
|
||||
else:
|
||||
order_line_id = None
|
||||
|
@ -348,13 +352,15 @@ class Ecommerce(http.Controller):
|
|||
quantity = order_line_val['product_uom_qty'] + number
|
||||
if quantity < 0:
|
||||
quantity = 0
|
||||
order_line_ids = [order_line_id]
|
||||
else:
|
||||
fields = [k for k, v in order_line_obj._columns.items()]
|
||||
values = order_line_obj.default_get(request.cr, SUPERUSER_ID, fields, context=request.context)
|
||||
quantity = 1
|
||||
order_line_ids = []
|
||||
|
||||
# change and record value
|
||||
vals = order_line_obj._recalculate_product_values(request.cr, request.uid, [order_line_id], product_id, context=request.context)
|
||||
vals = order_line_obj._recalculate_product_values(request.cr, request.uid, order_line_ids, product_id, context=request.context)
|
||||
values.update(vals)
|
||||
|
||||
values['product_uom_qty'] = quantity
|
||||
|
@ -415,9 +421,9 @@ class Ecommerce(http.Controller):
|
|||
self.add_product_to_cart(product_id=product.id)
|
||||
return request.redirect("/shop/mycart/")
|
||||
|
||||
@website.route(['/shop/change_cart/<model("sale.order.line"):order_line>/'], type='http', auth="public", multilang=True)
|
||||
def add_cart_order_line(self, order_line=None, remove=None, **kw):
|
||||
self.add_product_to_cart(order_line_id=int(order_line.id), number=(remove and -1 or 1))
|
||||
@website.route(['/shop/change_cart/<int:order_line_id>/'], type='http', auth="public", multilang=True)
|
||||
def add_cart_order_line(self, order_line_id=None, remove=None, **kw):
|
||||
self.add_product_to_cart(order_line_id=order_line_id, number=(remove and -1 or 1))
|
||||
return request.redirect("/shop/mycart/")
|
||||
|
||||
@website.route(['/shop/add_cart_json/'], type='json', auth="public")
|
||||
|
@ -691,9 +697,13 @@ class Ecommerce(http.Controller):
|
|||
acquirer_total_url = '%s?%s' % (acquirer_form_post_url, urllib.urlencode(post))
|
||||
return request.redirect(acquirer_total_url)
|
||||
|
||||
@website.route('/shop/payment/get_status/<model("sale.order"):order>', type='json', auth="public", multilang=True)
|
||||
def payment_get_status(self, order, **post):
|
||||
@website.route('/shop/payment/get_status/<int:sale_order_id>', type='json', auth="public", multilang=True)
|
||||
def payment_get_status(self, sale_order_id, **post):
|
||||
cr, uid, context = request.cr, request.uid, request.context
|
||||
|
||||
order = request.registry['sale.order'].browse(cr, SUPERUSER_ID, sale_order_id, context=context)
|
||||
assert order.website_session_id == request.httprequest.session['website_session_id']
|
||||
|
||||
if not order:
|
||||
return {
|
||||
'state': 'error',
|
||||
|
@ -733,7 +743,8 @@ class Ecommerce(http.Controller):
|
|||
if sale_order_id is None:
|
||||
order = self.get_order()
|
||||
else:
|
||||
order = request.registry['sale.order'].browse(cr, uid, sale_order_id, context=context)
|
||||
order = request.registry['sale.order'].browse(cr, SUPERUSER_ID, sale_order_id, context=context)
|
||||
assert order.website_session_id == request.httprequest.session['website_session_id']
|
||||
|
||||
if tx.state == 'done':
|
||||
# confirm the quotation
|
||||
|
@ -752,8 +763,8 @@ class Ecommerce(http.Controller):
|
|||
|
||||
return request.redirect('/shop/confirmation/%s' % order.id)
|
||||
|
||||
@website.route(['/shop/confirmation/<model("sale.order"):order>'], type='http', auth="public", multilang=True)
|
||||
def payment_confirmation(self, order, **post):
|
||||
@website.route(['/shop/confirmation/<int:sale_order_id>'], type='http', auth="public", multilang=True)
|
||||
def payment_confirmation(self, sale_order_id, **post):
|
||||
""" End of checkout process controller. Confirmation is basically seing
|
||||
the status of a sale.order. State at this point :
|
||||
|
||||
|
@ -763,6 +774,9 @@ class Ecommerce(http.Controller):
|
|||
"""
|
||||
cr, uid, context = request.cr, request.uid, request.context
|
||||
|
||||
order = request.registry['sale.order'].browse(cr, SUPERUSER_ID, sale_order_id, context=context)
|
||||
assert order.website_session_id == request.httprequest.session['website_session_id']
|
||||
|
||||
return request.website.render("website_sale.confirmation", {'order': order})
|
||||
|
||||
@website.route(['/shop/change_sequence/'], type='json', auth="public")
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
from openerp import SUPERUSER_ID
|
||||
from openerp.osv import osv, fields
|
||||
from openerp.addons.web.http import request
|
||||
|
||||
|
||||
class SaleOrder(osv.Model):
|
||||
|
@ -34,7 +35,11 @@ class SaleOrderLine(osv.Model):
|
|||
if context is None:
|
||||
context = {}
|
||||
user_obj = self.pool.get('res.users')
|
||||
product_id = product_id or ids and self.browse(cr, uid, ids[0], context=context).product_id.id
|
||||
|
||||
if ids and not product_id:
|
||||
order_line = self.browse(cr, SUPERUSER_ID, ids[0], context=context)
|
||||
assert order_line.order_id.website_session_id == request.httprequest.session['website_session_id']
|
||||
product_id = product_id or order_line.product_id.id
|
||||
|
||||
return self.product_id_change(
|
||||
cr, SUPERUSER_ID, ids,
|
||||
|
|
|
@ -507,14 +507,14 @@
|
|||
<td>
|
||||
<div class="input-group">
|
||||
<span class="input-group-addon">
|
||||
<a t-href="./change_cart/#{ line.id }/?remove=True" class="mb8 js_add_cart_json">
|
||||
<a t-href="../change_cart/#{ line.id }/?remove=True" class="mb8 js_add_cart_json">
|
||||
<i class="fa fa-minus-square"></i>
|
||||
</a>
|
||||
</span>
|
||||
<input type="text" class="js_quantity form-control"
|
||||
t-att-data-id="line.id" t-att-value="int(line.product_uom_qty)"/>
|
||||
<span class="input-group-addon">
|
||||
<a t-href="./change_cart/#{ line.id }/" class="mb8 float_left js_add_cart_json">
|
||||
<a t-href="../change_cart/#{ line.id }/" class="mb8 float_left js_add_cart_json">
|
||||
<i class="fa fa-plus-square"></i>
|
||||
</a>
|
||||
</span>
|
||||
|
|
Loading…
Reference in New Issue