From 214784d4d30cc0c86239192e1a353e570f776452 Mon Sep 17 00:00:00 2001 From: Sreejith Date: Thu, 4 Jan 2018 15:46:14 +0530 Subject: [PATCH] [CNG] Security Added --- website_coupon/README.rst | 24 ++++++++++++++++++++- website_coupon/__manifest__.py | 13 ++++++----- website_coupon/controllers/main.py | 16 +++++++------- website_coupon/models/gift_voucher.py | 1 - website_coupon/security/ir.model.access.csv | 12 ++++++++--- 5 files changed, 48 insertions(+), 18 deletions(-) diff --git a/website_coupon/README.rst b/website_coupon/README.rst index d3ed5c252..b09683364 100644 --- a/website_coupon/README.rst +++ b/website_coupon/README.rst @@ -21,7 +21,8 @@ Additional Features (version: 10.0.2) Installation ============ -Just select it from available modules to install it, there is no need to extra installations. +- www.odoo.com/documentation/10.0/setup/install.html +- Install our custom addon Configuration ============= @@ -30,6 +31,27 @@ After installing the module, go to sales and create vouchers from the vouchers m generate the coupons related to this voucher. Now go to website, go to cart and under the customize menu, enable the voucher code option. +License +======= +GNU LESSER GENERAL PUBLIC LICENSE, Version 3 (LGPLv3) +(http://www.gnu.org/licenses/agpl.html) + +Bug Tracker +=========== +Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. + Credits ======= +* Cybrosys Techno Solutions + +Author +------ + Developer: Linto CT @ cybrosys, linto@cybrosys.in + +Maintainer +---------- + +This module is maintained by Cybrosys Technologies. + +For support and more information, please visit https://www.cybrosys.com. diff --git a/website_coupon/__manifest__.py b/website_coupon/__manifest__.py index d774347e9..c161555f3 100644 --- a/website_coupon/__manifest__.py +++ b/website_coupon/__manifest__.py @@ -18,26 +18,29 @@ # # You should have received a copy of the GNU LESSER GENERAL PUBLIC LICENSE # GENERAL PUBLIC LICENSE (LGPL v3) along with this program. -# If not, see . +# If not, see . # ############################################################################## { 'name': 'Website Coupon Code', - 'version': '10.0.2.0', - 'category': 'Website', - 'sequence': 56, + 'version': '10.0.2.0.0', 'summary': 'Manage Website Coupon Codes for Products/Categories/All Products & Its Redeem Operations', + 'category': 'Website', 'author': 'Cybrosys Techno Solutions', 'company': 'Cybrosys Techno Solutions', + 'maintainer': 'Cybrosys Techno Solutions', 'depends': ['sale', 'website_sale'], - 'website': 'http://www.cybrosys.com', + 'website': 'https://www.cybrosys.com', 'data': [ 'data/product_data.xml', 'views/gift_voucher.xml', 'views/applied_coupons.xml', 'views/templates.xml', + 'security/ir.model.access.csv' ], 'images': ['static/description/banner.jpg'], + 'license': 'AGPL-3', 'installable': True, 'auto_install': False, + 'application': False, } diff --git a/website_coupon/controllers/main.py b/website_coupon/controllers/main.py index f01032689..965797d74 100644 --- a/website_coupon/controllers/main.py +++ b/website_coupon/controllers/main.py @@ -1,9 +1,9 @@ # -*- coding: utf-8 -*- -from odoo import http, tools, _ -from odoo.http import request from datetime import datetime from dateutil import parser +from odoo import http, tools, _ +from odoo.http import request class WebsiteCoupon(http.Controller): @@ -108,32 +108,32 @@ class WebsiteCoupon(http.Controller): if type == 'fixed': # coupon type is 'fixed'-------------------------------------- if voucher_val < order.amount_total: - res = coupon_product.product_tmpl_id.write({'list_price': -voucher_val}) + coupon_product.product_tmpl_id.write({'list_price': -voucher_val}) + else: return request.redirect("/shop/cart?coupon_not_available=3") elif type == 'percentage': # coupon type is percentage ------------------------------------- + amount_final = 0 if voucher_type == 'product': for line in order.order_line: if line.product_id.name == categ_id.name: amount_final = (voucher_val / 100) * line.price_total break elif voucher_type == 'category': - amount_final = 0 for line in order.order_line: if line.product_id.categ_id.name == product_id.name: amount_final += (voucher_val / 100) * line.price_total elif voucher_type == 'all': amount_final = (voucher_val/100) * order.amount_total - res = coupon_product.product_tmpl_id.write({'list_price': -amount_final}) - value = order._cart_update(product_id=coupon_product.id, set_qty=1, add_qty=1) - + coupon_product.product_tmpl_id.write({'list_price': -amount_final}) + order._cart_update(product_id=coupon_product.id, set_qty=1, add_qty=1) # updating coupon balance-------------- total = coupon.total_avail - 1 coupon.write({'total_avail': total}) # creating a record for this partner, i.e he is used this coupon once----------- if not applied_coupons: - res = curr_user.partner_id.write({'applied_coupon': [(0, 0, {'partner_id': curr_user.partner_id.id, + curr_user.partner_id.write({'applied_coupon': [(0, 0, {'partner_id': curr_user.partner_id.id, 'coupon': coupon.code, 'number': 1})]}) else: diff --git a/website_coupon/models/gift_voucher.py b/website_coupon/models/gift_voucher.py index 467b01ee9..c9b03c719 100644 --- a/website_coupon/models/gift_voucher.py +++ b/website_coupon/models/gift_voucher.py @@ -64,7 +64,6 @@ class GiftCoupon(models.Model): partner_id = fields.Many2one('res.partner', string="Limit to a Single Partner") limit = fields.Integer(string="Total Available For Each User", default=1) total_avail = fields.Integer(string="Total Available", default=1) - voucher_val = fields.Float(string="Voucher Value") type = fields.Selection([ ('fixed', 'Fixed Amount'), diff --git a/website_coupon/security/ir.model.access.csv b/website_coupon/security/ir.model.access.csv index 66dea659c..4012abf0e 100644 --- a/website_coupon/security/ir.model.access.csv +++ b/website_coupon/security/ir.model.access.csv @@ -1,4 +1,10 @@ id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink -access_website_coupon_voucher,website_coupon_gift_voucher,model_gift_voucher,,1,1,1,1 -access_website_coupon_coupon,website_coupon_gift_coupon,model_gift_coupon,,1,1,1,1 -access_website_coupon_partner,website_coupon_partner_coupon,model_partner_coupon,,1,1,1,1 +access_website_coupon_voucher,website_coupon_gift_voucher,model_gift_voucher,sales_team.group_sale_manager,1,1,1,1 +access_website_coupon_coupon,website_coupon_gift_coupon,model_gift_coupon,sales_team.group_sale_manager,1,1,1,1 +access_website_coupon_partner,website_coupon_partner_coupon,model_partner_coupon,sales_team.group_sale_manager,1,1,1,1 +access_website_voucher_user1,website_coupon_voucher_usr1,model_gift_voucher,sales_team.group_sale_salesman_all_leads,1,0,0,0 +access_website_coupon_usr1,website_gift_coupon_usr1,model_gift_coupon,sales_team.group_sale_salesman_all_leads,1,0,0,0 +access_website_coupon_partner_usr1,website_coupon_partner_usr1,model_partner_coupon,sales_team.group_sale_salesman_all_leads,1,0,0,0 +access_website_voucher_user2,website_coupon_voucher_usr2,model_gift_voucher,sales_team.group_sale_salesman,1,0,0,0 +access_website_coupon_usr2,website_gift_coupon_usr2,model_gift_coupon,sales_team.group_sale_salesman,1,0,0,0 +access_website_coupon_partner_usr2,website_coupon_partner_usr2,model_partner_coupon,sales_team.group_sale_salesman,1,0,0,0