Browse Source

Sep 13 [FIX] : Bug Fixed 'access_restriction_by_ip'

pull/277/head
AjmalCybro 2 years ago
parent
commit
78e84a4335
  1. 40
      access_restriction_by_ip/controllers/main.py
  2. 9
      access_restriction_by_ip/doc/RELEASE_NOTES.md

40
access_restriction_by_ip/controllers/main.py

@ -17,7 +17,6 @@
# If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
from odoo.addons.web.controllers import utils
from odoo.addons.web.controllers import home
from odoo.http import request
from odoo.exceptions import Warning
@ -25,19 +24,33 @@ import odoo
import odoo.modules.registry
from odoo.tools.translate import _
from odoo import http
from odoo.addons.web.controllers.utils import ensure_db, _get_login_redirect_url, is_user_internal
SIGN_UP_REQUEST_PARAMS = {'db', 'login', 'debug', 'token', 'message', 'error', 'scope', 'mode',
'redirect', 'redirect_hostname', 'email', 'name', 'partner_id',
'password', 'confirm_password', 'city', 'country_id', 'lang', 'signup_email'}
class Home(home.Home):
@http.route('/web/login', type='http', auth="public")
@http.route('/web/login', type='http', auth="none")
def web_login(self, redirect=None, **kw):
utils.ensure_db()
ensure_db()
request.params['login_success'] = False
if request.httprequest.method == 'GET' and redirect and request.session.uid:
return request.redirect(redirect)
if not request.uid:
request.uid = odoo.SUPERUSER_ID
values = request.params.copy()
# simulate hybrid auth=user/auth=public, despite using auth=none to be able
# to redirect users when no db is selected - cfr ensure_db()
if request.env.uid is None:
if request.session.uid is None:
# no user -> auth=public with specific website public user
request.env["ir.http"]._auth_method_public()
else:
# auth=user
request.update_env(user=request.session.uid)
values = {k: v for k, v in request.params.items() if k in SIGN_UP_REQUEST_PARAMS}
try:
values['databases'] = http.db_list()
except odoo.exceptions.AccessDenied:
@ -81,4 +94,17 @@ class Home(home.Home):
request.update_env = old_uid
if e.args == odoo.exceptions.AccessDenied().args:
values['error'] = _("Wrong login/password")
return request.render('web.login', values)
else:
if 'error' in request.params and request.params.get('error') == 'access':
values['error'] = _('Only employees can access this database. Please contact the administrator.')
if 'login' not in values and request.session.get('auth_login'):
values['login'] = request.session.get('auth_login')
if not odoo.tools.config['list_db']:
values['disable_database_manager'] = True
response = request.render('web.login', values)
response.headers['X-Frame-Options'] = 'SAMEORIGIN'
response.headers['Content-Security-Policy'] = "frame-ancestors 'self'"
return response

9
access_restriction_by_ip/doc/RELEASE_NOTES.md

@ -2,4 +2,11 @@
#### 12.12.2021
#### Version 15.0.1.0.0
#### ADD Initial Commit for access_restriction_by_ip
#### ADD Initial Commit for access_restriction_by_ip
#### 12.09.2023
#### Version 16.0.1.0.0
#### Bug fixing related to addon's updates

Loading…
Cancel
Save