From 78e84a4335e2732053979abae94ba559f3cbc513 Mon Sep 17 00:00:00 2001 From: AjmalCybro Date: Wed, 13 Sep 2023 16:57:00 +0530 Subject: [PATCH] Sep 13 [FIX] : Bug Fixed 'access_restriction_by_ip' --- access_restriction_by_ip/controllers/main.py | 40 +++++++++++++++---- access_restriction_by_ip/doc/RELEASE_NOTES.md | 9 ++++- 2 files changed, 41 insertions(+), 8 deletions(-) diff --git a/access_restriction_by_ip/controllers/main.py b/access_restriction_by_ip/controllers/main.py index 394742c96..5ce271a19 100644 --- a/access_restriction_by_ip/controllers/main.py +++ b/access_restriction_by_ip/controllers/main.py @@ -17,7 +17,6 @@ # If not, see . # ############################################################################## -from odoo.addons.web.controllers import utils from odoo.addons.web.controllers import home from odoo.http import request from odoo.exceptions import Warning @@ -25,19 +24,33 @@ import odoo import odoo.modules.registry from odoo.tools.translate import _ from odoo import http +from odoo.addons.web.controllers.utils import ensure_db, _get_login_redirect_url, is_user_internal + +SIGN_UP_REQUEST_PARAMS = {'db', 'login', 'debug', 'token', 'message', 'error', 'scope', 'mode', + 'redirect', 'redirect_hostname', 'email', 'name', 'partner_id', + 'password', 'confirm_password', 'city', 'country_id', 'lang', 'signup_email'} class Home(home.Home): - @http.route('/web/login', type='http', auth="public") + @http.route('/web/login', type='http', auth="none") def web_login(self, redirect=None, **kw): - utils.ensure_db() + ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return request.redirect(redirect) - if not request.uid: - request.uid = odoo.SUPERUSER_ID - values = request.params.copy() + + # simulate hybrid auth=user/auth=public, despite using auth=none to be able + # to redirect users when no db is selected - cfr ensure_db() + if request.env.uid is None: + if request.session.uid is None: + # no user -> auth=public with specific website public user + request.env["ir.http"]._auth_method_public() + else: + # auth=user + request.update_env(user=request.session.uid) + + values = {k: v for k, v in request.params.items() if k in SIGN_UP_REQUEST_PARAMS} try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: @@ -81,4 +94,17 @@ class Home(home.Home): request.update_env = old_uid if e.args == odoo.exceptions.AccessDenied().args: values['error'] = _("Wrong login/password") - return request.render('web.login', values) + else: + if 'error' in request.params and request.params.get('error') == 'access': + values['error'] = _('Only employees can access this database. Please contact the administrator.') + + if 'login' not in values and request.session.get('auth_login'): + values['login'] = request.session.get('auth_login') + + if not odoo.tools.config['list_db']: + values['disable_database_manager'] = True + + response = request.render('web.login', values) + response.headers['X-Frame-Options'] = 'SAMEORIGIN' + response.headers['Content-Security-Policy'] = "frame-ancestors 'self'" + return response diff --git a/access_restriction_by_ip/doc/RELEASE_NOTES.md b/access_restriction_by_ip/doc/RELEASE_NOTES.md index 2eed8cb06..7d9ae3cf2 100644 --- a/access_restriction_by_ip/doc/RELEASE_NOTES.md +++ b/access_restriction_by_ip/doc/RELEASE_NOTES.md @@ -2,4 +2,11 @@ #### 12.12.2021 #### Version 15.0.1.0.0 -#### ADD Initial Commit for access_restriction_by_ip \ No newline at end of file +#### ADD Initial Commit for access_restriction_by_ip + +#### 12.09.2023 +#### Version 16.0.1.0.0 +#### Bug fixing related to addon's updates + + +