Nov 28 [UPDT] : Updated 'rest_api_odoo'

5 months ago · fd7401080d
6 changed files with 45 additions and 11 deletions
--- a/rest_api_odoo/manifest.py
+++ b/rest_api_odoo/manifest.py
@ -25,7 +25,7 @@
    "summary": """This app helps to interact with odoo
     backend with help of rest api requests""",
    "category": "Tools",
-    "version": "16.0.1.0.0",
+    "version": "16.0.1.0.1",
    'author': 'Cybrosys Techno Solutions',
    'company': 'Cybrosys Techno Solutions',
    'maintainer': 'Cybrosys Techno Solutions',
--- a/rest_api_odoo/doc/RELEASE_NOTES.md
+++ b/rest_api_odoo/doc/RELEASE_NOTES.md
@ -3,3 +3,9 @@
 #### 28.12.2023
 #### Version 16.0.1.0.0
 - Initial Commit for Odoo REST API
+
+### 09.12.2024
+### Version 16.0.1.0.1
+### UPDT
+
+- Bug Fix - Fixed the access issues.
--- a/rest_api_odoo/models/connection_api.py
+++ b/rest_api_odoo/models/connection_api.py
@ -20,7 +20,8 @@
 #
 #############################################################################

-from odoo import fields, models
+from odoo import api, fields, models
+from odoo.exceptions import AccessError


 class ConnectionApi(models.Model):
@ -45,3 +46,28 @@ class ConnectionApi(models.Model):
    is_delete = fields.Boolean(string='DELETE',
                               help="Select this to enable DELETE method "
                                    "while sending requests.")
+
+    @api.onchange('model_id')
+    def _onchange_model_id(self):
+        for record in self:
+            if record.model_id:
+                model_name = record.model_id.model
+                print(model_name)
+                # Check permissions
+                try:
+                    can_read = self.env[model_name].check_access_rights(
+                        'read', raise_exception=False)
+                    can_write = self.env[model_name].check_access_rights(
+                        'write', raise_exception=False)
+                    print(can_write,can_read)
+                    # record.can_create = self.env[
+                    #     model_name].check_access_rights('create',
+                    #                                     raise_exception=False)
+                    # record.can_unlink = self.env[
+                    #     model_name].check_access_rights('unlink',
+                    #                                     raise_exception=False)
+                except AccessError:
+                    can_read = False
+                    can_write = False
+                    can_create = False
+                    can_unlink = False
--- a/rest_api_odoo/security/ir.model.access.csv
+++ b/rest_api_odoo/security/ir.model.access.csv
@ -1,2 +1,2 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
-access_connection_api,access.connection.api,model_connection_api,,1,1,1,1
+access_connection_api,access.connection.api,model_connection_api,base.group_system,1,1,1,1
--- a/rest_api_odoo/static/description/index.html
+++ b/rest_api_odoo/static/description/index.html
@ -253,7 +253,9 @@
                    you can
                    authenticate rest api.
                </li>
-            <li>First, extract the <b>zip</b> file. Then, you will obtain the JSON-format file, which you can directly import into <b>POSTMAN.</b></li>
+                <li>First, extract the <b>zip</b> file. Then, you will obtain
+                    the JSON-format file, which you can directly import into <b>POSTMAN.</b>
+                </li>
                <li>The url format will be like this - <b>http://cybrosys:8016/odoo_connect</b>
                    Replace 'cybrosys:8016' with your localhost port number.
                </li>
@ -280,8 +282,9 @@
            </h3>
            <p style="font-weight: 400; font-family: 'Montserrat', sans-serif; font-size: 14px;">
            <ul>
-                <li>After rest api authentication, we can create records in the
-                    rest api app.
+                <li>Once authenticated via the REST API, records can be created
+                    within the REST API application. <br/><b>Note:</b> Only
+                    administrators have access to view the module.
                </li>
                <li>Here we can choose the model, and also we can
                    choose the http methods.
@ -379,7 +382,8 @@
                <li>You have to provide the model and also the id or the record
                    that you want to update.
                </li>
-                <li>You can use the Postman collection that we have provided and , you
+                <li>You can use the Postman collection that we have provided and
+                    , you
                    will be always have to send request with your login
                    credentials. Otherwise, it will be showing access denied.
                </li>
--- a/rest_api_odoo/views/connection_api_views.xml
+++ b/rest_api_odoo/views/connection_api_views.xml
@ -38,7 +38,6 @@
        </field>
    </record>
    <!-- Action  for 'connection.api' model with Tree and form views.  -->
-
    <record id="rest_api_root_action" model="ir.actions.act_window">
        <field name="name">Rest API Records</field>
        <field name="type">ir.actions.act_window</field>
@ -51,8 +50,7 @@
        </field>
    </record>
    <!-- Menu items for the REST API.  -->
-
-    <menuitem id="rest_api_root"
+    <menuitem id="rest_api_root" groups="base.group_system"
              name="Rest API"
              sequence="10"
              web_icon="rest_api_odoo,static/description/icon.png"/>