تخطي للذهاب إلى المحتوى
القائمة
لقد تم الإبلاغ عن هذا السؤال
1 الرد
2098 أدوات العرض

Hi All,

I found an URL /web/tests​ in Odoo default addon. Now this route is accessible to all internal users. i need to limit this access to some users who belong to a particular security group. 
I tried below steps:

  1. Created a new group
  2. Added some employees to this group
  3. Created a new Record rule for the model of ir.http
  4. In the domain field of the Record rule, i added the desired URL, /web/tests
  5. And i logged in as a user who does not belong to the above-mentioned group.
  6. But still, the user can access the URL.

I need to prevent this.

الصورة الرمزية
إهمال
أفضل إجابة

Hi, 

You can try creating a custom decorator and use it in routes,

from odoo import http
from odoo.http import request

class TestController(http.Controller):

@http.route('/web/tests', type='http', auth='user')
@check_user_groups('your_module.your_group')
def tests(self, **kw):

​#Your controller 

Now you have to create the custom decorator,

from functools import wraps
from odoo.exceptions import AccessError

def check_user_groups(group_xml_id):
​def decorator(func):
​@wraps(func)
​def wrapper(self, *args, **kwargs):
​if not request.env.user.has_group(group_xml_id):
​raise AccessError("You do not have access rights to view this page.")
​return func(self, *args, **kwargs)
​return wrapper
​return decorator

this decorator checks if the current user is part of the specified group and manage the access at the route level.

Thanks

الصورة الرمزية
إهمال
المنشورات ذات الصلة الردود أدوات العرض النشاط
1
سبتمبر 20
4767
0
يوليو 20
4724
1
يوليو 19
6473
8
مايو 15
4764
0
نوفمبر 23
1845