Přejít na obsah
Menu
You need to be registered to interact with the community.
This question has been flagged
1 Odpovědět
2097 Zobrazení

Hi All,

I found an URL /web/tests​ in Odoo default addon. Now this route is accessible to all internal users. i need to limit this access to some users who belong to a particular security group. 
I tried below steps:

  1. Created a new group
  2. Added some employees to this group
  3. Created a new Record rule for the model of ir.http
  4. In the domain field of the Record rule, i added the desired URL, /web/tests
  5. And i logged in as a user who does not belong to the above-mentioned group.
  6. But still, the user can access the URL.

I need to prevent this.

Avatar
Zrušit
Nejlepší odpověď

Hi, 

You can try creating a custom decorator and use it in routes,

from odoo import http
from odoo.http import request

class TestController(http.Controller):

@http.route('/web/tests', type='http', auth='user')
@check_user_groups('your_module.your_group')
def tests(self, **kw):

​#Your controller 

Now you have to create the custom decorator,

from functools import wraps
from odoo.exceptions import AccessError

def check_user_groups(group_xml_id):
​def decorator(func):
​@wraps(func)
​def wrapper(self, *args, **kwargs):
​if not request.env.user.has_group(group_xml_id):
​raise AccessError("You do not have access rights to view this page.")
​return func(self, *args, **kwargs)
​return wrapper
​return decorator

this decorator checks if the current user is part of the specified group and manage the access at the route level.

Thanks

Avatar
Zrušit
Related Posts Odpovědi Zobrazení Aktivita
1
zář 20
4767
0
čvc 20
4720
1
čvc 19
6473
8
kvě 15
4763
0
lis 23
1843