Web Controllers¶
Controllers¶
Controllers need to provide extensibility, much like
Model
, but can’t use the same mechanism as the
pre-requisites (a database with loaded modules) may not be available yet (e.g.
no database created, or no database selected).
Controllers thus provide their own extension mechanism, separate from that of models:
Controllers are created by inheriting from Controller
.
Routes are defined through methods decorated with route()
:
class MyController(odoo.http.Controller):
@route('/some_url', auth='public')
def handler(self):
return stuff()
To override a controller, inherit from its class and override relevant methods, re-exposing them if necessary:
class Extension(MyController):
@route()
def handler(self):
do_before()
return super(Extension, self).handler()
decorating with
route()
is necessary to keep the method (and route) visible: if the method is redefined without decorating, it will be “unpublished”the decorators of all methods are combined, if the overriding method’s decorator has no argument all previous ones will be kept, any provided argument will override previously defined ones e.g.:
class Restrict(MyController): @route(auth='user') def handler(self): return super(Restrict, self).handler()
will change
/some_url
from public authentication to user (requiring a log-in)
API¶
Routing¶
- @odoo.http.route(route=None, **routing)[código fonte]¶
Decorate a controller method in order to route incoming requests matching the given URL and options to the decorated method.
Aviso
It is mandatory to re-decorate any method that is overridden in controller extensions but the arguments can be omitted. See
Controller
for more details.- Parâmetros
route (Union[str, Iterable[str]]) – The paths that the decorated method is serving. Incoming HTTP request paths matching this route will be routed to this decorated method. See werkzeug routing documentation for the format of route expressions.
type (str) – The type of request, either
'json'
or'http'
. It describes where to find the request parameters and how to serialize the response.auth (str) –
The authentication method, one of the following:
'user'
: The user must be authenticated and the current request will be executed using the rights of the user.'public'
: The user may or may not be authenticated. If he isn’t, the current request will be executed using the shared Public user.'none'
: The method is always active, even if there is no database. Mainly used by the framework and authentication modules. The request code will not have any facilities to access the current user.
methods (Iterable[str]) – A list of http methods (verbs) this route applies to. If not specified, all methods are allowed.
cors (str) – The Access-Control-Allow-Origin cors directive value.
csrf (bool) – Whether CSRF protection should be enabled for the route. Enabled by default for
'http'
-type requests, disabled by default for'json'
-type requests.handle_params_access_error (Callable[[Exception], Response]) – Implement a custom behavior if an error occurred when retrieving the record from the URL parameters (access error or missing error).
Request¶
The request object is automatically set on odoo.http.request
at
the start of the request.
- class odoo.http.Request(httprequest)[código fonte]¶
Wrapper around the incoming HTTP request with deserialized request parameters, session utilities and request dispatching logic.
- update_env(user=None, context=None, su=None)[código fonte]¶
Update the environment of the current request.
- update_context(**overrides)[código fonte]¶
Override the environment context of the current request with the values of
overrides
. To replace the entire context, please useupdate_env()
instead.
- csrf_token(time_limit=None)[código fonte]¶
Generates and returns a CSRF token for the current session
- validate_csrf(csrf)[código fonte]¶
Is the given csrf token valid ?
- default_lang()[código fonte]¶
Returns default user language according to request specification
- Retorna
Preferred language if specified or ‘en_US’
- Tipo de retorno
- get_http_params()[código fonte]¶
Extract key=value pairs from the query string and the forms present in the body (both application/x-www-form-urlencoded and multipart/form-data).
- Retorna
The merged key-value pairs.
- Tipo de retorno
- make_response(data, headers=None, cookies=None, status=200)[código fonte]¶
Helper for non-HTML responses, or HTML responses with custom response headers or cookies.
While handlers can just return the HTML markup of a page they want to send as a string if non-HTML data is returned they need to create a complete response object, or the returned data will not be correctly interpreted by the clients.
- Parâmetros
data (str) – response body
status (int) – http status code
headers (
[(name, value)]
) – HTTP headers to set on the responsecookies (collections.abc.Mapping) – cookies to set on the client
- Retorna
a response object.
- Tipo de retorno
- make_json_response(data, headers=None, cookies=None, status=200)[código fonte]¶
Helper for JSON responses, it json-serializes
data
and sets the Content-Type header accordingly if none is provided.- Parâmetros
data – the data that will be json-serialized into the response body
status (int) – http status code
headers (List[(str, str)]) – HTTP headers to set on the response
cookies (collections.abc.Mapping) – cookies to set on the client
- Tipo de retorno
- not_found(description=None)[código fonte]¶
Shortcut for a HTTP 404 (Not Found) response
- render(template, qcontext=None, lazy=True, **kw)[código fonte]¶
Lazy render of a QWeb template.
The actual rendering of the given template will occur at then end of the dispatching. Meanwhile, the template and/or qcontext can be altered or even replaced by a static response.
- class odoo.http.JsonRPCDispatcher(request)[código fonte]¶
- classmethod is_compatible_with(request)[código fonte]¶
Determine if the current request is compatible with this dispatcher.
- dispatch(endpoint, args)[código fonte]¶
JSON-RPC 2 over HTTP.
Our implementation differs from the specification on two points:
The
method
member of the JSON-RPC request payload is ignored as the HTTP path is already used to route the request to the controller.We only support parameter structures by-name, i.e. the
params
member of the JSON-RPC request payload MUST be a JSON Object and not a JSON Array.
In addition, it is possible to pass a context that replaces the session context via a special
context
argument that is removed prior to calling the endpoint.Successful request:
--> {"jsonrpc": "2.0", "method": "call", "params": {"arg1": "val1" }, "id": null} <-- {"jsonrpc": "2.0", "result": { "res1": "val1" }, "id": null}
Request producing a error:
--> {"jsonrpc": "2.0", "method": "call", "params": {"arg1": "val1" }, "id": null} <-- {"jsonrpc": "2.0", "error": {"code": 1, "message": "End user error message.", "data": {"code": "codestring", "debug": "traceback" } }, "id": null}
- handle_error(exc: Exception) collections.abc.Callable [código fonte]¶
Handle any exception that occurred while dispatching a request to a
type='json'
route. Also handle exceptions that occurred when no route matched the request path, that no fallback page could be delivered and that the requestContent-Type
was json.- Parâmetros
exc – the exception that occurred.
- Retorna
a WSGI application
- class odoo.http.HttpDispatcher(request)[código fonte]¶
- classmethod is_compatible_with(request)[código fonte]¶
Determine if the current request is compatible with this dispatcher.
- dispatch(endpoint, args)[código fonte]¶
Perform http-related actions such as deserializing the request body and query-string and checking cors/csrf while dispatching a request to a
type='http'
route.See
load()
method for the compatible endpoint return types.
- handle_error(exc: Exception) collections.abc.Callable [código fonte]¶
Handle any exception that occurred while dispatching a request to a
type='http'
route. Also handle exceptions that occurred when no route matched the request path, when no fallback page could be delivered and that the requestContent-Type
was not json.- Parâmetros
exc (Exception) – the exception that occurred.
- Retorna
a WSGI application
Response¶
- class odoo.http.Response(*args, **kw)[código fonte]¶
Outgoing HTTP response with body, status, headers and qweb support. In addition to the
werkzeug.wrappers.Response
parameters, this class’s constructor can take the following additional parameters for QWeb Lazy Rendering.- Parâmetros
these attributes are available as parameters on the Response object and can be altered at any time before rendering
Also exposes all the attributes and methods of
werkzeug.wrappers.Response
.- classmethod load(result, fname='<function>')[código fonte]¶
Convert the return value of an endpoint into a Response.
- Parâmetros
result (Union[Response, werkzeug.wrappers.BaseResponse, werkzeug.exceptions.HTTPException, str, bytes, NoneType]) – The endpoint return value to load the Response from.
fname (str) – The endpoint function name wherefrom the result emanated, used for logging.
- Retorna
The created
Response
.- Tipo de retorno
- Levanta
TypeError – When
result
type is none of the above- mentioned type.
- render()[código fonte]¶
Renders the Response’s template, returns the result.
- flatten()[código fonte]¶
Forces the rendering of the response’s template, sets the result as response body and unsets
template
- set_cookie(key, value='', max_age=None, expires=- 1, path='/', domain=None, secure=False, httponly=False, samesite=None, cookie_type='required')[código fonte]¶
The default expires in Werkzeug is None, which means a session cookie. We want to continue to support the session cookie, but not by default. Now the default is arbitrary 1 year. So if you want a cookie of session, you have to explicitly pass expires=None.