Odoo Help

2 Answers

Denis Ledoux (dle)

--Denis Ledoux (dle)--
| 5 5 7
Ramillies, Belgium
--Denis Ledoux (dle)--

Denis Ledoux (dle)
7/16/18, 2:25 PM

`import` is indeed prevented in automated/server actions.

This is expected in Odoo for security concerns: Adding it would mean anyone having the Settings access to your Odoo database would be able to import any Python module, and therefore do about anything they want with your database and server filesystem.


import shutil
shutil.rmtree('.')  # Deleting all folders and files of current directory

This is even more problematic when your Odoo server hosts multiple databases: Any administrator of any database would be able to do about anything in all other databases and filestores. It does not apply to Odoo.sh, as each server is isolated and only host one database at a time. But, this behavior is a restriction of the standard Odoo server, which can have multiple databases hosted by the server, and this is therefore important to mention this case.

Why don't you just create a custom module that overrides the `create` and `write` method of the model you want monitored, to contact this REST API endpoint ?
- It will be safer,
- It will scale better as your business/customization grows. Indeed, you will use the versioning of Git and have a history of what is done for which reason by who.

If you still want to be able to use imports in automated actions, which is STRICTLY UNADVISED for the reason stated above, you can create a custom module overriding the `_SAFE_OPCODES` list to add the given opcode `IMPORT_NAME`.

Ask a Question
Keep Informed
1 follower(s)
About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now