This question has been flagged

Hi!

I have my Python code which want to use in automated action. I can't use it directly because import is prohibited:

forbidden opcode(s) in ... IMPORT_NAME

I can create a module and publish it on GitHib to get our Odoo.sh updated, then install it, but then I stucked again with same problem: i can't use "import" command in action script.

What am I doing wrong? How to create automated action in a way allow to use my python code?

(my use case is very simple: when data changed in monitored model, in Automated Action, OnCreateOrUpdate, I must call my REST API endpoint (doing that by using "import requests") and passing there details of changed data).

Please give me an advice, I'm fully locked between closed doors, looking forward for any hint!

Avatar
Discard

Hi - can you please add the code too? It is hard to help/debug without the code.

Best Answer

`import` is indeed prevented in automated/server actions.

This is expected in Odoo for security concerns: Adding it would mean anyone having the Settings access to your Odoo database would be able to import any Python module, and therefore do about anything they want with your database and server filesystem.

e.g.

import shutil
shutil.rmtree('.')  # Deleting all folders and files of current directory

This is even more problematic when your Odoo server hosts multiple databases: Any administrator of any database would be able to do about anything in all other databases and filestores. It does not apply to Odoo.sh, as each server is isolated and only host one database at a time. But, this behavior is a restriction of the standard Odoo server, which can have multiple databases hosted by the server, and this is therefore important to mention this case.

Why don't you just create a custom module that overrides the `create` and `write` method of the model you want monitored, to contact this REST API endpoint ?
- It will be safer,
- It will scale better as your business/customization grows. Indeed, you will use the versioning of Git and have a history of what is done for which reason by who.

If you still want to be able to use imports in automated actions, which is STRICTLY UNADVISED for the reason stated above, you can create a custom module overriding the `_SAFE_OPCODES` list to add the given opcode `IMPORT_NAME`.
https://github.com/odoo/odoo/blob/d7cfa8c502f27bee5c2fccb35db47b08e3b3804b/odoo/tools/safe_eval.py#L95

Avatar
Discard