This question has been flagged
4 Replies
3732 Views

In my Odoo 11 server addon module have a web controller that uses auth='none' to provide an API. I have constructed it per documentation and examples from Odoo code. I want it to be available for non-Odoo callers w/o a session. Here is the code


class MyController(http.Controller):
log.info('loading MyController class')
# route declaration example copied from Odoo codebase
# @http.route('/web/database/create', type='http', auth="none", methods=['POST'], csrf=False)
@http.route('/my_controller/event/', type='http', auth='none', methods=['POST'], csrf=False)
def index(self, **post):
return "Hello, world"



I know the class is being loaded because of the logging. The route declarations is copied from Odoo code that does get the route registered. Am I doing something wrong, or is this an Odoo bug? If it's me, how is the Odoo code managing to get its route entered into the nodb_routing_map?

Any solution would be most appreciated.


Avatar
Discard
Author

I should note that if the route is called from a browser with an active Odoo session then it is found and the decorated function gets executed. The problem is that auth='none' is documented as making the route always available, such as when there is no session or active DB. That is not happening in this case.

Author Best Answer

OK, I got it. In order to work as advertised in the documentation, the module must be specified in the config for server_wide_modules in the [options] section or equivalently by the --load CLI option. The default in the code is to have only web specified for this option.

NOTE: If you avail yourself of this option be sure to include web in your list. Leaving it out will cause the entire /web/... hierarchy of URLs to generate 404 Not Found errors.

In the config file it looks like this:

    server_wide_modules = web,my_controller_module

On the command line it is:

    --load web,my_controller_module

Since the entire server_wide_modules/--load option is not described in the documents, I have no idea what else it might affect. It would be truly lovely if this were in the documentation somewhere.


ADDENDUM:

I can add some info provided by  pedrobaeza [https://github.com/pedrobaeza].  The behavior depends on whether there is a single DB or multiple DBs active in the server. With only one DB the `auth="none"` feature works per the docs. With more than one it behaves as I have described. If you have trouble with an `auth="none"` web controller limit your server to one DB using the `-d` option or else add your module to the `--load` list along with `web`.

Avatar
Discard

If you like to improve the odoo documentation, you can edit it in github and create a PR, then odoo will check and merge it.

For future reference, regarding the controllers: https://www.youtube.com/watch?v=8395q9DYHfg&t=17s

Author

Hi Niyas,

Thank you for the video link. My controller needs auth="none", which I think is outside the scope, but with Odoo more info is always better.

Since I don't know all of the effects of the --load option I'm hesitant to try to document it myself. Also I work for a large organization that makes the paperwork to satisfy the Odoo contributor agreement very troublesome. I'll try to find a way to get this properly documented so that no other Odoo users have to waste a day discovering it as I did.