Skip to Content
This question has been flagged
actionpythonautomatedautomationodoo.sh
2 Replies
15708 Views
Avatar
stanislav ploschansky

Hi!

I have my Python code which want to use in automated action. I can't use it directly because import is prohibited:

forbidden opcode(s) in ... IMPORT_NAME

I can create a module and publish it on GitHib to get our Odoo.sh updated, then install it, but then I stucked again with same problem: i can't use "import" command in action script.

What am I doing wrong? How to create automated action in a way allow to use my python code?

(my use case is very simple: when data changed in monitored model, in Automated Action, OnCreateOrUpdate, I must call my REST API endpoint (doing that by using "import requests") and passing there details of changed data).

Please give me an advice, I'm fully locked between closed doors, looking forward for any hint!

Avatar
Discard
Yenthe Van Ginneken (Mainframe Monkey)

Hi - can you please add the code too? It is hard to help/debug without the code.

ivailo tonev

Hello,

I tried to apply the monkey patch in question because I'm currently learning Odoo and I might need to write more complex code with Python imports in Automation Rules.

However, this monkey patch doesn't seem to work for me. I'm using Odoo 18 with odoo.sh.

Is there any change in the code for Odoo 18?

Thanks :)

Avatar
Denis Ledoux (dle)
Best Answer

`import` is indeed prevented in automated/server actions.

This is expected in Odoo for security concerns: Adding it would mean anyone having the Settings access to your Odoo database would be able to import any Python module, and therefore do about anything they want with your database and server filesystem.

e.g.

import shutil
shutil.rmtree('.')  # Deleting all folders and files of current directory

This is even more problematic when your Odoo server hosts multiple databases: Any administrator of any database would be able to do about anything in all other databases and filestores. It does not apply to Odoo.sh, as each server is isolated and only host one database at a time. But, this behavior is a restriction of the standard Odoo server, which can have multiple databases hosted by the server, and this is therefore important to mention this case.

Why don't you just create a custom module that overrides the `create` and `write` method of the model you want monitored, to contact this REST API endpoint ?
- It will be safer,
- It will scale better as your business/customization grows. Indeed, you will use the versioning of Git and have a history of what is done for which reason by who.

If you still want to be able to use imports in automated actions, which is STRICTLY UNADVISED for the reason stated above, you can create a custom module overriding the `_SAFE_OPCODES` list to add the given opcode `IMPORT_NAME`.
https://github.com/odoo/odoo/blob/d7cfa8c502f27bee5c2fccb35db47b08e3b3804b/odoo/tools/safe_eval.py#L95

Avatar
Discard
Avatar
Chris @ Five Devs
Best Answer

There is a way to do this. 5 years ago it may have been considered bad practice or unadvised. You now not only need to add the _SAFE_OPCODES but you also need to update the _ALLOWED_MODULES otherwise it will throw an import error since Odoo overrides __import__.

You still need a custom module to allow this and I consider it safe. Here is an example of allowing imports for requests and json modules

#your_module/tools/safe_eval.py
import odoo.tools.safe_eval as safe_eval
from opcode import opmap

safe_eval._SAFE_OPCODES.update(set(opmap[x] for x in ['IMPORT_NAME', 'IMPORT_FROM'] if x in opmap))
safe_eval._ALLOWED_MODULES.extend(['requests', 'json'])

This then allows you to do Automated Action > On Creation > Execute Python Code

import requests, json

headers = {"Content-Type": "application/json", "Accept": "application/json"}
url = "https://webhook.site/1234"
json_data = {'name' : record.name, 'date': record.date.strftime('%Y-%m-%d')}
response = requests.post(url, data=json.dumps(json_data), headers=headers)

Note: This is probably not needed in Odoo 17+ due to the ability to execute a webhook.

Avatar
Discard
Related Posts Replies Views Activity
Automated action with python expression Solved
action python automated odoo.sh v12
Avatar
Avatar
6
Mar 24
9531
Automated action : return another action Solved
action python automated
Avatar
Avatar
3
Jul 20
9135
Python expression in Automated Actions Solved
action python automated
Avatar
Avatar
1
Apr 20
13495
Access created/updated row on Python Automated Action
action python automated
Avatar
1
Jul 18
5158
Add a Mailing contact automatically to a mailing list Solved
python automated mailing odoo.sh v12
Avatar
Avatar
Avatar
Avatar
Avatar
12
Apr 24
12857