Community: CMS / eCommerce Experts mailing list archives

expert-website@mail.odoo.com

Re: Can I send a json request from a server action using python?

by
Darrel
- 11/28/2014 13:41:24
Thanks Olivier

I agree completely about the risks of using a synchronous request. The
restricted nature of server actions is something I was unaware of. I
think, rather than break that and allow the requests module to be used
in server actions, I would prefer to implement this in pure python.
Safer than letting all future server actions use whichever python
modules this requires.

I didn't realize a stock.move was something that could fail. If that
makes stock_move::_create() an unreliable place to make this call, how
do I hook into the transaction complete event? If it's as simple is
adding a different method to a different model, could you tell me
which one?

Darrel


On Fri, Nov 28, 2014 at 1:16 AM, Olivier Dony <odo@openerp.com> wrote:
> On 11/27/2014 08:33 PM, Darrel Grant wrote:
>> I'm new to odoo and openerp, and not quite grokking what is possible
>> with python in server actions.
>
> Hi, and welcome to the Odoo mailing-lists :-)
>
>
>> I need to send a json request to another server each time a stock.move
>> is created.
>
>  From an external point of view, sending a synchronous notification for each
> stock.move seems a bit dangerous.
> Firstly, it could significantly slow down the processing of normal flows (or
> cause them to fail, depending on the error handling), due to the network
> roundtrop delays.
> Secondly, kall operations are done inside database transactions that can be
> rolled back fully up to the last second. So you can't push a notification to
> the external world unless you're 100% sure the transaction was committed to
> the
> database.
>
> Maybe you'd like to implement something asynchronous that runs in the
> background to send updates to the other system, and can therefore only see
> completed transactions. It will have less impact on users' operations.
> BTW you might also want to deal with subsequent updates to the stock.move
> records.
>
>
>> So, can I import Kenneth Reitz' requests lib and maybe psycopg2 in
>> case I need to query for anything, and then send the request from
>> there, or am I limited to using just libraries which are already
>> present in the context of the server action?
>
> You can't do that out of the box, because server action code is sandboxed to
> a
> fairly restricted set of "safe" builtins (which does not include the
> `requests`
> module), and it forbids instructions such as `import requests`.
>
> This is a security feature that prevents malicious users to execute
> arbitrary
> system operations on the hosting machine, or otherwise access system
> resources.
>
>
>> One way to achieve this, that I'm quite confident would work, is to
>> have my addon inherit from the stock.move model and add a _create()
>> method and do whatever I need to inside it. I don't yet know enough to
>> see which solution will have undesirable consequences in the future.
>> Plus, given my lack of experience with odoo, it might just be better
>> to thoroughly learn the workings of server actions and automations now
>> instead of later.
>
> You basically need a module that does either:
> 1) Add the `requests` module to the server action sandbox, if you trust the
> customers not to abuse it. Then you can implement this using server actions,
> automated actions or scheduled actions (cron jobs), in a synchronous or
> asynchronous fashion.
> 2) Or indeed, use more specific hooks by inheriting the create() and write()
> of
> stock.move, or write a custom cron job to implement this asynchronously.
>
> First option makes it possible to alter the code at runtime without requires
> a
> module update, but is a bit more "dirty".
> Second option is more specific and flexible, but requires explicit module
> updates whenever you need to alter the behavior.
>
>
>> Apologies if this isn't the right mailing list to ask this question,
>> it seemed the closest fit.
>
> Indeed this could have been posted to the generic "community" list or even
> the
> "community: framework" expert list - it's not website-specific.
>
> Cheers,
>
>
> Olivier
>
> _______________________________________________
> Mailing-List: https://www.odoo.com/groups/community-website-and-ecommerce-65
> Post to: mailto:expert-website@mail.odoo.com
> Unsubscribe: https://www.odoo.com/groups?unsubscribe