Skip ke Konten
Pertanyaan ini telah diberikan tanda
securityxmlodoo10.0
1 Balas
8312 Tampilan
Avatar
youta

Hello,

I'm working on online quotation report customization, to display the products images on the quotation for the customer.

Everything is working just fine except of when the customer click on the quotation link sent by email, it directs him to the quotation but some of products images aren't loaded and it gives 404 forbidden error in the console. However if the customer logged in it will be displayed just fine.

Here's a sample of my code:


<template id="so_custom_quotation_content" inherit_id="website_quote.so_quotation_content" name="Custom Quotation">
        <xpath expr="//div[@class='oe_structure']" position="after">
            <section id="productdetails">
                <t t-foreach="quotation.order_lines_layouted()" t-as="page">
                    <table class="table table-condensed wq-table">
                        <thead>
                            <tr>
                                <th>Product</th>
                                <th></th>
                                <th></th>
                                <th>Description</th>
                            </tr>
                        </thead>
                        <tbody>
                            <t t-foreach="page" t-as="layout_category">
                                <t t-if="layout_category_size > 1 or page_size > 1" groups="sale.group_sale_layout">
                                    <tr class="active">
                                        <td colspan="7" style="font-weight: bold; border-bottom: 1px solid black;">&amp;bull;
                                            <t t-esc="layout_category['name']"/>
                                        </td>
                                    </tr>
                                    <tr></tr>
                                </t>
                                <t t-foreach="layout_category['lines']" t-as="line">
                                    <tr t-attf-class="product-description row-{{line_parity}}">
                                        <td style="padding:20px;" t-foreach="line.product_id" t-as="pro">
                                            <span t-field="pro.image_medium" t-field-options='{"widget": "image","class": "oe_avatar"}' style="padding:20px;"/>
                                        </td>
                                        <td></td>
                                        <td></td>
                                        <td class="colored">
                                            <p t-field="line.name"/>
                                        </td>
                                    </tr>
                                </t>
                            </t>
                        </tbody>
                    </table>
                    <t t-if="page_index &lt; page_size - 1" groups="sale.group_sale_layout">
                        <p style="page-break-before:always;"></p>
                    </t>
                </t>
            </section>
     </xpath>
</template>

Screenshot of the error for unregistered people

Can anyone help me to fix that error. Much appreciation and thanks in advance


PS. I'm using Nginx reverse proxy

Avatar
Buang
Avatar
Denis Baranov
Jawaban Terbai

The issue is stipulated by access rights of public users to products:

  1. When a user is not logged in, he/she is a "Public user"

  2. Public user has rights to read products (e.g.: look at the 'website_sale' addon, the rule 'access_product_product_public')

  3. Image_medium which you try to show is a computed fields with inverse, what requires more rights

The recommendations (alternatively):

  1. Redefine the functions to compute images, adding 'sudo'

  2. Add the special rights for public users via csv (may be not SAFE)

  3. Keep an image in another model.

Example of the last advise:

class avatar(models.Model):

    _name = 'avatar.avatar'

   

    image = fields.Binary(string='Image')

    product_id = fields.Many2one('product.product',string='Product')

class product_product(models.Model):

    _inherit = 'product.product'

   

    @api.one

    @api.depends('image_medium')

    def get_avatar(self):

        if self.avatar:

            self.avatar.image = self.image_medium

        else:

            avatar_id = self.env['avatar.avatar'].create({'product_id':self.id,'image': self.image_medium})

            self.avatar = avatar_id

   

    avatar = fields.Many2one('avatar.avatar',string="Avatar",compute="get_avatar",compute_sudo=True,store=True)

The rule for avatar:

access_avatar_avatar,access_avatar_avatar,model_avatar_avatar,,1,0,1,0

Afterwards, instead of image_medium in your template, use avatar.image

Avatar
Buang
youta
Penulis

Perfect, thanks

youta
Penulis

Well the presented solution helped me to overcome the 403 forbidden error. Now I'm facing another problem that the images are always cashed in the quotation table, no matter I try to remove or change the original product image, nothing changes in the online quotation. Any advice?

Post Terkait Replies Tampilan Aktivitas
Adding bullets in odoo 10 qweb report.
xml odoo10.0
Avatar
0
Jun 22
2719
Setting up rules' Access Right in xml,csv files
security xml rules
Avatar
1
Des 22
24775
Hiding Attachments button on a specific model's form view in odoo 10.
xml python2.7 odoo10.0
Avatar
0
Agu 22
2607
How to create user Group Application for your module? Diselesaikan
security xml group
Avatar
Avatar
6
Jan 21
44765
inherit some group permissions to another group Diselesaikan
security xml odoo11.0
Avatar
Avatar
1
Des 23
10848