Passa al contenuto
Menu
È necessario essere registrati per interagire con la community.
La domanda è stata contrassegnata
1 Rispondi
2124 Visualizzazioni

Hi All,

I found an URL /web/tests​ in Odoo default addon. Now this route is accessible to all internal users. i need to limit this access to some users who belong to a particular security group. 
I tried below steps:

  1. Created a new group
  2. Added some employees to this group
  3. Created a new Record rule for the model of ir.http
  4. In the domain field of the Record rule, i added the desired URL, /web/tests
  5. And i logged in as a user who does not belong to the above-mentioned group.
  6. But still, the user can access the URL.

I need to prevent this.

Avatar
Abbandona
Risposta migliore

Hi, 

You can try creating a custom decorator and use it in routes,

from odoo import http
from odoo.http import request

class TestController(http.Controller):

@http.route('/web/tests', type='http', auth='user')
@check_user_groups('your_module.your_group')
def tests(self, **kw):

​#Your controller 

Now you have to create the custom decorator,

from functools import wraps
from odoo.exceptions import AccessError

def check_user_groups(group_xml_id):
​def decorator(func):
​@wraps(func)
​def wrapper(self, *args, **kwargs):
​if not request.env.user.has_group(group_xml_id):
​raise AccessError("You do not have access rights to view this page.")
​return func(self, *args, **kwargs)
​return wrapper
​return decorator

this decorator checks if the current user is part of the specified group and manage the access at the route level.

Thanks

Avatar
Abbandona
Post correlati Risposte Visualizzazioni Attività
1
set 20
4790
0
lug 20
4737
1
lug 19
6481
8
mag 15
4772
0
nov 23
1853