콘텐츠로 건너뛰기
메뉴
커뮤니티에 참여하려면 회원 가입을 하시기 바랍니다.
신고된 질문입니다

Hi All,

I found an URL /web/tests​ in Odoo default addon. Now this route is accessible to all internal users. i need to limit this access to some users who belong to a particular security group. 
I tried below steps:

  1. Created a new group
  2. Added some employees to this group
  3. Created a new Record rule for the model of ir.http
  4. In the domain field of the Record rule, i added the desired URL, /web/tests
  5. And i logged in as a user who does not belong to the above-mentioned group.
  6. But still, the user can access the URL.

I need to prevent this.

아바타
취소
베스트 답변

Hi, 

You can try creating a custom decorator and use it in routes,

from odoo import http
from odoo.http import request

class TestController(http.Controller):

@http.route('/web/tests', type='http', auth='user')
@check_user_groups('your_module.your_group')
def tests(self, **kw):

​#Your controller 

Now you have to create the custom decorator,

from functools import wraps
from odoo.exceptions import AccessError

def check_user_groups(group_xml_id):
​def decorator(func):
​@wraps(func)
​def wrapper(self, *args, **kwargs):
​if not request.env.user.has_group(group_xml_id):
​raise AccessError("You do not have access rights to view this page.")
​return func(self, *args, **kwargs)
​return wrapper
​return decorator

this decorator checks if the current user is part of the specified group and manage the access at the route level.

Thanks

아바타
취소
관련 게시물 답글 화면 활동
1
9월 20
4766
0
7월 20
4719
1
7월 19
6471
8
5월 15
4763
0
11월 23
1841