Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Financeiro
Inventário
PoS
Projeto
MRP

All apps

Todas as publicações Pessoas Emblemas

Marcadores (Ver tudo)

odoo accounting v14 pos v15

Sobre este fórum

Ajuda

Odoo 10 - 403 forbidden error for images for public visitors

security xml odoo10.0

1 Responder

8744 Visualizações

youta

Hello,

I'm working on online quotation report customization, to display the products images on the quotation for the customer.

Everything is working just fine except of when the customer click on the quotation link sent by email, it directs him to the quotation but some of products images aren't loaded and it gives 404 forbidden error in the console. However if the customer logged in it will be displayed just fine.

Here's a sample of my code:

<template id="so_custom_quotation_content" inherit_id="website_quote.so_quotation_content" name="Custom Quotation">
        <xpath expr="//div[@class='oe_structure']" position="after">
            <section id="productdetails">
                <t t-foreach="quotation.order_lines_layouted()" t-as="page">
                    <table class="table table-condensed wq-table">
                        <thead>
                            <tr>
                                <th>Product</th>
                                <th></th>
                                <th></th>
                                <th>Description</th>
                            </tr>
                        </thead>
                        <tbody>
                            <t t-foreach="page" t-as="layout_category">
                                <t t-if="layout_category_size > 1 or page_size > 1" groups="sale.group_sale_layout">
                                    <tr class="active">
                                        <td colspan="7" style="font-weight: bold; border-bottom: 1px solid black;">&amp;bull;
                                            <t t-esc="layout_category['name']"/>
                                        </td>
                                    </tr>
                                    <tr></tr>
                                </t>
                                <t t-foreach="layout_category['lines']" t-as="line">
                                    <tr t-attf-class="product-description row-{{line_parity}}">
                                        <td style="padding:20px;" t-foreach="line.product_id" t-as="pro">
                                            <span t-field="pro.image_medium" t-field-options='{"widget": "image","class": "oe_avatar"}' style="padding:20px;"/>
                                        </td>
                                        <td></td>
                                        <td></td>
                                        <td class="colored">
                                            <p t-field="line.name"/>
                                        </td>
                                    </tr>
                                </t>
                            </t>
                        </tbody>
                    </table>
                    <t t-if="page_index &lt; page_size - 1" groups="sale.group_sale_layout">
                        <p style="page-break-before:always;"></p>
                    </t>
                </t>
            </section>
     </xpath>
</template>

Screenshot of the error for unregistered people

Can anyone help me to fix that error. Much appreciation and thanks in advance

PS. I'm using Nginx reverse proxy

Denis Baranov

Melhor resposta

The issue is stipulated by access rights of public users to products:

When a user is not logged in, he/she is a "Public user"
Public user has rights to read products (e.g.: look at the 'website_sale' addon, the rule 'access_product_product_public')
Image_medium which you try to show is a computed fields with inverse, what requires more rights

The recommendations (alternatively):

Redefine the functions to compute images, adding 'sudo'
Add the special rights for public users via csv (may be not SAFE)
Keep an image in another model.

Example of the last advise:

class avatar(models.Model):

_name = 'avatar.avatar'

image = fields.Binary(string='Image')

product_id = fields.Many2one('product.product',string='Product')

class product_product(models.Model):

_inherit = 'product.product'

@api.one

@api.depends('image_medium')

def get_avatar(self):

if self.avatar:

self.avatar.image = self.image_medium

else:

avatar_id = self.env['avatar.avatar'].create({'product_id':self.id,'image': self.image_medium})

self.avatar = avatar_id

avatar = fields.Many2one('avatar.avatar',string="Avatar",compute="get_avatar",compute_sudo=True,store=True)

The rule for avatar:

access_avatar_avatar,access_avatar_avatar,model_avatar_avatar,,1,0,1,0

Afterwards, instead of image_medium in your template, use avatar.image

youta

Autor

Perfect, thanks

youta

Autor

Well the presented solution helped me to overcome the 403 forbidden error. Now I'm facing another problem that the images are always cashed in the quotation table, no matter I try to remove or change the original product image, nothing changes in the online quotation. Any advice?

Está gostando da discussão? Não fique apenas lendo, participe!

Crie uma conta hoje mesmo para aproveitar os recursos exclusivos e interagir com nossa incrível comunidade!

Publicações relacionadas	Respostas	Visualizações
Adding bullets in odoo 10 qweb report. xml odoo10.0	0 jun. 22	3406
Setting up rules' Access Right in xml,csv files security xml rules	1 dez. 22	26158
Hiding Attachments button on a specific model's form view in odoo 10. xml python2.7 odoo10.0	0 ago. 22	3261
How to create user Group Application for your module? Resolvido security xml group	6 jan. 21	45977
inherit some group permissions to another group Resolvido security xml odoo11.0	1 dez. 23	11749

Esta pergunta foi sinalizada

Está gostando da discussão? Não fique apenas lendo, participe!