Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Бухоблік
Склад
PoS
Проект
MRP

All apps

All Posts Люди Значки

Мітки (View all)

odoo accounting v14 pos v15

Про цей форум

Допомога

Odoo 10 - 403 forbidden error for images for public visitors

security xml odoo10.0

1 Відповісти

8751 Переглядів

youta

Hello,

I'm working on online quotation report customization, to display the products images on the quotation for the customer.

Everything is working just fine except of when the customer click on the quotation link sent by email, it directs him to the quotation but some of products images aren't loaded and it gives 404 forbidden error in the console. However if the customer logged in it will be displayed just fine.

Here's a sample of my code:

<template id="so_custom_quotation_content" inherit_id="website_quote.so_quotation_content" name="Custom Quotation">
        <xpath expr="//div[@class='oe_structure']" position="after">
            <section id="productdetails">
                <t t-foreach="quotation.order_lines_layouted()" t-as="page">
                    <table class="table table-condensed wq-table">
                        <thead>
                            <tr>
                                <th>Product</th>
                                <th></th>
                                <th></th>
                                <th>Description</th>
                            </tr>
                        </thead>
                        <tbody>
                            <t t-foreach="page" t-as="layout_category">
                                <t t-if="layout_category_size > 1 or page_size > 1" groups="sale.group_sale_layout">
                                    <tr class="active">
                                        <td colspan="7" style="font-weight: bold; border-bottom: 1px solid black;">&amp;bull;
                                            <t t-esc="layout_category['name']"/>
                                        </td>
                                    </tr>
                                    <tr></tr>
                                </t>
                                <t t-foreach="layout_category['lines']" t-as="line">
                                    <tr t-attf-class="product-description row-{{line_parity}}">
                                        <td style="padding:20px;" t-foreach="line.product_id" t-as="pro">
                                            <span t-field="pro.image_medium" t-field-options='{"widget": "image","class": "oe_avatar"}' style="padding:20px;"/>
                                        </td>
                                        <td></td>
                                        <td></td>
                                        <td class="colored">
                                            <p t-field="line.name"/>
                                        </td>
                                    </tr>
                                </t>
                            </t>
                        </tbody>
                    </table>
                    <t t-if="page_index &lt; page_size - 1" groups="sale.group_sale_layout">
                        <p style="page-break-before:always;"></p>
                    </t>
                </t>
            </section>
     </xpath>
</template>

Screenshot of the error for unregistered people

Can anyone help me to fix that error. Much appreciation and thanks in advance

PS. I'm using Nginx reverse proxy

Denis Baranov

Найкраща відповідь

The issue is stipulated by access rights of public users to products:

When a user is not logged in, he/she is a "Public user"
Public user has rights to read products (e.g.: look at the 'website_sale' addon, the rule 'access_product_product_public')
Image_medium which you try to show is a computed fields with inverse, what requires more rights

The recommendations (alternatively):

Redefine the functions to compute images, adding 'sudo'
Add the special rights for public users via csv (may be not SAFE)
Keep an image in another model.

Example of the last advise:

class avatar(models.Model):

_name = 'avatar.avatar'

image = fields.Binary(string='Image')

product_id = fields.Many2one('product.product',string='Product')

class product_product(models.Model):

_inherit = 'product.product'

@api.one

@api.depends('image_medium')

def get_avatar(self):

if self.avatar:

self.avatar.image = self.image_medium

else:

avatar_id = self.env['avatar.avatar'].create({'product_id':self.id,'image': self.image_medium})

self.avatar = avatar_id

avatar = fields.Many2one('avatar.avatar',string="Avatar",compute="get_avatar",compute_sudo=True,store=True)

The rule for avatar:

access_avatar_avatar,access_avatar_avatar,model_avatar_avatar,,1,0,1,0

Afterwards, instead of image_medium in your template, use avatar.image

youta

Автор

Perfect, thanks

youta

Автор

Well the presented solution helped me to overcome the 403 forbidden error. Now I'm facing another problem that the images are always cashed in the quotation table, no matter I try to remove or change the original product image, nothing changes in the online quotation. Any advice?

Enjoying the discussion? Don't just read, join in!

Create an account today to enjoy exclusive features and engage with our awesome community!

Реєстрація

Related Posts	Відповіді	Переглядів
Adding bullets in odoo 10 qweb report. xml odoo10.0	0 черв. 22	3409
Setting up rules' Access Right in xml,csv files security xml rules	1 груд. 22	26175
Hiding Attachments button on a specific model's form view in odoo 10. xml python2.7 odoo10.0	0 серп. 22	3264
How to create user Group Application for your module? Вирішено security xml group	6 січ. 21	45995
inherit some group permissions to another group Вирішено security xml odoo11.0	1 груд. 23	11757

Це запитання позначене

Enjoying the discussion? Don't just read, join in!