portal.py
18.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
# -*- coding: utf-8 -*-
# Part of Odoo. See LICENSE file for full copyright and licensing details.
import base64
import functools
import json
import logging
import math
import re
from werkzeug import urls
from odoo import fields as odoo_fields, http, tools, _, SUPERUSER_ID
from odoo.exceptions import ValidationError, AccessError, MissingError, UserError, AccessDenied
from odoo.http import content_disposition, Controller, request, route
from odoo.tools import consteq
# --------------------------------------------------
# Misc tools
# --------------------------------------------------
_logger = logging.getLogger(__name__)
def pager(url, total, page=1, step=30, scope=5, url_args=None):
""" Generate a dict with required value to render `website.pager` template. This method compute
url, page range to display, ... in the pager.
:param url : base url of the page link
:param total : number total of item to be splitted into pages
:param page : current page
:param step : item per page
:param scope : number of page to display on pager
:param url_args : additionnal parameters to add as query params to page url
:type url_args : dict
:returns dict
"""
# Compute Pager
page_count = int(math.ceil(float(total) / step))
page = max(1, min(int(page if str(page).isdigit() else 1), page_count))
scope -= 1
pmin = max(page - int(math.floor(scope / 2)), 1)
pmax = min(pmin + scope, page_count)
if pmax - pmin < scope:
pmin = pmax - scope if pmax - scope > 0 else 1
def get_url(page):
_url = "%s/page/%s" % (url, page) if page > 1 else url
if url_args:
_url = "%s?%s" % (_url, urls.url_encode(url_args))
return _url
return {
"page_count": page_count,
"offset": (page - 1) * step,
"page": {
'url': get_url(page),
'num': page
},
"page_first": {
'url': get_url(1),
'num': 1
},
"page_start": {
'url': get_url(pmin),
'num': pmin
},
"page_previous": {
'url': get_url(max(pmin, page - 1)),
'num': max(pmin, page - 1)
},
"page_next": {
'url': get_url(min(pmax, page + 1)),
'num': min(pmax, page + 1)
},
"page_end": {
'url': get_url(pmax),
'num': pmax
},
"page_last": {
'url': get_url(page_count),
'num': page_count
},
"pages": [
{'url': get_url(page_num), 'num': page_num} for page_num in range(pmin, pmax + 1)
]
}
def get_records_pager(ids, current):
if current.id in ids and (hasattr(current, 'website_url') or hasattr(current, 'access_url')):
attr_name = 'access_url' if hasattr(current, 'access_url') else 'website_url'
idx = ids.index(current.id)
return {
'prev_record': idx != 0 and getattr(current.browse(ids[idx - 1]), attr_name),
'next_record': idx < len(ids) - 1 and getattr(current.browse(ids[idx + 1]), attr_name),
}
return {}
def _build_url_w_params(url_string, query_params, remove_duplicates=True):
""" Rebuild a string url based on url_string and correctly compute query parameters
using those present in the url and those given by query_params. Having duplicates in
the final url is optional. For example:
* url_string = '/tandur?foo=bar&error=pay'
* query_params = {'foo': 'bar2', 'alice': 'bob'}
* if remove duplicates: result = '/tandur?foo=bar2&error=pay&alice=bob'
* else: result = '/tandur?foo=bar&foo=bar2&error=pay&alice=bob'
"""
url = urls.url_parse(url_string)
url_params = url.decode_query()
if remove_duplicates: # convert to standard dict instead of werkzeug multidict to remove duplicates automatically
url_params = url_params.to_dict()
url_params.update(query_params)
return url.replace(query=urls.url_encode(url_params)).to_url()
class TandurPortal(Controller):
MANDATORY_BILLING_FIELDS = ["name", "phone", "email", "street", "city", "country_id"]
OPTIONAL_BILLING_FIELDS = ["zipcode", "state_id", "vat", "company_name"]
_items_per_page = 20
def _prepare_portal_layout_values(self):
"""Values for /tandur/* templates rendering.
Does not include the record counts.
"""
# get customer sales rep
sales_user = False
partner = request.env.user.partner_id
if partner.user_id and not partner.user_id._is_public():
sales_user = partner.user_id
return {
'sales_user': sales_user,
'page_name': 'home',
}
def _prepare_home_portal_values(self, counters):
"""Values for /tandur & /tandur/home routes template rendering.
Includes the record count for the displayed badges.
where 'coutners' is the list of the displayed badges
and so the list to compute.
"""
return {}
@route(['/tandur/counters'], type='json', auth="user", website=True)
def counters(self, counters, **kw):
return self._prepare_home_portal_values(counters)
@route(['/tandur', '/tandur/home'], type='http', auth="user", website=True)
def home(self, **kw):
values = self._prepare_portal_layout_values()
return request.render("portal.portal_tandur_home", values)
# @route(['/tandur/account'], type='http', auth='user', website=True)
# def account(self, redirect=None, **post):
# values = self._prepare_portal_layout_values()
# partner = request.env.user.partner_id
# values.update({
# 'error': {},
# 'error_message': [],
# })
#
# if post and request.httprequest.method == 'POST':
# error, error_message = self.details_form_validate(post)
# values.update({'error': error, 'error_message': error_message})
# values.update(post)
# if not error:
# values = {key: post[key] for key in self.MANDATORY_BILLING_FIELDS}
# values.update({key: post[key] for key in self.OPTIONAL_BILLING_FIELDS if key in post})
# for field in set(['country_id', 'state_id']) & set(values.keys()):
# try:
# values[field] = int(values[field])
# except:
# values[field] = False
# values.update({'zip': values.pop('zipcode', '')})
# partner.sudo().write(values)
# if redirect:
# return request.redirect(redirect)
# return request.redirect('/tandur/home')
#
# countries = request.env['res.country'].sudo().search([])
# states = request.env['res.country.state'].sudo().search([])
#
# values.update({
# 'partner': partner,
# 'countries': countries,
# 'states': states,
# 'has_check_vat': hasattr(request.env['res.partner'], 'check_vat'),
# 'redirect': redirect,
# 'page_name': 'tandur_details',
# })
#
# response = request.render("portal.portal_tandur_details", values)
# response.headers['X-Frame-Options'] = 'DENY'
# return response
#
# @route('/tandur/security', type='http', auth='user', website=True, methods=['GET', 'POST'])
# def security(self, **post):
# values = self._prepare_portal_layout_values()
# values['get_error'] = get_error
#
# if request.httprequest.method == 'POST':
# values.update(self._update_password(
# post['old'].strip(),
# post['new1'].strip(),
# post['new2'].strip()
# ))
#
# return request.render('portal.portal_tandur_security', values, headers={
# 'X-Frame-Options': 'DENY'
# })
# def _update_password(self, old, new1, new2):
# for k, v in [('old', old), ('new1', new1), ('new2', new2)]:
# if not v:
# return {'errors': {'password': {k: _("You cannot leave any password empty.")}}}
#
# if new1 != new2:
# return {'errors': {'password': {'new2': _("The new password and its confirmation must be identical.")}}}
#
# try:
# request.env['res.users'].change_password(old, new1)
# except UserError as e:
# return {'errors': {'password': e.name}}
# except AccessDenied as e:
# msg = e.args[0]
# if msg == AccessDenied().args[0]:
# msg = _('The old password you provided is incorrect, your password was not changed.')
# return {'errors': {'password': {'old': msg}}}
#
# # update session token so the user does not get logged out (cache cleared by passwd change)
# new_token = request.env.user._compute_session_token(request.session.sid)
# request.session.session_token = new_token
#
# return {'success': {'password': True}}
@http.route('/portal/attachment/add', type='http', auth='public', methods=['POST'], website=True)
def attachment_add(self, name, file, res_model, res_id, access_token=None, **kwargs):
"""Process a file uploaded from the portal chatter and create the
corresponding `ir.attachment`.
The attachment will be created "pending" until the associated message
is actually created, and it will be garbage collected otherwise.
:param name: name of the file to save.
:type name: string
:param file: the file to save
:type file: werkzeug.FileStorage
:param res_model: name of the model of the original document.
To check access rights only, it will not be saved here.
:type res_model: string
:param res_id: id of the original document.
To check access rights only, it will not be saved here.
:type res_id: int
:param access_token: access_token of the original document.
To check access rights only, it will not be saved here.
:type access_token: string
:return: attachment data {id, name, mimetype, file_size, access_token}
:rtype: dict
"""
try:
self._document_check_access(res_model, int(res_id), access_token=access_token)
except (AccessError, MissingError) as e:
raise UserError(_("The document does not exist or you do not have the rights to access it."))
IrAttachment = request.env['ir.attachment']
access_token = False
# Avoid using sudo or creating access_token when not necessary: internal
# users can create attachments, as opposed to public and portal users.
if not request.env.user.has_group('base.group_user'):
IrAttachment = IrAttachment.sudo().with_context(binary_field_real_user=IrAttachment.env.user)
access_token = IrAttachment._generate_access_token()
# At this point the related message does not exist yet, so we assign
# those specific res_model and res_is. They will be correctly set
# when the message is created: see `portal_chatter_post`,
# or garbage collected otherwise: see `_garbage_collect_attachments`.
attachment = IrAttachment.create({
'name': name,
'datas': base64.b64encode(file.read()),
'res_model': 'mail.compose.message',
'res_id': 0,
'access_token': access_token,
})
return request.make_response(
data=json.dumps(attachment.read(['id', 'name', 'mimetype', 'file_size', 'access_token'])[0]),
headers=[('Content-Type', 'application/json')]
)
@http.route('/portal/attachment/remove', type='json', auth='public')
def attachment_remove(self, attachment_id, access_token=None):
"""Remove the given `attachment_id`, only if it is in a "pending" state.
The user must have access right on the attachment or provide a valid
`access_token`.
"""
try:
attachment_sudo = self._document_check_access('ir.attachment', int(attachment_id),
access_token=access_token)
except (AccessError, MissingError) as e:
raise UserError(_("The attachment does not exist or you do not have the rights to access it."))
if attachment_sudo.res_model != 'mail.compose.message' or attachment_sudo.res_id != 0:
raise UserError(
_("The attachment %s cannot be removed because it is not in a pending state.", attachment_sudo.name))
if attachment_sudo.env['mail.message'].search([('attachment_ids', 'in', attachment_sudo.ids)]):
raise UserError(
_("The attachment %s cannot be removed because it is linked to a message.", attachment_sudo.name))
return attachment_sudo.unlink()
def details_form_validate(self, data):
error = dict()
error_message = []
# Validation
for field_name in self.MANDATORY_BILLING_FIELDS:
if not data.get(field_name):
error[field_name] = 'missing'
# email validation
if data.get('email') and not tools.single_email_re.match(data.get('email')):
error["email"] = 'error'
error_message.append(_('Invalid Email! Please enter a valid email address.'))
# vat validation
partner = request.env.user.partner_id
if data.get("vat") and partner and partner.vat != data.get("vat"):
if partner.can_edit_vat():
if hasattr(partner, "check_vat"):
if data.get("country_id"):
data["vat"] = request.env["res.partner"].fix_eu_vat_number(int(data.get("country_id")),
data.get("vat"))
partner_dummy = partner.new({
'vat': data['vat'],
'country_id': (int(data['country_id'])
if data.get('country_id') else False),
})
try:
partner_dummy.check_vat()
except ValidationError:
error["vat"] = 'error'
else:
error_message.append(
_('Changing VAT number is not allowed once document(s) have been issued for your account. Please '
'contact us directly for this operation.'))
# error message for empty required fields
if [err for err in error.values() if err == 'missing']:
error_message.append(_('Some required fields are empty.'))
unknown = [k for k in data if k not in self.MANDATORY_BILLING_FIELDS + self.OPTIONAL_BILLING_FIELDS]
if unknown:
error['common'] = 'Unknown field'
error_message.append("Unknown field '%s'" % ','.join(unknown))
return error, error_message
def _document_check_access(self, model_name, document_id, access_token=None):
document = request.env[model_name].browse([document_id])
document_sudo = document.with_user(SUPERUSER_ID).exists()
if not document_sudo:
raise MissingError(_("This document does not exist."))
try:
document.check_access_rights('read')
document.check_access_rule('read')
except AccessError:
if not access_token or not document_sudo.access_token or not consteq(document_sudo.access_token,
access_token):
raise
return document_sudo
def _get_page_view_values(self, document, access_token, values, session_history, no_breadcrumbs, **kwargs):
if access_token:
# if no_breadcrumbs = False -> force breadcrumbs even if access_token to `invite` users to register if
# they click on it
values['no_breadcrumbs'] = no_breadcrumbs
values['access_token'] = access_token
values['token'] = access_token # for portal chatter
# Those are used notably whenever the payment form is implied in the portal.
if kwargs.get('error'):
values['error'] = kwargs['error']
if kwargs.get('warning'):
values['warning'] = kwargs['warning']
if kwargs.get('success'):
values['success'] = kwargs['success']
# Email token for posting messages in portal view with identified author
if kwargs.get('pid'):
values['pid'] = kwargs['pid']
if kwargs.get('hash'):
values['hash'] = kwargs['hash']
history = request.session.get(session_history, [])
values.update(get_records_pager(history, document))
return values
def _show_report(self, model, report_type, report_ref, download=False):
if report_type not in ('html', 'pdf', 'text'):
raise UserError(_("Invalid report type: %s", report_type))
report_sudo = request.env.ref(report_ref).with_user(SUPERUSER_ID)
if not isinstance(report_sudo, type(request.env['ir.actions.report'])):
raise UserError(_("%s is not the reference of a report", report_ref))
if hasattr(model, 'company_id'):
report_sudo = report_sudo.with_company(model.company_id)
method_name = '_render_qweb_%s' % (report_type)
report = getattr(report_sudo, method_name)([model.id], data={'report_type': report_type})[0]
reporthttpheaders = [
('Content-Type', 'application/pdf' if report_type == 'pdf' else 'text/html'),
('Content-Length', len(report)),
]
if report_type == 'pdf' and download:
filename = "%s.pdf" % (re.sub('\W+', '-', model._get_report_base_filename()))
reporthttpheaders.append(('Content-Disposition', content_disposition(filename)))
return request.make_response(report, headers=reporthttpheaders)
def get_error(e, path=''):
""" Recursively dereferences `path` (a period-separated sequence of dict
keys) in `e` (an error dict or value), returns the final resolution IIF it's
an str, otherwise returns None
"""
for k in (path.split('.') if path else []):
if not isinstance(e, dict):
return None
e = e.get(k)
return e if isinstance(e, str) else None