odoo
/
odoo
2
0
Fork 0
Code Pull Requests Releases Activity

[IMP] website_sale: some access right 

bzr revid: chm@openerp.com-20130806141848-0m2c742tg18p2f04
This commit is contained in:
Christophe Matthieu 2013-08-06 16:18:48 +02:00
parent 67e1d2819b
commit 1a93e8bbca
3 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
addons/website_event/controllers/main.py
View File

@ -62,7 +62,7 @@ class website_event(http.Controller):
domain_search["country"] = [("country_id", "=", int(searches.get("country")))]
def dom_without(without):
domain = [(1, "=", 1)]
domain = SUPERUSER_ID != request.uid and [('website_published', '=', True)] or [(1, "=", 1)]
for key, search in domain_search.items():
if key != without:
domain += search

2
addons/website_mail/controllers/main.py
View File

@ -83,7 +83,7 @@ class website_mail(http.Controller):
url = request.httprequest.host_url
if post.get('body'):
request.session.body = post.get('body')
if request.uid == website.get_public_uid()
if request.uid == website.get_public_uid():
return '%s/admin#action=redirect&url=%s/blog/%s/%s/post' % (url, url, mail_group_id, blog_id)
if 'body' in request.session and request.session.body:

18
addons/website_sale/controllers/main.py
View File

@ -8,7 +8,6 @@ from openerp.addons.web import http
from openerp.addons.web.http import request
def get_order(order_id=None):
website = request.registry['website']
order_obj = request.registry.get('sale.order')
# check if order allready exists
if order_id:
@ -19,9 +18,7 @@ def get_order(order_id=None):
if not order_id:
fields = [k for k, v in order_obj._columns.items()]
order_value = order_obj.default_get(request.cr, openerp.SUPERUSER_ID, fields)
order_value['partner_id'] = openerp.SUPERUSER_ID != website.get_public_uid() and \
request.registry.get('res.users').browse(request.cr, openerp.SUPERUSER_ID, request.uid).partner_id.id or \
None
order_value['partner_id'] = request.registry.get('res.users').browse(request.cr, openerp.SUPERUSER_ID, request.uid).partner_id.id
order_value.update(order_obj.onchange_partner_id(request.cr, openerp.SUPERUSER_ID, [], request.uid, context={})['value'])
order_id = order_obj.create(request.cr, openerp.SUPERUSER_ID, order_value)
return order_obj.browse(request.cr, openerp.SUPERUSER_ID, order_id)
@ -75,9 +72,7 @@ class Ecommerce(http.Controller):
if not order_id:
fields = [k for k, v in order_obj._columns.items()]
order_value = order_obj.default_get(request.cr, openerp.SUPERUSER_ID, fields)
order_value['partner_id'] = openerp.SUPERUSER_ID != request.public_uid and \
request.registry.get('res.users').browse(request.cr, openerp.SUPERUSER_ID, request.uid).partner_id.id or \
None
order_value['partner_id'] = request.registry.get('res.users').browse(request.cr, openerp.SUPERUSER_ID, request.uid).partner_id.id
order_value.update(order_obj.onchange_partner_id(request.cr, openerp.SUPERUSER_ID, [], request.uid, context={})['value'])
order_id = order_obj.create(request.cr, openerp.SUPERUSER_ID, order_value)
return order_obj.browse(request.cr, openerp.SUPERUSER_ID, order_id)
@ -93,6 +88,7 @@ class Ecommerce(http.Controller):
def recommended_product(self, my_pids):
if not my_pids:
return []
product_obj = request.registry.get('product.product')
my_pids = str(my_pids)[1:-1]
product_ids = []
@ -110,7 +106,10 @@ class Ecommerce(http.Controller):
request.cr.execute(query)
for p in request.cr.fetchall():
product_ids.append(p[0])
return request.registry.get('product.product').browse(request.cr, request.uid, product_ids)
# search to apply access rules
product_ids = product_obj.search(request.cr, request.uid, [("id", "in", product_ids)])
return product_obj.browse(request.cr, request.uid, product_ids)
@http.route(['/shop', '/shop/category/<cat_id>', '/shop/category/<cat_id>/page/<page>', '/shop/page/<page>'], type='http', auth="public")
def category(self, cat_id=0, page=0, **post):
@ -119,6 +118,9 @@ class Ecommerce(http.Controller):
product_obj = request.registry.get('product.product')
domain = [("sale_ok", "=", True)]
if openerp.SUPERUSER_ID != request.uid:
domain += [('website_published', '=', True)]
if cat_id:
cat_id = int(cat_id)
domain = [('pos_categ_id.id', 'child_of', cat_id)] + domain